Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-up ads appearing constantly


  • This topic is locked This topic is locked
19 replies to this topic

#1 sweetmagee

sweetmagee

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 26 October 2012 - 06:48 AM

I'm running XP and for the past couple of weeks I've kept getting pop-up ads appearing on the left, right or both sides of the lower half of my screen when browsing the net. Must have picked something up somewhere and I've run various scans starting with standard AVG and Malwarebytes and then several other programs I've seen mentioned on the forums here - Super AntiSpyware, Mini Toolo Box etc. Nothing seems to get rid of the ads.

I'm usually pretty good at getting rid of stuff like this but I'm totally stumped this time.

Would really appreciate some help if possible - have hopefully attached a screen shot showing the ads on each side with the little white crosses in black circles at the top right of each one.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 26 October 2012 - 07:39 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 sweetmagee

sweetmagee
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 26 October 2012 - 08:22 AM

Thanks for your help with this !

Followed instructions but when I ran Security Check no file called checkup.txt appeared - don't know why ?

Here's the the DDS reports, attach.txt followed by

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 14/12/2006 17:42:02
System Uptime: 26/10/2012 08:48:12 (6 hours ago)
.
Motherboard: Dell Inc. | | 0WG855
Processor: Intel® Core™2 CPU 6400 @ 2.13GHz | Microprocessor | 2128/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 293 GiB total, 74.454 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP704: 28/07/2012 21:47:57 - System Checkpoint
RP705: 29/07/2012 22:36:39 - System Checkpoint
RP706: 31/07/2012 10:14:04 - System Checkpoint
RP707: 01/08/2012 10:21:29 - System Checkpoint
RP708: 01/08/2012 12:30:03 - Installed Pro Evolution Soccer 2013 DEMO.
RP709: 02/08/2012 18:17:42 - System Checkpoint
RP710: 03/08/2012 10:24:16 - Installed DirectX
RP711: 04/08/2012 10:35:13 - System Checkpoint
RP712: 05/08/2012 11:12:19 - System Checkpoint
RP713: 06/08/2012 12:11:34 - System Checkpoint
RP714: 07/08/2012 12:52:55 - System Checkpoint
RP715: 08/08/2012 17:34:08 - System Checkpoint
RP716: 09/08/2012 18:37:45 - System Checkpoint
RP717: 10/08/2012 19:18:50 - System Checkpoint
RP718: 11/08/2012 12:16:06 - Installed DirectX
RP719: 11/08/2012 12:43:48 - Software Distribution Service 3.0
RP720: 11/08/2012 16:44:55 - Installed The Sims 3
RP721: 11/08/2012 16:59:17 - Installed The Sims 3
RP722: 12/08/2012 20:06:12 - System Checkpoint
RP723: 13/08/2012 20:25:39 - System Checkpoint
RP724: 14/08/2012 11:57:26 - Printer Driver Send To Microsoft OneNote Driver Installed
RP725: 14/08/2012 16:20:55 - AVG Regisry Defrag - before defragmentation
RP726: 14/08/2012 17:25:52 - Restore Operation
RP727: 15/08/2012 19:46:55 - System Checkpoint
RP728: 16/08/2012 07:51:59 - Software Distribution Service 3.0
RP729: 17/08/2012 08:54:49 - System Checkpoint
RP730: 18/08/2012 10:21:28 - System Checkpoint
RP731: 19/08/2012 10:59:17 - System Checkpoint
RP732: 20/08/2012 16:13:33 - System Checkpoint
RP733: 21/08/2012 18:40:47 - System Checkpoint
RP734: 22/08/2012 18:46:58 - System Checkpoint
RP735: 23/08/2012 20:54:42 - System Checkpoint
RP736: 25/08/2012 11:19:00 - System Checkpoint
RP737: 26/08/2012 11:30:25 - System Checkpoint
RP738: 27/08/2012 14:05:59 - System Checkpoint
RP739: 28/08/2012 20:01:31 - System Checkpoint
RP740: 29/08/2012 20:29:25 - System Checkpoint
RP741: 30/08/2012 21:17:39 - System Checkpoint
RP742: 31/08/2012 22:05:35 - System Checkpoint
RP743: 02/09/2012 07:08:49 - System Checkpoint
RP744: 03/09/2012 16:36:19 - System Checkpoint
RP745: 04/09/2012 18:05:43 - System Checkpoint
RP746: 05/09/2012 20:42:23 - System Checkpoint
RP747: 06/09/2012 21:25:55 - System Checkpoint
RP748: 07/09/2012 21:32:41 - System Checkpoint
RP749: 09/09/2012 10:46:12 - System Checkpoint
RP750: 10/09/2012 13:43:15 - System Checkpoint
RP751: 11/09/2012 18:55:42 - System Checkpoint
RP752: 12/09/2012 19:06:00 - System Checkpoint
RP753: 13/09/2012 07:21:47 - Software Distribution Service 3.0
RP754: 13/09/2012 19:09:39 - Installed DirectX
RP755: 14/09/2012 20:03:42 - System Checkpoint
RP756: 15/09/2012 20:57:07 - System Checkpoint
RP757: 17/09/2012 09:40:10 - System Checkpoint
RP758: 18/09/2012 12:15:26 - System Checkpoint
RP759: 19/09/2012 08:49:12 - Installed EMET
RP760: 19/09/2012 22:18:57 - Installed Pro Evolution Soccer 2013.
RP761: 20/09/2012 05:29:46 - Installed Pro Evolution Soccer 2013.
RP762: 21/09/2012 08:16:46 - System Checkpoint
RP763: 21/09/2012 15:57:17 - Software Distribution Service 3.0
RP764: 22/09/2012 16:27:38 - System Checkpoint
RP765: 23/09/2012 03:00:24 - Software Distribution Service 3.0
RP766: 24/09/2012 19:04:58 - System Checkpoint
RP767: 25/09/2012 19:46:23 - System Checkpoint
RP768: 26/09/2012 20:19:35 - System Checkpoint
RP769: 27/09/2012 21:06:53 - System Checkpoint
RP770: 29/09/2012 09:24:49 - System Checkpoint
RP771: 30/09/2012 10:01:06 - System Checkpoint
RP772: 01/10/2012 12:51:43 - System Checkpoint
RP773: 02/10/2012 16:34:01 - System Checkpoint
RP774: 03/10/2012 17:06:39 - System Checkpoint
RP775: 03/10/2012 19:00:49 - Installed AVG 2013
RP776: 03/10/2012 19:00:57 - Removed AVG 2012
RP777: 03/10/2012 19:01:43 - Installed AVG 2013
RP778: 03/10/2012 19:19:47 - Removed AVG 2012
RP779: 04/10/2012 19:22:27 - System Checkpoint
RP780: 05/10/2012 03:00:25 - Software Distribution Service 3.0
RP781: 06/10/2012 07:39:45 - System Checkpoint
RP782: 07/10/2012 08:07:08 - System Checkpoint
RP783: 08/10/2012 19:27:01 - System Checkpoint
RP784: 09/10/2012 20:21:05 - System Checkpoint
RP785: 10/10/2012 21:13:06 - System Checkpoint
RP786: 11/10/2012 05:32:12 - Software Distribution Service 3.0
RP787: 12/10/2012 09:24:22 - System Checkpoint
RP788: 20/10/2012 10:32:19 - System Checkpoint
RP789: 21/10/2012 10:37:17 - System Checkpoint
RP790: 22/10/2012 11:22:46 - System Checkpoint
RP791: 23/10/2012 18:55:07 - System Checkpoint
RP792: 24/10/2012 19:24:58 - System Checkpoint
RP793: 25/10/2012 20:25:38 - System Checkpoint
.
==== Hosts File Hijack ======================
.
Hosts: 72.29.93.243 www.google-analytics.com.
Hosts: 72.29.93.243 ad-emea.doubleclick.net.
Hosts: 72.29.93.243 www.statcounter.com.
Hosts: 64.27.10.42 www.google-analytics.com.
Hosts: 64.27.10.42 ad-emea.doubleclick.net.
Hosts: 64.27.10.42 www.statcounter.com.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================


Here's dds.txt...

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Jeff Trice at 14:08:41 on 2012-10-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.721 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.1.0\ToolbarUpdater.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Creative\Creative Centrale\CTUPnPFn.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\EMET\EMET_notifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Documents and Settings\Jeff Trice\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Creative\Shared Files\AVCMANU.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.co.uk/
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000&st=18&barid={326462F8-5D97-43B7-A61F-E023570EDF14}
uProxyServer = hxxp=127.0.0.1:6092
uProxyOverride = <local>
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.1.0.3\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SweetIM Toolbar Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Freecorder Toolbar: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - c:\program files\freecorder\tbFre1.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.1.0.3\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
uRun: [msnmsgr] ~"c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [IE New Window Maximizer] c:\program files\ie new window maximizer\iemaximizer.exe
uRun: [SoftAuto.exe] "c:\program files\creative\software update 3\SoftAuto.exe"
uRun: [MediaGet2] c:\documents and settings\jeff trice\local settings\application data\mediaget2\mediaget.exe --minimized
uRun: [ABBYY Screenshot Reader Retail] <no file>
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCFtime.dll,_RunDLLEntry@16
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [EMET Notifier] c:\program files\emet\EMET_notifier.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-System: EnableProfileQuota = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: hotmail.com
Trusted Zone: live.com
Trusted Zone: msn.com
Trusted Zone: passport.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1344685261125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://cccportal.canterbury.gov.uk/dana-cached/setup/JuniperSetupSP1.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: Interfaces\{8C9AE844-8B1A-4B4D-AA74-9A1962C76571} : NameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.1.0\ViProtocol.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe
Hosts: 72.29.93.243 www.google-analytics.com.
Hosts: 72.29.93.243 ad-emea.doubleclick.net.
Hosts: 72.29.93.243 www.statcounter.com.
Hosts: 64.27.10.42 www.google-analytics.com.
Hosts: 64.27.10.42 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 55008]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 93536]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 177504]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-10-3 26984]
R1 NEOFLTR_550_12491;Juniper Networks TDI Filter Driver (NEOFLTR_550_12491);c:\windows\system32\drivers\NEOFLTR_550_12491.sys [2007-12-26 64144]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;c:\program files\abbyy screenshot reader\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-10-2 5783672]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-2 193568]
R2 CTUPnPSv;Creative Centrale Media Server;c:\program files\creative\creative centrale\CTUPnPSv.exe [2008-5-21 64000]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-6 55152]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-7-14 13824]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-9-15 88576]
R2 vToolbarUpdater13.1.0;vToolbarUpdater13.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.1.0\ToolbarUpdater.exe [2012-10-3 711112]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-7-14 13696]
S0 fyspmg;fyspmg; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-8-29 136176]
S2 PEVSystemStart;PEVSystemStart;"c:\combofix\pev.cfxxe" exec /i "c:\combofix\hidec.exe" "c:\combofix\swreg.exe" acl "hkey_local_machine\system\currentcontrolset\enum\root\legacy_beep" /reset /q --> c:\combofix\PEV.cfxxe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250808]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-22 947528]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-8-29 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-11-23 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 xlink;XLink Driver (xlink.sys);c:\windows\system32\drivers\xlink.sys [2007-3-23 19677]
S4 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S4 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2012-7-1 2560]
.
=============== File Associations ===============
.
ShellExec: switch.exe: Convert with Switch Sound File Converter="c:\program files\nch swift sound\switch\switch" "%L"
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-10-26 11:38:14 5018 --sha-w- c:\windows\system32\KGyGaAvL.sys
2012-10-09 14:24:17 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 14:24:17 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-02 02:30:38 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-29 18:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 06:42:44 7073 --sha-w- c:\windows\system32\mmf.sys
2012-09-21 02:46:06 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-21 02:46:00 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-09-21 02:45:54 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-09-21 02:45:52 55008 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-14 02:05:20 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-09-13 02:11:20 177504 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-14 15:28:22 7073 --sha-w- c:\windows\system32\mmf(2).sys
2009-10-13 17:50:29 19620 ----a-w- c:\program files\common files\cavu.vbs
2008-03-09 21:34:50 2293848 ----a-w- c:\program files\FLV PlayerFCSetup.exe
.
============= FINISH: 14:09:48.76 ===============

...hope that's ok but not sure what do about the checkup.txt file that didn't show up ?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 26 October 2012 - 01:00 PM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 sweetmagee

sweetmagee
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 26 October 2012 - 02:19 PM

Here's the Adw cleaner result, changed the references to my name in the file to 'My Name'...

# AdwCleaner v2.005 - Logfile created 10/26/2012 at 20:04:51
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : My Name - JEFFHOME
# Boot Mode : Normal
# Running from : C:\Documents and Settings\My Name\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
Folder Deleted : C:\DOCUME~1\JEFFTR~1\LOCALS~1\Temp\avg@toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\BasicScan
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SweetIM
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Freecorder
Folder Deleted : C:\Documents and Settings\My Name\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\My Name\Application Data\BabylonToolbar
Folder Deleted : C:\Documents and Settings\My Name\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\My Name\Application Data\searchquband
Folder Deleted : C:\Documents and Settings\My Name\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\My Name\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\My Name\Local Settings\Application Data\Freecorder
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\BasicScan
Folder Deleted : C:\Program Files\Freecorder
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\Smartdl
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\Windows Searchqu Toolbar
Folder Deleted : C:\WINDOWS\system32\TempDir

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\PricePeep
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\conduitEngine
Key Deleted : HKCU\Software\Freecorder
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2830582
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freecorder
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BasicScan
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Freecorder Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\webHancer Agent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\RelevantKnowledge\rlvknlg.exe]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000&st=18&barid={326462F8-5D97-43B7-A61F-E023570EDF14} --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={4C5E66B3-67DB-4332-80AA-C997EE98F35B}&mid=Unknown&lang=en&ds=AVG&pr=fr&d=2012-06-04 09:17:54&v=11.0.0.9&sap=nt --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\My Name\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [15506 octets] - [26/10/2012 20:04:51]

########## EOF - C:\AdwCleaner[S1].txt - [15567 octets] ##########


Rogue Killer report - the program crashed after I clicked to delete the problems it had found. Tried three times with same result......

RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : My Name [Admin rights]
Mode : Scan -- Date : 10/26/2012 20:13:00

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 245 ¤¤¤
[Services][LOCK] HKLM\[...]\ControlSet001\Services\geyekrlegrmiay (geyekrlegrmiay.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\GoogleDesktopManager (GoogleDesktopManager.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Gpc (Gpc.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\gusvc (gusvc.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\hcwPP2 (hcwPP2.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\HDAudBus (HDAudBus.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\helpsvc (helpsvc.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\HidServ (HidServ.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\HidUsb (HidUsb.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\hnmwrlspkt (hnmwrlspkt.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\hpn (hpn.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\HTTP (HTTP.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\HTTPFilter (HTTPFilter.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\i2omgmt (i2omgmt.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\i2omp (i2omp.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\i8042prt (i8042prt.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\IAANTMON (IAANTMON.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\iastor (iastor.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Imapi (Imapi.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\ImapiService (ImapiService.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\InCDFs (InCDFs.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\InCDPass (InCDPass.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\InCDRm (InCDRm.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\inetaccs (inetaccs.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\ini910u (ini910u.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Inport (Inport.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\IntelIde (IntelIde.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\intelppm (intelppm.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Ip6Fw (Ip6Fw.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\IpFilterDriver (IpFilterDriver.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\IpInIp (IpInIp.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\IpNat (IpNat.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\IPSec (IPSec.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\IRENUM (IRENUM.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\ISAPISearch (ISAPISearch.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\isapnp (isapnp.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\JavaQuickStarterService (JavaQuickStarterService.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Kbdclass (Kbdclass.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\kbdhid (kbdhid.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\kmixer (kmixer.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\KSecDD (KSecDD.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\lanmanserver (lanmanserver.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\lanmanworkstation (lanmanworkstation.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\lbrtfdc (lbrtfdc.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\ldap (ldap.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\LicCtrlService (LicCtrlService.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\LicenseService (LicenseService.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\lirsgt (lirsgt.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\LmHosts (LmHosts.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\McrdSvc (McrdSvc.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\MDM (MDM.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Messenger (Messenger.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\MHN (MHN.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\MHNDRV (MHNDRV.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Microsoft Office Groove Audit Service (Microsoft Office Groove Audit Service.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\mnmdd (mnmdd.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\mnmsrvc (mnmsrvc.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Modem (Modem.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\monfilt (monfilt.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Mouclass (Mouclass.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\mouhid (mouhid.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\MountMgr (MountMgr.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\mraid35x (mraid35x.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\MRxDAV (MRxDAV.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\MRxSmb (MRxSmb.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\MSDTC (MSDTC.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Msfs (Msfs.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\MSIServer (MSIServer.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\MSKSSRV (MSKSSRV.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\MSPCLOCK (MSPCLOCK.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\MSPQM (MSPQM.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\mssmbios (mssmbios.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\MSTEE (MSTEE.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Mup (Mup.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\NABTSFEC (NABTSFEC.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\NAL (NAL.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\NDIS (NDIS.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\NdisIP (NdisIP.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\NdisTapi (NdisTapi.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Ndisuio (Ndisuio.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\NdisWan (NdisWan.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\NDProxy (NDProxy.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\NEOFLTR_550_12491 (NEOFLTR_550_12491.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\NetBIOS (NetBIOS.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\NetBT (NetBT.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\NetDDE (NetDDE.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\NetDDEdsdm (NetDDEdsdm.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Netlogon (Netlogon.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Netman (Netman.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Nla (Nla.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Npfs (Npfs.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Ntfs (Ntfs.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\NtLmSsp (NtLmSsp.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\NtmsSvc (NtmsSvc.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Null (Null.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\nv (nv.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\NwlnkFlt (NwlnkFlt.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\NwlnkFwd (NwlnkFwd.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\odserv (odserv.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\ose (ose.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\ossrv (ossrv.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Outlook (Outlook.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Packet (Packet.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Parport (Parport.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\PartMgr (PartMgr.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\ParVdm (ParVdm.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\PCI (PCI.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\PCIDump (PCIDump.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\PCIIde (PCIIde.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Pcmcia (Pcmcia.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\PDCOMP (PDCOMP.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\PDFRAME (PDFRAME.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\PDRELI (PDRELI.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\PDRFRAME (PDRFRAME.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\perc2 (perc2.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\perc2hib (perc2hib.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\PerfDisk (PerfDisk.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\PerfNet (PerfNet.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\PerfOS (PerfOS.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\PerfProc (PerfProc.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\PlugPlay (PlugPlay.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\PolicyAgent (PolicyAgent.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\PptpMiniport (PptpMiniport.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\ProtectedStorage (ProtectedStorage.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\ProtexisLicensing (ProtexisLicensing.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\PSched (PSched.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Ptilink (Ptilink.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\PxHelp20 (PxHelp20.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\ql1080 (ql1080.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Ql10wnt (Ql10wnt.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\ql12160 (ql12160.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\ql1240 (ql1240.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\ql1280 (ql1280.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\RasPppoe (RasPppoe.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Raspti (Raspti.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Rdbss (Rdbss.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\RDPCDD (RDPCDD.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\RDPDD (RDPDD.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\rdpdr (rdpdr.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\RDPNP (RDPNP.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\RDPWD (RDPWD.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\RDSessMgr (RDSessMgr.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\redbook (redbook.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\RemoteAccess (RemoteAccess.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\RemoteRegistry (RemoteRegistry.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\RpcLocator (RpcLocator.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\RpcSs (RpcSs.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\RSVP (RSVP.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\SamSs (SamSs.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\SCardSvr (SCardSvr.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Schedule (Schedule.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\SeaPort (SeaPort.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Secdrv (Secdrv.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\seclogon (seclogon.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\SENS (SENS.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\serenum (serenum.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Serial (Serial.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Sfloppy (Sfloppy.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\SharedAccess (SharedAccess.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\ShellHWDetection (ShellHWDetection.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Simbad (Simbad.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\sisagp (sisagp.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\SLIP (SLIP.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Sparrow (Sparrow.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\splitter (splitter.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Spooler (Spooler.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\sptd (sptd.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\sr (sr.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\srservice (srservice.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Srv (Srv.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\SSDPSRV (SSDPSRV.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\ss_bus (ss_bus.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\ss_mdfl (ss_mdfl.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\ss_mdm (ss_mdm.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\STHDA (STHDA.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\stisvc (stisvc.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\streamip (streamip.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\swenum (swenum.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\swmidi (swmidi.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\SwPrv (SwPrv.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\symc810 (symc810.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\symc8xx (symc8xx.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\sym_hi (sym_hi.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\sym_u3 (sym_u3.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\sysaudio (sysaudio.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\SysmonLog (SysmonLog.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\TapiSrv (TapiSrv.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Tcpip (Tcpip.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\TDPIPE (TDPIPE.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\TDTCP (TDTCP.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\TermDD (TermDD.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\TermService (TermService.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Themes (Themes.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\TlntSvr (TlntSvr.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\TosIde (TosIde.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\TrkWks (TrkWks.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\TSDDD (TSDDD.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Udfs (Udfs.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\ultra (ultra.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Update (Update.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\upnphost (upnphost.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\UPS (UPS.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\usbaudio (usbaudio.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\usbccgp (usbccgp.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\usbehci (usbehci.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\usbhub (usbhub.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\usbprint (usbprint.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\usbscan (usbscan.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\USBSTOR (USBSTOR.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\usbuhci (usbuhci.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\VgaSave (VgaSave.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\ViaIde (ViaIde.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\VolSnap (VolSnap.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\VSS (VSS.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\VxD (VxD.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\w32time (w32time.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\W3SVC (W3SVC.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Wanarp (Wanarp.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\wanatw (wanatw.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\wanusb (wanusb.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\WDICA (WDICA.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\wdmaud (wdmaud.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\WebClient (WebClient.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\winmgmt (winmgmt.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Winsock (Winsock.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\WinSock2 (WinSock2.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\WinTrust (WinTrust.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\WmdmPmSN (WmdmPmSN.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\Wmi (Wmi.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\WmiApRpl (WmiApRpl.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\WmiApSrv (WmiApSrv.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\WS2IFSL (WS2IFSL.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\wscsvc (wscsvc.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\wsppkt (wsppkt.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\WSTCODEC (WSTCODEC.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\wuauserv (wuauserv.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\WZCSVC (WZCSVC.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\xlink (xlink.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\xmlprov (xmlprov.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\{8C9AE844-8B1A-4B4D-AA74-9A1962C76571} ({8C9AE844-8B1A-4B4D-AA74-9A1962C76571}.sys) -> FOUND
[Services][LOCK] HKLM\[...]\ControlSet001\Services\{D45449FF-5F36-4612-A12B-B8934970496F} ({D45449FF-5F36-4612-A12B-B8934970496F}.sys) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:6092) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{BDD710D8-85EC-4E97-9D2A-ED943F622BAF} : NameServer (194.72.9.38 194.74.65.68) -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[177] : NtQueryValueKey @ 0x8062231A -> HOOKED (\??\C:\WINDOWS\system32\drivers\avgtpx86.sys @ 0xBA1B91EA)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
72.29.93.243 www.google-analytics.com.
72.29.93.243 ad-emea.doubleclick.net.
72.29.93.243 www.statcounter.com.
64.27.10.42 www.google-analytics.com.
64.27.10.42 ad-emea.doubleclick.net.
64.27.10.42 www.statcounter.com.


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ARRAY +++++
--- User ---
[MBR] 90af2cafcbe18f4cb7a2676a49c6ce78
[BSP] 0865dbc3033a5b0d1557ae0b87d99f0b : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 128520 | Size: 300348 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 615241305 | Size: 4753 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt


...........should also report that haven't seen the pop-up adverts in the past 15 minutes so hopefully that's a sign the problem's gone / nearly gone !

Massively appreciate your help so far !!

#6 sweetmagee

sweetmagee
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 26 October 2012 - 02:22 PM

...spoke too soon, first site I went on after that message and I got the pop-up appearing.

Don't know if it helps but the adverts never appear when I'm browsing 'major' websites like Facebook, BBC etc and there's certain ones, including one I run myself, that never seem to be affected. Not sure why that is but thought I'd mention it.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 26 October 2012 - 04:45 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 sweetmagee

sweetmagee
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 27 October 2012 - 02:03 AM

Ran Combofix and screens appeared about it backing up registry files etc. When the green progress bar reached the end and the scan stopped Combofix just disappeared and no log / report appeared. Tried restarting my machine and trying again and the same thing happened.

Checked after reboot and I've still got the pop-up adverts appearing - there's one on screen now as I'm typing this !

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 27 October 2012 - 02:17 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 sweetmagee

sweetmagee
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 27 October 2012 - 03:14 AM

TDSS Killer log...

08:50:00.0359 4120 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
08:50:00.0671 4120 ============================================================
08:50:00.0671 4120 Current date / time: 2012/10/27 08:50:00.0671
08:50:00.0671 4120 SystemInfo:
08:50:00.0671 4120
08:50:00.0671 4120 OS Version: 5.1.2600 ServicePack: 3.0
08:50:00.0671 4120 Product type: Workstation
08:50:00.0671 4120 ComputerName: JEFFHOME
08:50:00.0671 4120 UserName: Jeff Trice
08:50:00.0671 4120 Windows directory: C:\WINDOWS
08:50:00.0671 4120 System windows directory: C:\WINDOWS
08:50:00.0671 4120 Processor architecture: Intel x86
08:50:00.0671 4120 Number of processors: 2
08:50:00.0671 4120 Page size: 0x1000
08:50:00.0671 4120 Boot type: Normal boot
08:50:00.0671 4120 ============================================================
08:50:02.0609 4120 Drive \Device\Harddisk0\DR0 - Size: 0x4A81300000 (298.02 Gb), SectorSize: 0x200, Cylinders: 0x97F7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:50:02.0609 4120 ============================================================
08:50:02.0609 4120 \Device\Harddisk0\DR0:
08:50:02.0625 4120 MBR partitions:
08:50:02.0625 4120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x24A9E051
08:50:02.0625 4120 ============================================================
08:50:02.0718 4120 C: <-> \Device\Harddisk0\DR0\Partition1
08:50:02.0734 4120 ============================================================
08:50:02.0734 4120 Initialize success
08:50:02.0734 4120 ============================================================
08:50:04.0812 5904 ============================================================
08:50:04.0812 5904 Scan started
08:50:04.0812 5904 Mode: Manual;
08:50:04.0812 5904 ============================================================
08:50:07.0984 5904 ================ Scan system memory ========================
08:50:07.0984 5904 System memory - ok
08:50:07.0984 5904 ================ Scan services =============================
08:50:08.0062 5904 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
08:50:08.0062 5904 !SASCORE - ok
08:50:08.0156 5904 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.ScreenshotReader.9.0 C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe
08:50:08.0406 5904 ABBYY.Licensing.FineReader.ScreenshotReader.9.0 - ok
08:50:08.0484 5904 Abiosdsk - ok
08:50:08.0500 5904 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
08:50:08.0531 5904 abp480n5 - ok
08:50:08.0562 5904 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:50:08.0578 5904 ACPI - ok
08:50:08.0593 5904 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
08:50:08.0593 5904 ACPIEC - ok
08:50:08.0671 5904 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:50:08.0687 5904 AdobeFlashPlayerUpdateSvc - ok
08:50:08.0718 5904 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
08:50:08.0750 5904 adpu160m - ok
08:50:08.0765 5904 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
08:50:08.0781 5904 aec - ok
08:50:08.0812 5904 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
08:50:08.0828 5904 AFD - ok
08:50:08.0859 5904 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
08:50:08.0859 5904 agp440 - ok
08:50:08.0890 5904 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
08:50:08.0890 5904 agpCPQ - ok
08:50:08.0921 5904 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
08:50:08.0921 5904 Aha154x - ok
08:50:08.0937 5904 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
08:50:08.0937 5904 aic78u2 - ok
08:50:08.0953 5904 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
08:50:08.0953 5904 aic78xx - ok
08:50:08.0984 5904 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
08:50:09.0015 5904 Alerter - ok
08:50:09.0031 5904 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
08:50:09.0031 5904 ALG - ok
08:50:09.0062 5904 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
08:50:09.0062 5904 AliIde - ok
08:50:09.0093 5904 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
08:50:09.0093 5904 alim1541 - ok
08:50:09.0109 5904 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
08:50:09.0109 5904 amdagp - ok
08:50:09.0125 5904 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
08:50:09.0125 5904 amsint - ok
08:50:09.0156 5904 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
08:50:09.0171 5904 AppMgmt - ok
08:50:09.0187 5904 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
08:50:09.0203 5904 asc - ok
08:50:09.0218 5904 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
08:50:09.0218 5904 asc3350p - ok
08:50:09.0234 5904 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
08:50:09.0234 5904 asc3550 - ok
08:50:09.0343 5904 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
08:50:09.0406 5904 aspnet_state - ok
08:50:09.0437 5904 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:50:09.0437 5904 AsyncMac - ok
08:50:09.0468 5904 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
08:50:09.0484 5904 atapi - ok
08:50:09.0484 5904 Atdisk - ok
08:50:09.0546 5904 [ C23082B890F21267037CA6111C385FF3 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
08:50:09.0562 5904 Ati HotKey Poller - ok
08:50:09.0609 5904 [ F5FC6AC1E7BC776871361D463FC86BE2 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
08:50:09.0656 5904 ati2mtag - ok
08:50:09.0687 5904 [ 6E996CF8459A2594E0E9609D0E34D41F ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
08:50:09.0703 5904 atksgt - ok
08:50:09.0718 5904 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:50:09.0718 5904 Atmarpc - ok
08:50:09.0750 5904 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
08:50:09.0750 5904 AudioSrv - ok
08:50:09.0781 5904 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
08:50:09.0812 5904 audstub - ok
08:50:10.0109 5904 [ EE651D98B03FE3C075CCC58AB61C9287 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
08:50:10.0140 5904 AVG Security Toolbar Service - ok
08:50:10.0593 5904 [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
08:50:11.0046 5904 AVGIDSAgent - ok
08:50:11.0062 5904 [ 2F47851015D8837976E481F6DAA46A67 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
08:50:11.0156 5904 AVGIDSDriver - ok
08:50:11.0203 5904 [ 303BDE0DCDC04CE597C6C1CD06C6F186 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
08:50:11.0203 5904 AVGIDSHX - ok
08:50:11.0250 5904 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
08:50:11.0265 5904 AVGIDSShim - ok
08:50:11.0312 5904 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
08:50:11.0328 5904 Avgldx86 - ok
08:50:11.0375 5904 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
08:50:11.0390 5904 Avglogx - ok
08:50:11.0437 5904 [ 6DF7236D3A16C8417FF72F2EB2ADD244 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
08:50:11.0468 5904 Avgmfx86 - ok
08:50:11.0500 5904 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
08:50:11.0500 5904 Avgrkx86 - ok
08:50:11.0531 5904 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
08:50:11.0546 5904 Avgtdix - ok
08:50:11.0593 5904 [ A4B2D9B833A00FCDA09027641400AB54 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
08:50:11.0640 5904 avgtp - ok
08:50:11.0687 5904 [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
08:50:11.0703 5904 avgwd - ok
08:50:11.0734 5904 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
08:50:11.0734 5904 Beep - ok
08:50:11.0781 5904 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
08:50:12.0062 5904 BITS - ok
08:50:12.0093 5904 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
08:50:12.0093 5904 Browser - ok
08:50:12.0125 5904 [ 3DE014DFC14E8530F3A85572E2763446 ] C-DillaCdaC11BA C:\WINDOWS\system32\drivers\CDAC11BA.EXE
08:50:12.0125 5904 C-DillaCdaC11BA - ok
08:50:12.0156 5904 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
08:50:12.0156 5904 cbidf - ok
08:50:12.0156 5904 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
08:50:12.0156 5904 cbidf2k - ok
08:50:12.0187 5904 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:50:12.0187 5904 CCDECODE - ok
08:50:12.0203 5904 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
08:50:12.0203 5904 cd20xrnt - ok
08:50:12.0234 5904 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
08:50:12.0234 5904 Cdaudio - ok
08:50:12.0250 5904 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
08:50:12.0250 5904 Cdfs - ok
08:50:12.0265 5904 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:50:12.0281 5904 Cdrom - ok
08:50:12.0281 5904 Changer - ok
08:50:12.0312 5904 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
08:50:12.0328 5904 CiSvc - ok
08:50:12.0328 5904 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
08:50:12.0343 5904 ClipSrv - ok
08:50:12.0421 5904 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:50:12.0609 5904 clr_optimization_v2.0.50727_32 - ok
08:50:12.0640 5904 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:50:12.0796 5904 clr_optimization_v4.0.30319_32 - ok
08:50:12.0828 5904 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
08:50:12.0828 5904 CmdIde - ok
08:50:12.0828 5904 COMSysApp - ok
08:50:12.0843 5904 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
08:50:12.0843 5904 Cpqarray - ok
08:50:12.0890 5904 [ 7DB5E3F44D797BD38B8E336CCC2E49D5 ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
08:50:12.0890 5904 Creative Labs Licensing Service - ok
08:50:12.0906 5904 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\WINDOWS\system32\CTsvcCDA.exe
08:50:12.0906 5904 Creative Service for CDROM Access - ok
08:50:12.0921 5904 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
08:50:12.0937 5904 CryptSvc - ok
08:50:12.0984 5904 [ A5BEA0E5C297F5F3835638A87E512FBA ] CTDevice_Srv C:\Program Files\Creative\Shared Files\CTDevSrv.exe
08:50:12.0984 5904 CTDevice_Srv - ok
08:50:13.0000 5904 [ 8DB84DE3AAB34A8B4C2F644EFF41CD76 ] ctsfm2k C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
08:50:13.0000 5904 ctsfm2k - ok
08:50:13.0062 5904 [ 8E26D772F53B7883A651E0E4A9598F21 ] CTUPnPSv C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
08:50:13.0062 5904 CTUPnPSv - ok
08:50:13.0078 5904 [ 4EE8822ADB764EDD28CE44E808097995 ] CTUSFSYN C:\WINDOWS\system32\drivers\ctusfsyn.sys
08:50:13.0078 5904 CTUSFSYN - ok
08:50:13.0125 5904 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
08:50:13.0125 5904 dac2w2k - ok
08:50:13.0156 5904 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
08:50:13.0156 5904 dac960nt - ok
08:50:13.0171 5904 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
08:50:13.0187 5904 DcomLaunch - ok
08:50:13.0218 5904 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
08:50:13.0218 5904 Dhcp - ok
08:50:13.0234 5904 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
08:50:13.0234 5904 Disk - ok
08:50:13.0281 5904 [ E2D0DE31442390C35E3163C87CB6A9EB ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
08:50:13.0281 5904 DLABOIOM - ok
08:50:13.0281 5904 [ D979BEBCF7EDCC9C9EE1857D1A68C67B ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
08:50:13.0281 5904 DLACDBHM - ok
08:50:13.0296 5904 [ 83545593E297F50A8E2524B4C071A153 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
08:50:13.0296 5904 DLADResN - ok
08:50:13.0296 5904 [ 96E01D901CDC98C7817155CC057001BF ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
08:50:13.0296 5904 DLAIFS_M - ok
08:50:13.0296 5904 [ 0A60A39CC5E767980A31CA5D7238DFA9 ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
08:50:13.0296 5904 DLAOPIOM - ok
08:50:13.0312 5904 [ 9FE2B72558FC808357F427FD83314375 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
08:50:13.0312 5904 DLAPoolM - ok
08:50:13.0312 5904 [ 7EE0852AE8907689DF25049DCD2342E8 ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
08:50:13.0312 5904 DLARTL_N - ok
08:50:13.0312 5904 [ F08E1DAFAC457893399E03430A6A1397 ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
08:50:13.0328 5904 DLAUDFAM - ok
08:50:13.0328 5904 [ E7D105ED1E694449D444A9933DF8E060 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
08:50:13.0328 5904 DLAUDF_M - ok
08:50:13.0328 5904 dlcf_device - ok
08:50:13.0328 5904 dmadmin - ok
08:50:13.0359 5904 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
08:50:13.0390 5904 dmboot - ok
08:50:13.0390 5904 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
08:50:13.0390 5904 dmio - ok
08:50:13.0406 5904 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
08:50:13.0406 5904 dmload - ok
08:50:13.0437 5904 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
08:50:13.0437 5904 dmserver - ok
08:50:13.0453 5904 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
08:50:13.0453 5904 DMusic - ok
08:50:13.0500 5904 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
08:50:13.0515 5904 Dnscache - ok
08:50:13.0562 5904 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
08:50:13.0562 5904 Dot3svc - ok
08:50:13.0578 5904 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
08:50:13.0593 5904 dpti2o - ok
08:50:13.0609 5904 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
08:50:13.0609 5904 drmkaud - ok
08:50:13.0625 5904 [ FD0F95981FEF9073659D8EC58E40AA3C ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
08:50:13.0625 5904 DRVMCDB - ok
08:50:13.0640 5904 [ B4869D320428CDC5EC4D7F5E808E99B5 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
08:50:13.0640 5904 DRVNDDM - ok
08:50:13.0640 5904 DSproct - ok
08:50:13.0656 5904 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
08:50:13.0656 5904 E100B - ok
08:50:13.0687 5904 [ 00192F0C612591D585594E9467E6CA8B ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
08:50:13.0687 5904 e1express - ok
08:50:13.0718 5904 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
08:50:13.0718 5904 EapHost - ok
08:50:13.0765 5904 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
08:50:13.0765 5904 ehRecvr - ok
08:50:13.0781 5904 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
08:50:13.0781 5904 ehSched - ok
08:50:13.0796 5904 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
08:50:13.0796 5904 ERSvc - ok
08:50:13.0812 5904 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
08:50:13.0828 5904 Eventlog - ok
08:50:13.0859 5904 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
08:50:13.0859 5904 EventSystem - ok
08:50:13.0890 5904 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
08:50:13.0906 5904 Fastfat - ok
08:50:13.0953 5904 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:50:13.0968 5904 FastUserSwitchingCompatibility - ok
08:50:14.0000 5904 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
08:50:14.0000 5904 Fax - ok
08:50:14.0031 5904 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
08:50:14.0031 5904 Fdc - ok
08:50:14.0046 5904 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
08:50:14.0046 5904 Fips - ok
08:50:14.0078 5904 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
08:50:14.0078 5904 Flpydisk - ok
08:50:14.0109 5904 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
08:50:14.0109 5904 FltMgr - ok
08:50:14.0187 5904 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:50:14.0234 5904 FontCache3.0.0.0 - ok
08:50:14.0281 5904 [ 960F5E5E4E1F720465311AC68A99C2DF ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
08:50:14.0281 5904 fssfltr - ok
08:50:14.0328 5904 [ 9B1622EBEB31B3411B13382FFCB8737D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
08:50:14.0390 5904 fsssvc - ok
08:50:14.0406 5904 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:50:14.0406 5904 Fs_Rec - ok
08:50:14.0437 5904 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:50:14.0437 5904 Ftdisk - ok
08:50:14.0453 5904 fyspmg - ok
08:50:14.0468 5904 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:50:14.0468 5904 Gpc - ok
08:50:14.0531 5904 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
08:50:14.0531 5904 gupdate - ok
08:50:14.0531 5904 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
08:50:14.0531 5904 gupdatem - ok
08:50:14.0578 5904 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
08:50:14.0578 5904 gusvc - ok
08:50:14.0609 5904 [ ECC2B633B909448C2806EA36FFEA1933 ] hcwPP2 C:\WINDOWS\system32\DRIVERS\hcwPP2.sys
08:50:14.0609 5904 hcwPP2 - ok
08:50:14.0640 5904 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:50:14.0640 5904 HDAudBus - ok
08:50:14.0687 5904 helpsvc - ok
08:50:14.0718 5904 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
08:50:14.0718 5904 HidServ - ok
08:50:14.0734 5904 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:50:14.0734 5904 HidUsb - ok
08:50:14.0765 5904 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
08:50:14.0765 5904 hkmsvc - ok
08:50:14.0781 5904 [ 55D7308E1437C629D2E52787BDA2CB45 ] hnmwrlspkt C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys
08:50:14.0781 5904 hnmwrlspkt - ok
08:50:14.0796 5904 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
08:50:14.0796 5904 hpn - ok
08:50:14.0828 5904 [ CBD09ED9CF6822177EE85AEA4D8816A2 ] HTCAND32 C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
08:50:14.0828 5904 HTCAND32 - ok
08:50:14.0875 5904 [ 04E3B3554076B8192A668EFE88A682A1 ] htcnprot C:\WINDOWS\system32\DRIVERS\htcnprot.sys
08:50:14.0875 5904 htcnprot - ok
08:50:14.0906 5904 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
08:50:14.0906 5904 HTTP - ok
08:50:14.0953 5904 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
08:50:14.0953 5904 HTTPFilter - ok
08:50:14.0984 5904 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
08:50:15.0000 5904 i2omgmt - ok
08:50:15.0015 5904 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
08:50:15.0031 5904 i2omp - ok
08:50:15.0046 5904 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:50:15.0046 5904 i8042prt - ok
08:50:15.0093 5904 [ B122BE74E283A2BC7FEBC180BFD2EFD5 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
08:50:15.0109 5904 IAANTMON - ok
08:50:15.0125 5904 [ 019CF5F31C67030841233C545A0E217A ] iastor C:\WINDOWS\system32\Drivers\iaStor.svs
08:50:15.0140 5904 iastor - ok
08:50:15.0234 5904 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:50:15.0265 5904 idsvc - ok
08:50:15.0281 5904 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
08:50:15.0281 5904 Imapi - ok
08:50:15.0312 5904 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
08:50:15.0328 5904 ImapiService - ok
08:50:15.0328 5904 InCDFs - ok
08:50:15.0328 5904 InCDPass - ok
08:50:15.0343 5904 InCDRm - ok
08:50:15.0359 5904 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
08:50:15.0359 5904 ini910u - ok
08:50:15.0390 5904 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
08:50:15.0390 5904 IntelIde - ok
08:50:15.0421 5904 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:50:15.0421 5904 intelppm - ok
08:50:15.0453 5904 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
08:50:15.0453 5904 Ip6Fw - ok
08:50:15.0468 5904 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:50:15.0468 5904 IpFilterDriver - ok
08:50:15.0484 5904 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:50:15.0484 5904 IpInIp - ok
08:50:15.0515 5904 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:50:15.0515 5904 IpNat - ok
08:50:15.0515 5904 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:50:15.0531 5904 IPSec - ok
08:50:15.0546 5904 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
08:50:15.0546 5904 IRENUM - ok
08:50:15.0578 5904 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:50:15.0578 5904 isapnp - ok
08:50:15.0687 5904 [ 32192B4EBE8720ED8D49A455C962CB91 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
08:50:15.0687 5904 JavaQuickStarterService - ok
08:50:15.0703 5904 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:50:15.0703 5904 Kbdclass - ok
08:50:15.0703 5904 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:50:15.0703 5904 kbdhid - ok
08:50:15.0734 5904 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
08:50:15.0734 5904 kmixer - ok
08:50:15.0765 5904 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
08:50:15.0765 5904 KSecDD - ok
08:50:15.0812 5904 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
08:50:15.0812 5904 lanmanserver - ok
08:50:15.0843 5904 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:50:15.0843 5904 lanmanworkstation - ok
08:50:15.0843 5904 lbrtfdc - ok
08:50:15.0875 5904 [ 29FAB5363138F6E322F4CD780ED9D337 ] LicCtrlService C:\WINDOWS\runservice.exe
08:50:16.0281 5904 LicCtrlService - ok
08:50:16.0296 5904 [ 975B6CF65F44E95883F3855BAE8CECAF ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
08:50:16.0296 5904 lirsgt - ok
08:50:16.0328 5904 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
08:50:16.0328 5904 LmHosts - ok
08:50:16.0359 5904 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
08:50:16.0359 5904 McrdSvc - ok
08:50:16.0406 5904 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
08:50:16.0421 5904 MDM - ok
08:50:16.0437 5904 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
08:50:16.0437 5904 Messenger - ok
08:50:16.0468 5904 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
08:50:16.0468 5904 MHN - ok
08:50:16.0500 5904 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
08:50:16.0500 5904 MHNDRV - ok
08:50:16.0562 5904 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
08:50:16.0562 5904 Microsoft Office Groove Audit Service - ok
08:50:16.0593 5904 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
08:50:16.0593 5904 mnmdd - ok
08:50:16.0625 5904 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
08:50:16.0640 5904 mnmsrvc - ok
08:50:16.0671 5904 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
08:50:16.0671 5904 Modem - ok
08:50:16.0718 5904 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] monfilt C:\WINDOWS\system32\drivers\monfilt.sys
08:50:16.0750 5904 monfilt - ok
08:50:16.0765 5904 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:50:16.0765 5904 Mouclass - ok
08:50:16.0781 5904 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:50:16.0781 5904 mouhid - ok
08:50:16.0796 5904 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
08:50:16.0796 5904 MountMgr - ok
08:50:16.0812 5904 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
08:50:16.0812 5904 mraid35x - ok
08:50:16.0828 5904 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:50:16.0828 5904 MRxDAV - ok
08:50:16.0859 5904 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:50:16.0859 5904 MRxSmb - ok
08:50:16.0890 5904 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
08:50:16.0906 5904 MSDTC - ok
08:50:16.0937 5904 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
08:50:16.0937 5904 Msfs - ok
08:50:16.0937 5904 MSIServer - ok
08:50:16.0984 5904 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:50:16.0984 5904 MSKSSRV - ok
08:50:17.0000 5904 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:50:17.0000 5904 MSPCLOCK - ok
08:50:17.0015 5904 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
08:50:17.0015 5904 MSPQM - ok
08:50:17.0031 5904 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:50:17.0031 5904 mssmbios - ok
08:50:17.0062 5904 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
08:50:17.0062 5904 MSTEE - ok
08:50:17.0078 5904 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
08:50:17.0093 5904 Mup - ok
08:50:17.0140 5904 MySQL - ok
08:50:17.0156 5904 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:50:17.0156 5904 NABTSFEC - ok
08:50:17.0187 5904 [ 1E59AAED42A5E3A5ED86EC403F9C0776 ] NAL C:\WINDOWS\system32\Drivers\iqvw32.sys
08:50:17.0187 5904 NAL - ok
08:50:17.0234 5904 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
08:50:17.0250 5904 napagent - ok
08:50:17.0265 5904 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
08:50:17.0265 5904 NDIS - ok
08:50:17.0281 5904 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:50:17.0281 5904 NdisIP - ok
08:50:17.0296 5904 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:50:17.0296 5904 NdisTapi - ok
08:50:17.0328 5904 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:50:17.0343 5904 Ndisuio - ok
08:50:17.0343 5904 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:50:17.0359 5904 NdisWan - ok
08:50:17.0390 5904 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
08:50:17.0406 5904 NDProxy - ok
08:50:17.0437 5904 [ F8613346D6A2A76BE146BC660C65C363 ] NEOFLTR_550_12491 C:\WINDOWS\system32\Drivers\NEOFLTR_550_12491.SYS
08:50:17.0453 5904 NEOFLTR_550_12491 - ok
08:50:17.0484 5904 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
08:50:17.0484 5904 NetBIOS - ok
08:50:17.0500 5904 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
08:50:17.0515 5904 NetBT - ok
08:50:17.0546 5904 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
08:50:17.0562 5904 NetDDE - ok
08:50:17.0562 5904 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
08:50:17.0562 5904 NetDDEdsdm - ok
08:50:17.0593 5904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
08:50:17.0593 5904 Netlogon - ok
08:50:17.0625 5904 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
08:50:17.0640 5904 Netman - ok
08:50:17.0687 5904 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:50:17.0796 5904 NetTcpPortSharing - ok
08:50:17.0843 5904 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
08:50:17.0843 5904 Nla - ok
08:50:17.0875 5904 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
08:50:17.0875 5904 Npfs - ok
08:50:17.0906 5904 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
08:50:17.0921 5904 Ntfs - ok
08:50:17.0937 5904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
08:50:17.0937 5904 NtLmSsp - ok
08:50:17.0968 5904 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
08:50:17.0984 5904 NtmsSvc - ok
08:50:18.0000 5904 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
08:50:18.0000 5904 Null - ok
08:50:18.0046 5904 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:50:18.0109 5904 nv - ok
08:50:18.0125 5904 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:50:18.0125 5904 NwlnkFlt - ok
08:50:18.0125 5904 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:50:18.0140 5904 NwlnkFwd - ok
08:50:18.0187 5904 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:50:18.0187 5904 odserv - ok
08:50:18.0234 5904 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:50:18.0234 5904 ose - ok
08:50:18.0250 5904 [ 103A9B117A7D9903111955CDAFE65AC6 ] ossrv C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
08:50:18.0250 5904 ossrv - ok
08:50:18.0281 5904 [ 9A7FD6B64E78A8A0D79F372CFCC43E19 ] Packet C:\WINDOWS\system32\DRIVERS\packet.sys
08:50:18.0281 5904 Packet - ok
08:50:18.0312 5904 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
08:50:18.0312 5904 Parport - ok
08:50:18.0328 5904 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
08:50:18.0343 5904 PartMgr - ok
08:50:18.0359 5904 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
08:50:18.0359 5904 ParVdm - ok
08:50:18.0437 5904 [ 39B9DCD7040654C2E57D7396736C718E ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
08:50:18.0437 5904 PassThru Service - ok
08:50:18.0453 5904 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
08:50:18.0453 5904 PCI - ok
08:50:18.0453 5904 PCIDump - ok
08:50:18.0468 5904 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
08:50:18.0468 5904 PCIIde - ok
08:50:18.0484 5904 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
08:50:18.0500 5904 Pcmcia - ok
08:50:18.0515 5904 [ CD2425FD848E5FA09C9A213DA56817A9 ] Pcouffin C:\WINDOWS\system32\Drivers\Pcouffin.sys
08:50:18.0515 5904 Pcouffin - ok
08:50:18.0531 5904 PDCOMP - ok
08:50:18.0531 5904 PDFRAME - ok
08:50:18.0531 5904 PDRELI - ok
08:50:18.0531 5904 PDRFRAME - ok
08:50:18.0562 5904 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
08:50:18.0562 5904 perc2 - ok
08:50:18.0578 5904 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
08:50:18.0578 5904 perc2hib - ok
08:50:18.0578 5904 PEVSystemStart - ok
08:50:18.0609 5904 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
08:50:18.0609 5904 PlugPlay - ok
08:50:18.0609 5904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
08:50:18.0609 5904 PolicyAgent - ok
08:50:18.0656 5904 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:50:18.0671 5904 PptpMiniport - ok
08:50:18.0671 5904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:50:18.0671 5904 ProtectedStorage - ok
08:50:18.0703 5904 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\WINDOWS\system32\PSIService.exe
08:50:18.0703 5904 ProtexisLicensing - ok
08:50:18.0718 5904 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
08:50:18.0718 5904 PSched - ok
08:50:18.0750 5904 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:50:18.0750 5904 Ptilink - ok
08:50:18.0765 5904 [ 7C81AE3C9B82BA2DA437ED4D31BC56CF ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:50:18.0765 5904 PxHelp20 - ok
08:50:18.0796 5904 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
08:50:18.0796 5904 ql1080 - ok
08:50:18.0812 5904 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
08:50:18.0812 5904 Ql10wnt - ok
08:50:18.0828 5904 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
08:50:18.0828 5904 ql12160 - ok
08:50:18.0843 5904 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
08:50:18.0843 5904 ql1240 - ok
08:50:18.0859 5904 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
08:50:18.0859 5904 ql1280 - ok
08:50:18.0875 5904 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:50:18.0875 5904 RasAcd - ok
08:50:18.0921 5904 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
08:50:18.0921 5904 RasAuto - ok
08:50:18.0953 5904 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:50:18.0953 5904 Rasl2tp - ok
08:50:18.0984 5904 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
08:50:18.0984 5904 RasMan - ok
08:50:19.0015 5904 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:50:19.0015 5904 RasPppoe - ok
08:50:19.0015 5904 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
08:50:19.0015 5904 Raspti - ok
08:50:19.0031 5904 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:50:19.0031 5904 Rdbss - ok
08:50:19.0046 5904 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:50:19.0046 5904 RDPCDD - ok
08:50:19.0046 5904 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:50:19.0062 5904 rdpdr - ok
08:50:19.0093 5904 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
08:50:19.0093 5904 RDPWD - ok
08:50:19.0125 5904 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
08:50:19.0140 5904 RDSessMgr - ok
08:50:19.0171 5904 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
08:50:19.0171 5904 redbook - ok
08:50:19.0203 5904 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
08:50:19.0203 5904 RemoteAccess - ok
08:50:19.0234 5904 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
08:50:19.0234 5904 RemoteRegistry - ok
08:50:19.0250 5904 [ 616EAC1B0E48B236A5A9B8AE07FDB81C ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
08:50:19.0265 5904 RimUsb - ok
08:50:19.0296 5904 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
08:50:19.0312 5904 RimVSerPort - ok
08:50:19.0343 5904 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
08:50:19.0343 5904 ROOTMODEM - ok
08:50:19.0375 5904 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
08:50:19.0375 5904 RpcLocator - ok
08:50:19.0406 5904 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
08:50:19.0406 5904 RpcSs - ok
08:50:19.0437 5904 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
08:50:19.0453 5904 RSVP - ok
08:50:19.0468 5904 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
08:50:19.0468 5904 SamSs - ok
08:50:19.0515 5904 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
08:50:19.0515 5904 SASDIFSV - ok
08:50:19.0531 5904 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
08:50:19.0546 5904 SASKUTIL - ok
08:50:19.0546 5904 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
08:50:19.0546 5904 SCardSvr - ok
08:50:19.0609 5904 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
08:50:19.0609 5904 Schedule - ok
08:50:19.0656 5904 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:50:19.0656 5904 Secdrv - ok
08:50:19.0687 5904 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
08:50:19.0687 5904 seclogon - ok
08:50:19.0687 5904 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\System32\sens.dll
08:50:19.0687 5904 SENS - ok
08:50:19.0703 5904 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
08:50:19.0703 5904 serenum - ok
08:50:19.0750 5904 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
08:50:19.0750 5904 Serial - ok
08:50:19.0765 5904 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
08:50:19.0765 5904 Sfloppy - ok
08:50:19.0796 5904 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
08:50:19.0812 5904 SharedAccess - ok
08:50:19.0828 5904 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:50:19.0828 5904 ShellHWDetection - ok
08:50:19.0828 5904 Simbad - ok
08:50:19.0859 5904 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
08:50:19.0859 5904 sisagp - ok
08:50:19.0875 5904 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:50:19.0875 5904 SLIP - ok
08:50:19.0906 5904 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
08:50:19.0906 5904 Sparrow - ok
08:50:19.0921 5904 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
08:50:19.0921 5904 splitter - ok
08:50:19.0937 5904 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
08:50:19.0937 5904 Spooler - ok
08:50:19.0953 5904 sptd - ok
08:50:19.0968 5904 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
08:50:19.0984 5904 sr - ok
08:50:20.0000 5904 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
08:50:20.0000 5904 srservice - ok
08:50:20.0015 5904 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
08:50:20.0031 5904 Srv - ok
08:50:20.0062 5904 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
08:50:20.0062 5904 SSDPSRV - ok
08:50:20.0093 5904 [ BD15182E9D2D3FABC1D1313BADBD2415 ] ss_bus C:\WINDOWS\system32\DRIVERS\ss_bus.sys
08:50:20.0093 5904 ss_bus - ok
08:50:20.0140 5904 [ 67D1144F249A3C5E03EBD7A2304DEE11 ] ss_mdfl C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
08:50:20.0140 5904 ss_mdfl - ok
08:50:20.0187 5904 [ 954B7CE2D54C703D6A8471D6B05A5E13 ] ss_mdm C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
08:50:20.0203 5904 ss_mdm - ok
08:50:20.0234 5904 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
08:50:20.0234 5904 StarOpen - ok
08:50:20.0234 5904 Steam Client Service - ok
08:50:20.0281 5904 [ 797FCC1D859B203958E915BB82528DA9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
08:50:20.0312 5904 STHDA - ok
08:50:20.0343 5904 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
08:50:20.0343 5904 stisvc - ok
08:50:20.0375 5904 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:50:20.0375 5904 streamip - ok
08:50:20.0390 5904 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
08:50:20.0390 5904 swenum - ok
08:50:20.0406 5904 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
08:50:20.0421 5904 swmidi - ok
08:50:20.0421 5904 SwPrv - ok
08:50:20.0437 5904 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
08:50:20.0437 5904 symc810 - ok
08:50:20.0437 5904 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
08:50:20.0437 5904 symc8xx - ok
08:50:20.0453 5904 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
08:50:20.0453 5904 sym_hi - ok
08:50:20.0468 5904 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
08:50:20.0468 5904 sym_u3 - ok
08:50:20.0484 5904 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
08:50:20.0484 5904 sysaudio - ok
08:50:20.0531 5904 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
08:50:20.0531 5904 SysmonLog - ok
08:50:20.0562 5904 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
08:50:20.0562 5904 TapiSrv - ok
08:50:20.0593 5904 [ 4D46F63F7DDC2442941D63327C360B90 ] tbhsd C:\WINDOWS\system32\drivers\tbhsd.sys
08:50:20.0609 5904 tbhsd - ok
08:50:20.0640 5904 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:50:20.0656 5904 Tcpip - ok
08:50:20.0687 5904 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
08:50:20.0687 5904 TDPIPE - ok
08:50:20.0703 5904 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
08:50:20.0703 5904 TDTCP - ok
08:50:20.0718 5904 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
08:50:20.0718 5904 TermDD - ok
08:50:20.0734 5904 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
08:50:20.0750 5904 TermService - ok
08:50:20.0750 5904 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
08:50:20.0765 5904 Themes - ok
08:50:20.0781 5904 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
08:50:20.0781 5904 TlntSvr - ok
08:50:20.0828 5904 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
08:50:20.0828 5904 TosIde - ok
08:50:20.0843 5904 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
08:50:20.0843 5904 TrkWks - ok
08:50:20.0859 5904 [ 26C062A4480B9D7C26E1CE4BF50D10FC ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys
08:50:21.0609 5904 TrueSight - ok
08:50:21.0625 5904 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
08:50:21.0625 5904 Udfs - ok
08:50:21.0656 5904 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
08:50:21.0656 5904 ultra - ok
08:50:21.0718 5904 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
08:50:21.0734 5904 Update - ok
08:50:21.0765 5904 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
08:50:21.0765 5904 upnphost - ok
08:50:21.0796 5904 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
08:50:21.0812 5904 UPS - ok
08:50:21.0843 5904 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
08:50:21.0843 5904 usbaudio - ok
08:50:21.0859 5904 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:50:21.0859 5904 usbccgp - ok
08:50:21.0890 5904 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:50:21.0890 5904 usbehci - ok
08:50:21.0906 5904 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:50:21.0906 5904 usbhub - ok
08:50:21.0937 5904 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:50:21.0937 5904 usbprint - ok
08:50:21.0953 5904 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:50:21.0953 5904 usbscan - ok
08:50:21.0968 5904 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:50:21.0968 5904 USBSTOR - ok
08:50:21.0984 5904 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:50:22.0000 5904 usbuhci - ok
08:50:22.0015 5904 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
08:50:22.0031 5904 usb_rndisx - ok
08:50:22.0046 5904 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
08:50:22.0046 5904 VgaSave - ok
08:50:22.0062 5904 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
08:50:22.0062 5904 viaagp - ok
08:50:22.0078 5904 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
08:50:22.0078 5904 ViaIde - ok
08:50:22.0109 5904 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
08:50:22.0109 5904 VolSnap - ok
08:50:22.0140 5904 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
08:50:22.0156 5904 VSS - ok
08:50:22.0156 5904 vToolbarUpdater13.1.0 - ok
08:50:22.0171 5904 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
08:50:22.0187 5904 w32time - ok
08:50:22.0203 5904 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:50:22.0203 5904 Wanarp - ok
08:50:22.0203 5904 wanatw - ok
08:50:22.0234 5904 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
08:50:22.0250 5904 Wdf01000 - ok
08:50:22.0250 5904 WDICA - ok
08:50:22.0265 5904 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
08:50:22.0265 5904 wdmaud - ok
08:50:22.0281 5904 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
08:50:22.0281 5904 WebClient - ok
08:50:22.0343 5904 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
08:50:22.0359 5904 winmgmt - ok
08:50:22.0390 5904 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
08:50:22.0390 5904 WmdmPmSN - ok
08:50:22.0437 5904 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
08:50:22.0453 5904 Wmi - ok
08:50:22.0484 5904 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:50:22.0484 5904 WmiApSrv - ok
08:50:22.0562 5904 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
08:50:22.0593 5904 WMPNetworkSvc - ok
08:50:22.0656 5904 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:50:22.0671 5904 WPFFontCache_v0400 - ok
08:50:22.0687 5904 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:50:22.0687 5904 WS2IFSL - ok
08:50:22.0718 5904 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
08:50:22.0718 5904 wscsvc - ok
08:50:22.0750 5904 [ E068D1F5D4ABC1111566BCEFE85F1AC2 ] wsppkt C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys
08:50:22.0750 5904 wsppkt - ok
08:50:22.0781 5904 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:50:22.0781 5904 WSTCODEC - ok
08:50:22.0796 5904 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
08:50:22.0796 5904 wuauserv - ok
08:50:22.0843 5904 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:50:22.0859 5904 WudfPf - ok
08:50:22.0890 5904 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:50:22.0890 5904 WudfRd - ok
08:50:22.0921 5904 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
08:50:22.0921 5904 WudfSvc - ok
08:50:22.0968 5904 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
08:50:23.0093 5904 WZCSVC - ok
08:50:23.0125 5904 [ 05A74D2BE6F493C65D7221D1D0E8A23C ] xlink C:\WINDOWS\system32\Drivers\xlink.sys
08:50:23.0125 5904 xlink - ok
08:50:23.0140 5904 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
08:50:23.0156 5904 xmlprov - ok
08:50:23.0187 5904 [ 09E5340BD9B2CB730BF4DC6BE7721291 ] xusb21 C:\WINDOWS\system32\DRIVERS\xusb21.sys
08:50:23.0218 5904 xusb21 - ok
08:50:23.0218 5904 ================ Scan global ===============================
08:50:23.0234 5904 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
08:50:23.0281 5904 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:50:23.0296 5904 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
08:50:23.0312 5904 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
08:50:23.0312 5904 [Global] - ok
08:50:23.0312 5904 ================ Scan MBR ==================================
08:50:23.0328 5904 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
08:50:23.0515 5904 \Device\Harddisk0\DR0 - ok
08:50:23.0515 5904 ================ Scan VBR ==================================
08:50:23.0515 5904 [ 4A35A03CA9465EA1B1E21555060D8C27 ] \Device\Harddisk0\DR0\Partition1
08:50:23.0515 5904 \Device\Harddisk0\DR0\Partition1 - ok
08:50:23.0515 5904 ============================================================
08:50:23.0515 5904 Scan finished
08:50:23.0515 5904 ============================================================
08:50:23.0531 4304 Detected object count: 0
08:50:23.0531 4304 Actual detected object count: 0


ASW report...

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-27 08:55:44
-----------------------------
08:55:44.062 OS Version: Windows 5.1.2600 Service Pack 3
08:55:44.062 Number of processors: 2 586 0xF06
08:55:44.062 ComputerName: JEFFHOME UserName:
08:55:45.640 Initialize success
08:59:02.000 AVAST engine defs: 12102601
08:59:21.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
08:59:21.203 Disk 0 Vendor: Intel___ 1.0. Size: 305171MB BusType: 3
08:59:21.250 Disk 0 MBR read successfully
08:59:21.250 Disk 0 MBR scan
08:59:21.359 Disk 0 Windows XP default MBR code
08:59:21.406 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
08:59:21.484 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 300348 MB offset 128520
08:59:21.531 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 615241305
08:59:21.546 Disk 0 scanning sectors +624976695
08:59:21.734 Disk 0 scanning C:\WINDOWS\system32\drivers
09:00:05.109 Service scanning
09:00:26.750 Modules scanning
09:00:33.671 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
09:00:34.796 Disk 0 trace - called modules:
09:00:34.796
09:00:35.875 AVAST engine scan C:\WINDOWS
09:00:37.796 File: C:\WINDOWS\ebapehukuhoxajed.dll **INFECTED** Win32:Hilot [Trj]
09:00:44.671 AVAST engine scan C:\WINDOWS\system32
09:06:25.953 AVAST engine scan C:\WINDOWS\system32\drivers
09:06:55.968 AVAST engine scan C:\Documents and Settings\My Name
09:13:01.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\My Name\My Documents\MBR.dat"
09:13:01.531 The log file has been saved successfully to "C:\Documents and Settings\My Name\My Documents\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 27 October 2012 - 12:42 PM

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 sweetmagee

sweetmagee
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 28 October 2012 - 05:02 AM

Just ran the extra report but Combofix just vanished - presumably when the scan had finished - and once again no report / log appeared. Same thing happened with it originally.

Do I need to look somewhere to find the report that's been generated ?

#13 sweetmagee

sweetmagee
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 28 October 2012 - 05:36 AM

Ignore last message - I was too impatient ! For some reason there was about a ten minute delay where I assumed Combofix had finished but it then carried on.

So I got the log and I think the problem may be resolved, just been on a few sites and no sign of the adverts.

Here's the log anyway...

ComboFix 12-10-26.05 - My Name 28/10/2012 10:11:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1221 [GMT 0:00]
Running from: c:\documents and settings\My Name\Desktop\ComboFix.exe
Command switches used :: /nombr
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\047cf479815390b5904fe9ad472adace_c
c:\documents and settings\All Users\Application Data\2E3AB40481.sys
c:\documents and settings\All Users\Application Data\afefef.sys
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\My Name\Application Data\157669.dat
c:\documents and settings\My Name\Application Data\CricketCaptain2010upd16.exe
c:\documents and settings\My Name\Application Data\CricketCaptain2010upd20.exe
c:\documents and settings\My Name\Application Data\CricketCaptain2012upd22.exe
c:\documents and settings\My Name\Application Data\CricketCaptain2012upd26.exe
c:\documents and settings\My Name\Application Data\iniasd.txt
c:\documents and settings\My Name\Local Settings\Application Data\{EB9B8C6A-C984-453A-8B9B-57CA1BD5DCCC}
c:\documents and settings\My Name\Local Settings\Application Data\{EB9B8C6A-C984-453A-8B9B-57CA1BD5DCCC}\chrome.manifest
c:\documents and settings\My Name\Local Settings\Application Data\{EB9B8C6A-C984-453A-8B9B-57CA1BD5DCCC}\chrome\content\_cfg.js
c:\documents and settings\My Name\Local Settings\Application Data\{EB9B8C6A-C984-453A-8B9B-57CA1BD5DCCC}\chrome\content\overlay.xul
c:\documents and settings\My Name\Local Settings\Application Data\{EB9B8C6A-C984-453A-8B9B-57CA1BD5DCCC}\install.rdf
c:\documents and settings\My Name\WINDOWS
C:\Microsoft
c:\progra~1\COMMON~1\{38214~2
c:\progra~1\COMMON~1\{38214~2\toolbardll.lzma
c:\program files\JMHL Loader
c:\windows\iun6002.exe
c:\windows\msvcr71.dll
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\tmp.reg
c:\windows\system32\UACnyysdrnmgtblsyvxb.db
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\xma
C:\winntse.bin
.
c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe
.
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BASICSCAN_SERVICE
-------\Legacy_COM+_MESSAGES
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-28 )))))))))))))))))))))))))))))))
.
.
2012-10-28 10:19 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2012-10-28 10:19 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2012-10-28 10:19 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2012-10-28 10:19 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe
2012-10-26 19:12 . 2012-10-26 19:14 13952 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-10-25 08:35 . 2012-10-25 08:40 -------- d-----w- c:\documents and settings\My Name\Application Data\FileBoss
2012-10-25 08:35 . 2012-10-25 08:35 -------- d-----w- c:\program files\FileBoss V2
2012-10-11 04:37 . 2012-10-11 04:37 -------- d-----w- C:\5eb91d6475654eaa8b038a2f2fd9ba
2012-10-09 13:37 . 2012-10-09 13:37 -------- d-----w- c:\documents and settings\My Name\Local Settings\Application Data\PES_2013_Commentaries_Map
2012-10-03 18:26 . 2012-10-03 18:26 -------- d-----w- c:\documents and settings\My Name\Application Data\AVG2013
2012-10-03 18:11 . 2012-10-03 18:11 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2013
2012-10-03 18:09 . 2012-10-03 18:09 -------- d-----w- c:\documents and settings\My Name\Application Data\TuneUp Software
2012-10-03 18:08 . 2012-10-03 18:08 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-03 18:01 . 2012-10-05 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
2012-10-03 17:50 . 2012-10-04 05:25 -------- d-----w- c:\documents and settings\My Name\Local Settings\Application Data\Avg2013
2012-10-03 17:50 . 2012-10-03 17:50 -------- d-----w- c:\documents and settings\My Name\Local Settings\Application Data\MFAData
2012-09-29 20:46 . 2012-09-29 20:46 -------- d-----w- c:\documents and settings\All Users\Application Data\rlbyatldlbddqjq
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 14:24 . 2012-03-30 08:09 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 14:24 . 2011-08-27 06:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-05 02:26 . 2010-09-07 03:48 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-10-02 02:30 . 2010-09-07 03:48 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-29 18:54 . 2010-02-24 18:09 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-21 02:46 . 2010-11-09 22:20 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-21 02:46 . 2012-08-09 12:56 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-09-21 02:45 . 2011-12-23 12:32 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-09-21 02:45 . 2012-04-19 03:50 55008 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-14 02:05 . 2010-09-07 03:48 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-09-13 02:11 . 2011-12-23 12:32 177504 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-28 15:14 . 2005-08-16 04:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2005-08-16 04:18 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2005-08-16 04:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2005-08-16 04:18 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2005-08-16 04:18 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2005-08-16 04:18 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-13 17:50 . 2009-10-13 17:50 19620 ----a-w- c:\program files\Common Files\cavu.vbs
2008-03-09 21:34 . 2008-03-09 21:34 2293848 ----a-w- c:\program files\FLV PlayerFCSetup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208]
"IE New Window Maximizer"="c:\program files\IE New Window Maximizer\iemaximizer.exe" [2005-02-08 356352]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"Spotify Web Helper"="c:\documents and settings\My Name\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-08-24 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 73728]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-07-16 296096]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"EMET Notifier"="c:\program files\EMET\EMET_notifier.exe" [2012-05-09 152152]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-10-10 3116152]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gpunegumesaw]
2008-04-14 00:12 179712 ----a-w- c:\windows\ebapehukuhoxajed.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 16:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
2006-06-29 06:12 1355042 ----a-w- c:\windows\system32\CTMBHA.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-07-12 19:05 1117184 ----a-w- c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 01:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SeaPort"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"LicCtrlService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=2 (0x2)
"fsssvc"=3 (0x3)
"avg9wd"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2011 Russian\\fm.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\football manager 2012 editor\\editor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\football manager 2012\\fm.exe"=
"c:\\Documents and Settings\\My Name\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2013\\pes2013.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2013\\PeSBoX Anatolia 2013.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 03:50 55008]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [09/08/2012 12:56 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 12:32 177504]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 12:32 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 03:48 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [09/11/2010 22:20 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [03/10/2012 18:08 26984]
R1 NEOFLTR_550_12491;Juniper Networks TDI Filter Driver (NEOFLTR_550_12491);c:\windows\system32\drivers\NEOFLTR_550_12491.sys [26/12/2007 07:11 64144]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 16:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 21:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [11/07/2012 18:54 116608]
R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;c:\program files\ABBYY Screenshot Reader\NetworkLicenseServer.exe [14/05/2009 14:07 759048]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [02/10/2012 02:32 5783672]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [02/10/2012 02:32 193568]
R2 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21/05/2008 11:42 64000]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [14/07/2006 01:01 13824]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [15/09/2011 12:06 88576]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [14/07/2006 01:02 13696]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [28/12/2006 10:43 47360]
S0 fyspmg;fyspmg; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2012 08:43 136176]
S2 vToolbarUpdater13.1.0;vToolbarUpdater13.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.1.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.1.0\ToolbarUpdater.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30/03/2012 08:09 250808]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [22/04/2011 06:52 947528]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2012 08:43 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [23/11/2010 16:43 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22/06/2010 18:01 21248]
S3 xlink;XLink Driver (xlink.sys);c:\windows\system32\drivers\xlink.sys [23/03/2007 17:09 19677]
S4 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [01/07/2012 14:37 2560]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 19:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 14:24]
.
2012-10-03 c:\windows\Tasks\expressburnDowngrade.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-11-09 08:18]
.
2010-11-09 c:\windows\Tasks\expressburnSevenDaysInit.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-11-09 08:18]
.
2012-09-27 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2010-11-09 08:18]
.
2012-10-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 18:53]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-29 08:43]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-29 08:43]
.
2012-10-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2669391802-3755608658-2594310101-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 11:00]
.
2012-10-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2669391802-3755608658-2594310101-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 11:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.co.uk/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6092
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: genesreunited.co.uk\www
Trusted Zone: hotmail.com
Trusted Zone: kuaiche.com\software
Trusted Zone: live.com
Trusted Zone: margatefchistory.com\www
Trusted Zone: msn.com
Trusted Zone: passport.com
Trusted Zone: pesfan.com\forums
TCP: Interfaces\{8C9AE844-8B1A-4B4D-AA74-9A1962C76571}: NameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-10 - (no file)
Toolbar-!{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-MediaGet2 - c:\documents and settings\My Name\Local Settings\Application Data\MediaGet2\mediaget.exe
HKCU-Run-ABBYY Screenshot Reader Retail - (no file)
HKCU-Run-EADM - c:\program files\Origin\Origin.exe
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
SafeBoot-klmdb.sys
MSConfigStartUp-070700Setup - c:\documents and settings\My Name\Application Data\E856D5C81182D2A61678AEC1D9EB3FF3\070700Setup.exe
MSConfigStartUp-Bbelozugecaval - c:\windows\cfmrtapt.dll
MSConfigStartUp-Cleanup - c:\docume~1\JEFFTR~1\LOCALS~1\Temp\2007326215321_mcappins.exe
MSConfigStartUp-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe
MSConfigStartUp-maufuodw - c:\documents and settings\My Name\Local Settings\Application Data\wvpvsaeyq\gdlxudptssd.exe
MSConfigStartUp-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe
MSConfigStartUp-QNB2EB90WX - c:\docume~1\JEFFTR~1\LOCALS~1\Temp\Usd.exe
MSConfigStartUp-skb - hpbrt.dll
MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
MSConfigStartUp-uwfpbtel - c:\documents and settings\My Name\Local Settings\Application Data\soccdfivs\phggvpntssd.exe
AddRemove-82A44D22-9452-49FB-00FB-CEC7DCAF7E23 - c:\program files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
AddRemove-E.V.O.L.U.T.I.O.N. Patch 2009 1.00 - c:\program files\KONAMI\Pro Evolution Soccer 2009\Patch deinstallieren.exe
AddRemove-Football Manager 2009 - c:\program files\Sports Interactive\Football Manager 2009\Uninstall_Football Manager 2009\Uninstall Football Manager 2009.exe
AddRemove-Football Manager 2010 - c:\program files\Sports Interactive\Football Manager 2010\Uninstall_Football Manager 2010\Uninstall Football Manager 2010.exe
AddRemove-Free Flip Book Maker_is1 - c:\program files\Free Flip Book Maker\unins000.exe
AddRemove-Freecorder_1.0 - c:\windows\iun6002.exe
AddRemove-JMHL Loader - c:\program files\JMHL Loader\JMHL Loader.exe
AddRemove-London 2012: The Official Video Game of the Olympic Games_is1 - c:\program files\London 2012 The Official Video Game of the Olympic Games\unins000.exe
AddRemove-Origin - c:\program files\Origin\OriginUninstall.exe
AddRemove-vfd-ob - c:\program files\OApps\vfd-ob_uninstall.exe
AddRemove-MicrosoftCinemania97 - c:\docume~1\JEFFTR~1\LOCALS~1\Temp\~AceTemp\MS_Cinemania_97[1].part1\MS Cinemania 97\cinmania.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-28 10:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
.
c:\docume~1\JEFFTR~1\LOCALS~1\Temp\wxmvpiby.0.cs 11186 bytes
c:\docume~1\JEFFTR~1\LOCALS~1\Temp\wxmvpiby.cmdline 456 bytes
c:\docume~1\JEFFTR~1\LOCALS~1\Temp\wxmvpiby.dll 8704 bytes executable
c:\docume~1\JEFFTR~1\LOCALS~1\Temp\wxmvpiby.err 0 bytes
c:\docume~1\JEFFTR~1\LOCALS~1\Temp\wxmvpiby.out 754 bytes
c:\docume~1\JEFFTR~1\LOCALS~1\Temp\wxmvpiby.tmp 0 bytes
.
scan completed successfully
hidden files: 6
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\iastor]
"ImagePath"="System32\Drivers\iaStor.svs"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2669391802-3755608658-2594310101-1005\RemoteAccess\Profile\m +^s*]
"EnableAutodisconnect"=dword:00000001
"EnableExitDisconnect"=dword:00000001
"DisconnectIdleTime"=dword:00000014
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \9A6A5634BD3048B3]
"1"=hex:f2,dc,b8,ca,29,8b,06,04,aa,02,59,06,c2,ef,5d,4d,b0,17,3e,13,b8,98,f9,
10,0a,f2,16,5c,a8,1c,4f,a3
"2"=hex:e7,27,cf,42,f4,44,fe,c6,d8,f2,16,d1,8e,4d,81,a5,c1,5f,93,ef,b5,cb,1d,
04,36,ee,2f,8d,a7,5c,96,01
"3"=hex:f2,dc,b8,ca,29,8b,06,04,aa,02,59,06,c2,ef,5d,4d,7c,ee,b3,94,39,1d,bb,
5e,97,e6,9e,cf,eb,f2,94,ca,73,e6,d4,34,53,90,04,70,e8,7f,25,57,05,a4,49,dd,\
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \9A6A5634BD3048B3\5146D8D5AE00F69E364984075B624ED1]
"1"=hex:15,c0,1b,ee,a2,cd,62,4d,d2,23,38,04,69,c0,07,cb,be,7f,03,af,a5,f1,05,
d0,1a,47,b5,40,b3,3c,2a,70,a1,44,c5,74,a5,da,7d,51
"2"=hex:41,ce,52,8f,3c,75,8b,5b
"3"=hex:87,9f,6d,5f,80,a5,d9,e5,e6,6f,4b,48,f5,f7,c8,c9,5b,d6,7c,5c,33,87,98,
9c,7f,a2,e2,6a,c7,ed,04,fa,69,98,36,c6,35,37,83,9c,3c,71,93,e5,6f,3b,f1,41,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:15,c0,1b,ee,a2,cd,62,4d,d2,23,38,04,69,c0,07,cb,be,7f,03,af,a5,f1,05,
d0,1a,47,b5,40,b3,3c,2a,70,1a,ac,72,2f,e3,6e,85,84,25,03,e2,a6,91,f0,a8,ee,\
"7"=hex:f2,dc,b8,ca,29,8b,06,04,aa,02,59,06,c2,ef,5d,4d,3f,f3,42,c6,c3,65,02,
28,73,ee,9e,5f,dc,e9,7b,7f,2e,33,55,23,c0,bf,6f,0f,06,ce,de,e3,81,cf,0f,34,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,67,80,23,00,91,97,a4,
41,a3,0f,5f,5b,48,b0,e4,e8,66,58,a7,f0,30,cd,83,af,bb,1d,3e,83,dd,5b,a9,b1,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:9c,1a,ff,6a,61,ca,4f,5a,a9,6e,62,e1,66,c4,d4,5b,1a,bc,02,fe,f9,55,78,
bb,5b,71,b7,13,fd,3b,37,22,29,ae,88,f9,50,01,bf,5a,cf,48,e8,79,57,26,bd,60,\
"13"=hex:c0,1a,e8,f1,33,d2,b9,c1,18,e6,9e,d6,88,40,fb,44,56,79,71,e2,28,6b,9c,
62
"14"=hex:5f,9b,8d,bf,2b,7b,0a,8b
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:ca,82,1a,87,c8,5f,fa,15,f5,4d,2b,f9,38,2f,6f,5e
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:f2,63,4e,ab,9c,46,ba,a0,ef,0f,32,6d,60,f8,bf,e7,36,a8,9f,43,6a,46,f4,
3b,dc,c8,e7,82,62,ca,70,77,9a,8b,02,b9,03,20,84,e0,c3,26,4e,27,0d,fb,9e,ff,\
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \9A6A5634BD3048B3\B7DAAD172AA12168E008FD873A1BED58]
"1"=hex:15,c0,1b,ee,a2,cd,62,4d,d2,23,38,04,69,c0,07,cb,be,7f,03,af,a5,f1,05,
d0,1a,47,b5,40,b3,3c,2a,70,56,10,ce,bb,de,cc,2b,9c
"2"=hex:5c,c7,46,22,af,0f,12,bb
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:f2,dc,b8,ca,29,8b,06,04,aa,02,59,06,c2,ef,5d,4d,3f,f3,42,c6,c3,65,02,
28,73,ee,9e,5f,dc,e9,7b,7f,2e,33,55,23,c0,bf,6f,0f,06,ce,de,e3,81,cf,0f,34,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,67,80,23,00,91,97,a4,
41,a3,0f,5f,5b,48,b0,e4,e8,66,58,a7,f0,30,cd,83,af,bb,1d,3e,83,dd,5b,a9,b1,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \9A6A5634BD3048B3\E0F3A3EC381CE1B1150A042D760EACA7]
"1"=hex:15,c0,1b,ee,a2,cd,62,4d,d2,23,38,04,69,c0,07,cb,be,7f,03,af,a5,f1,05,
d0,1a,47,b5,40,b3,3c,2a,70,e8,08,b1,af,fb,3d,2f,d3
"2"=hex:c5,65,f7,37,d5,24,dc,9e
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:f2,dc,b8,ca,29,8b,06,04,aa,02,59,06,c2,ef,5d,4d,3f,f3,42,c6,c3,65,02,
28,73,ee,9e,5f,dc,e9,7b,7f,2e,33,55,23,c0,bf,6f,0f,06,ce,de,e3,81,cf,0f,34,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,67,80,23,00,91,97,a4,
41,a3,0f,5f,5b,48,b0,e4,e8,66,58,a7,f0,30,cd,83,af,bb,1d,3e,83,dd,5b,a9,b1,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,42,54,3b,7e,24,3e,19,f8
"2"=hex:74,3a,ea,7a,01,1a,f6,06,21,62,93,b5,cb,23,e3,91,85,38,0e,f8,ce,56,2c,
d2,a4,f2,d0,33,2d,ee,33,13
"3"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,be,55,66,4e,06,ba,4c,d8,66,9a,0f,4f,39,c4,a1,1d,fa,72,08,2f,25,9c,e8,b6,\
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\3A71B9BC7A708556C64E1FFE8777C71C]
"1"=hex:c0,52,20,b1,47,91,30,5f,58,6a,ea,d4,ff,71,4b,c6,a8,87,6f,5a,78,c6,5d,
5b,22,26,64,2f,88,eb,a4,7b
"2"=hex:88,84,e8,80,9a,c0,4d,75
"3"=hex:ab,9c,4d,99,9d,a8,61,1a,63,c4,d2,77,c9,80,7a,0d,3b,c3,91,6c,9a,c8,0d,
7c,dc,47,1a,0d,e5,d5,71,ac,f8,a3,70,f8,c9,54,86,02,43,e0,30,11,6e,b9,65,b1,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:c0,52,20,b1,47,91,30,5f,58,6a,ea,d4,ff,71,4b,c6,a8,87,6f,5a,78,c6,5d,
5b,8c,75,7b,03,a2,57,45,f3,9f,a8,1c,a2,90,eb,71,04,9f,96,4d,92,d5,bc,95,0d,\
"7"=hex:9c,0f,26,c5,43,55,e2,9e,79,40,de,a7,ca,bc,f3,99,99,4d,91,38,55,4f,0b,
a5,8f,9b,e5,fc,d6,5f,45,dd,f6,df,ab,53,85,3c,a2,16,6d,58,d5,44,e1,b2,db,fb,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,6b,8d,dd,0b,84,72,f6,
f2,3d,a6,3c,a0,07,7d,db,f3,88,a8,6c,3f,5c,60,94,94,50,c0,20,2f,ff,27,64,21,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:f6,ba,ea,80,d1,08,c3,10,19,a6,da,48,cf,ec,14,31,c5,bf,7c,89,69,51,8e,
72,99,35,e0,02,48,46,aa,3c,da,59,4e,d5,3a,cf,a5,d8,67,22,70,cc,0d,dd,f8,a2,\
"13"=hex:f9,e8,80,39,45,0a,4d,87,74,d9,3a,1d,1d,7f,e7,f0,1a,7c,7d,5a,59,f1,7e,
94
"14"=hex:2c,e5,37,c4,79,e4,f5,f4
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:7e,62,0f,b8,5f,7e,9b,52,f9,f2,4a,03,55,e4,c6,54
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:42,0c,d8,4d,01,a9,8f,aa,5b,b3,ef,4d,9f,13,80,81,fb,15,94,16,31,56,b1,
ce,23,29,6c,d8,be,b3,fc,27,40,47,fe,39,1d,8a,46,1e,e2,91,c3,9f,24,83,6f,0c,\
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\D26BD25DC85E777542CA969E56548E46]
"1"=hex:c0,52,20,b1,47,91,30,5f,58,6a,ea,d4,ff,71,4b,c6,a8,87,6f,5a,78,c6,5d,
5b,22,26,64,2f,88,eb,a4,7b
"2"=hex:93,6f,47,d4,35,7c,6a,c0
"3"=hex:d1,d6,6a,be,c7,47,95,5d,a6,79,37,8d,46,5d,5e,bf,59,61,0f,92,34,97,af,
71,75,be,0b,ba,f0,2d,a1,ef,d4,fa,97,2d,94,47,35,c9,07,02,61,e8,96,80,5a,31,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:c0,52,20,b1,47,91,30,5f,58,6a,ea,d4,ff,71,4b,c6,a8,87,6f,5a,78,c6,5d,
5b,8c,75,7b,03,a2,57,45,f3,4e,c6,a6,98,0d,df,af,4f,ea,3f,72,cb,bb,aa,8e,d6,\
"7"=hex:9c,0f,26,c5,43,55,e2,9e,79,40,de,a7,ca,bc,f3,99,99,4d,91,38,55,4f,0b,
a5,8f,9b,e5,fc,d6,5f,45,dd,f6,df,ab,53,85,3c,a2,16,6d,58,d5,44,e1,b2,db,fb,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,6b,8d,dd,0b,84,72,f6,
f2,3d,a6,3c,a0,07,7d,db,f3,88,a8,6c,3f,5c,60,94,94,50,c0,20,2f,ff,27,64,21,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:0d,c5,43,45,39,8f,0d,57,42,0d,88,fa,84,71,ec,07,48,aa,4e,82,93,c2,f7,
d9,4b,74,92,82,e0,1a,48,45,74,c4,82,89,d1,90,b8,99,49,24,4f,37,30,9f,13,65,\
"13"=hex:58,8e,89,b0,5b,94,83,af,8d,d7,dd,2b,1b,06,32,ae,dc,ec,26,91,02,df,65,
8e
"14"=hex:dd,25,64,f3,20,04,ef,cb
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:cb,23,e8,dd,ce,4b,9b,f8,c7,37,53,11,4f,0e,ed,cb
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:b5,86,5c,c0,ba,5b,5d,08,e9,f1,91,0d,d4,1f,c4,e8,59,b1,9b,39,2a,2c,3f,
9d,f1,47,0a,2a,91,b2,63,68,d0,d0,3b,c7,f2,05,87,59,f2,50,a3,6e,f9,d0,12,e7,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4544)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\MySQL\MySQL Server 5.5\bin\mysqld.exe
c:\windows\system32\PSIService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Creative\Creative Centrale\CTUPnPFn.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Creative\Shared Files\AVCMANU.EXE
.
**************************************************************************
.
Completion time: 2012-10-28 10:30:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-28 10:30
.
Pre-Run: 82,085,089,280 bytes free
Post-Run: 83,819,896,832 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 2DECD4A9D988FEBD3732B48142FDB5F2


...I'll get back to you if the adverts start appearing but I think they've gone. I massively appreciate all the troule you've gone to with this - fantastic stuff so thanks very much for all your help.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 28 October 2012 - 12:21 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 sweetmagee

sweetmagee
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 29 October 2012 - 12:30 AM

Here you go, problem has definitely gone now thanks....

Leawo MP4 Converter version 3.0.0.1
µTorrent
1st JavaScript Editor Pro 5.1
3-IN-A-BED Version 5.2
3-IN-A-BED World League Version 19.0
7-Zip 4.65
725plc32
ABBYY FineReader 5.0 Sprint
ABBYY FineReader 6.0
ABBYY Screenshot Reader
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2
Adobe Shockwave Player 11.5
Advance Split Machine v1.0
Advanced Decoder Patch
AGEIA PhysX v6.10.25
Amazon MP3 Downloader 1.0.9
Applian FLV Player
ARTEuro
Astroburn Pro
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.4
Audio Recorder for FREE v5.6
AudioConverter
AVG 2013
AVI&WMV
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
BitLord 1.1
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
Brother HL-2030
Browsing Experience Extension Revenuestreaming.
Choice Guard
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 2.0.2
Core FTP LE 2.1
Corel Paint Shop Pro Photo XI
Corel Snapfire Plus
coverXP (remove only)
Creative Audio Pack
Creative Centrale
Creative MediaSource 5
Creative Software Update
Creative ZEN MX Documentation
cricket revolution 1.10
Crossword Compiler 8 Demo
dBpoweramp DSP Effects
dBpoweramp Music Converter
Dell CinePlayer
Dell Color Printer 725
Dell Driver Reset Tool
Dell Network Assistant
Dell System Restore
DkZ Studio
DOSPRN 1.79
DVD-Cover Printmaster 1.4
Dynamic HTML Editor 5.6
E.V.O.L.U.T.I.O.N. Patch 2009 1.00
EA SPORTS online 2008
Easy Graphic Converter 1.2
EclipseCrossword
EMET
EPSON Copy Utility 3
EPSON Scan
EPSON Smart Panel
ESPNMotion
Evrsoft First Page 2006
Excel to Flash Converter 3000 7.4
Express Burn Disc Burning Software
Express Rip
FIFA 13 Demo
FileBoss 2.301
Football Manager 2009
Football Manager 2010
Football Manager 2011 Russian
Football Manager 2012
Football Manager 2012 Editor
Free Flip Book Maker
Free FLV Converter V 7.1.0
FreeButtons.org
Freecorder 2.3 (with Skype Call Recording)
Freecorder Toolbar 3.0 Application
Garmin City Navigator Europe NT 2009 Update
Garmin Communicator Plugin
Garmin POI Loader
Garmin USB Drivers
GemMaster Mystic
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
IE New Window Maximizer 2.4
IMDB-Grab
ImgBurn
Intel® Matrix Storage Manager
Intel® PRO Network Connections
International Cricket Captain 2012
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 11
Java™ 6 Update 2
Jays Snipping Tool
JMHL Loader
Juniper Networks Cache Cleaner 5.5.0
Juniper Networks Secure Application Manager
Junk Mail filter update
K-Lite Codec Pack 6.1.0 (Basic)
Kudos
Kudos Patch 1.22
Learn2 Player (Uninstall Only)
London 2012: The Official Video Game of the Olympic Games
Malwarebytes Anti-Malware version 1.65.1.1000
MaxDrive PS2
MCU
MediaMonkey 3.2
Medieval II Total War
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Cinemania 97
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Web Components
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ Run Time Lib Setup
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft WSE 3.0 Runtime
Microsoft Xbox 360 Accessories 1.2
Mp3tag v2.46a
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6 Service Pack 2 (KB973686)
Multiple File Search and Replace
Multiple File Search Replace 2.30
MySQL Server 5.5
Ncesoft Flip Book Maker 2.5.3
NCH Toolbox
Need4 Software Launcher 6.2
Need4 Video Converter 6
Nero 7 Premium
Oblivion
OpD2d
Origin
Otto
Out of the Park Baseball 13
Perf2480P_2580P Reference Guide
Photo Story 3 for Windows
PhotoImpression 5
PhotoStage Slideshow Producer
PixiePack Codec Pack
Presto! BizCard 4.1 Eng
PrimoPDF -- brought to you by Nitro PDF Software
Pro Evolution Soccer 2013
Pro Evolution Soccer 2013 DEMO
QuickTime
Quiz Builder 2.0.0.19 ( 15-day Trial )
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller 1.93
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SA31xx Device Manager & Media Converter
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
ScanToWeb
SearchAssist
SecondLife (remove only)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sid Meier's Pirates!
SolveigMM AVI Trimmer
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Spotify
SpreadsheetConverter V5
Starters Orders 4
Steam
SUPERAntiSpyware
SweetIM for Messenger 3.6
SweetIM Toolbar for Internet Explorer 4.3
Switch Sound File Converter
Tesco Photobooks
The Awakened
The Complete CR Patch
The Sims™ 3
Title Bout Championship Boxing 2.5
Tunebite
Twin USB Vibration Gamepad
Ultra QuickTime Converter 3.2.0610
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
VDMSound
VideoFileDownload
Vista Buttons
WebFldrs XP
WinAce Archiver
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Rights Management Client
Windows Rights Management Client Backwards Compatibility
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
WMMA2
Wondershare Flash Gallery Factory Deluxe 5.0.2
World Championship Boxing Manager
XPort 2
XPort 360
Xvid 1.2.1 final uninstall
Yahoo! Toolbar




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users