Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop rebooting randomly a lot


  • This topic is locked This topic is locked
33 replies to this topic

#1 recklessdog

recklessdog

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 08 November 2012 - 01:25 AM

It's been like that for almost 3 months.

At first, it only rebooted from time to time. Usualy it was if it stayed on for many hours. Gradually, it started rebooting more often. (I trough it was because the laptop was heating, but now it's heating much less and the problem is much worse) Now the moment when it reboot the most it's when I boot it. During the booting process it reboot maybe 10 times before it finaly shows the welcome screen and then it reboot maybe 5 more times.

Sometime when it boots, there is a black or a white screen and the image freeze, so I have to reboot it manualy.

I did a malwarebyte scan and it founds 100 malwares. So I erased all the malwares and did a few other scans (both fast and complete) to find that there were no malwares left. But I still have the same problem. It didn't even get better.

There is no virus either. About 7 weeks before, I found some trojans, but it's been 6-7 weeks that I didn't found a single virus and I do scans regulary (at least 2 times a week). Also, recently, my AVG anti-virus shows unable to do updates. It can do scans, but no upgrades (idk if it has something to do).

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:04 PM

Posted 08 November 2012 - 02:20 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 recklessdog

recklessdog
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 08 November 2012 - 05:52 PM

From attach:


It says to not post it, but you said to not attach, so I'll listen you instead...


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft® Windows Vista™ Professionnel
Boot Device: \Device\HarddiskVolume2
Install Date: 2009-08-12 09:25:57
System Uptime: 2012-11-08 17:21:28 (0 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 134 GiB total, 47,92 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
01NET.com Toolbar
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1 - Français
Adobe Shockwave Player 11.6
Ask Toolbar
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
Audacity 2.0
AVG 2013
AVG Security Toolbar
Big Fish Games Client
BitTorrent
Browser Guard 4.0
Camera Assistant Software for Toshiba
Camfrog Video Chat 6.0
Capitalism II
Codeur Windows Media Série 9
Composant (pour les périphérique Windows CE) de Presto! BizCard
D3DX10
Disney's Tarzan Action Game Demo
Download Guru v1.00
DVD MovieFactory for TOSHIBA
ffdshow v1.2.4422 [2012-04-09]
Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)
Gestionnaire de contacts professionnels pour Outlook 2007 SP2
Google Chrome
Google Desktop
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Haali Media Splitter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Insaniquarium Deluxe
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java Auto Updater
Java™ 6 Update 35
Java™ 6 Update 6
Malwarebytes Anti-Malware version 1.65.1.1000
MediaBar
MediaGet2 version 2.1.898.0
Microsoft .NET Framework 3.5 Language Pack SP1 - fra
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile FRA Language Pack
Microsoft Application Error Reporting
Microsoft Office « Démarrer en un clic » 2010
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Home and Student 2010 - Français
Microsoft Office Small Business Connectivity Components
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XML Parser
midicairus Toolbar
Module linguistique Microsoft .NET Framework 3.5 SP1- fra
Module linguistique Microsoft .NET Framework 4 Client Profile FRA
Monopoly Version 8
Mozilla Firefox 16.0.2 (x86 fr)
Mozilla Maintenance Service
MP3 Player Utilities 4.15
MPlayer (remove only)
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Security Scan
OnlinePlay 1.0
OpenOffice.org 3.1
PC Tools Spyware Doctor avec AntiVirus 9.0
Picasa 2
PopCap Browser Plugin
Presto! BizCard 5 SE (Version Française)
Presto! BizCard5 SE
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
Réducteur de bruit du lecteur de CD/DVD
SecondLifeViewer2 (remove only)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663)
Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
Skype web features
Skype™ 5.10
SlamTilt Resurrection
Spelling Dictionaries Support For Adobe Reader 8
Spring 0.82.7.1
swMSM
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Uniblue RegistryBooster
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 1.1.9
VMware Player
Wakfu
Web Assistant 2.0.0.430
Windows Live
Windows Live Communications Platform
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
World Domination Demo
Yahoo! Messenger
Yahoo! Software Update
Zero-K
Zero-K Mission Editor
.
==== End Of File ===========================
















From DDS:




DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_35
Run by User at 17:45:55 on 2012-11-08
Microsoft® Windows Vista™ Professionnel 6.0.6002.2.1252.2.1036.18.1915.427 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: PC Tools Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\system32\vmnat.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\System32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3128284
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.shoptoshiba.ca/welcome
mDefault_Page_URL = hxxp://www.shoptoshiba.ca/welcome
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
uURLSearchHooks: {ef79f67a-6ad7-4715-a0f8-932fca442023} - <orphaned>
uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - c:\program files\pc tools\pc tools

security\bdt\PCTBrowserDefender.dll
uURLSearchHooks: midicairus Toolbar: {efb1e45a-148d-40f9-a3f0-09d5577f9970} - c:\program files\midicairus\prxtbmidi.dll
uURLSearchHooks: 01NET.com Toolbar: {8e5025c2-8ea3-430d-80b8-a14151068a6d} - c:\program files\01net.com\prxtb01NE.dll
mURLSearchHooks: midicairus Toolbar: {efb1e45a-148d-40f9-a3f0-09d5577f9970} - c:\program files\midicairus\prxtbmidi.dll
mURLSearchHooks: 01NET.com Toolbar: {8e5025c2-8ea3-430d-80b8-a14151068a6d} - c:\program files\01net.com\prxtb01NE.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Aide pour le lien d'Adobe PDF Reader: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\pc tools\pc tools

security\bdt\PCTBrowserDefender.dll
BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\web assistant\Extension32.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} -
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: 01NET.com Toolbar: {8e5025c2-8ea3-430d-80b8-a14151068a6d} - c:\program files\01net.com\prxtb01NE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure

Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google

toolbar\GoogleToolbar_32.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: midicairus Toolbar: {efb1e45a-148d-40f9-a3f0-09d5577f9970} - c:\program files\midicairus\prxtbmidi.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.5\AVG Secure

Search_toolbar.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools\pc tools

security\bdt\PCTBrowserDefender.dll
TB: midicairus Toolbar: {efb1e45a-148d-40f9-a3f0-09d5577f9970} - c:\program files\midicairus\prxtbmidi.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: 01NET.com Toolbar: {8e5025c2-8ea3-430d-80b8-a14151068a6d} - c:\program files\01net.com\prxtb01NE.dll
uRun: [Sidebar] <no file>
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SpeetItUpFree] "c:\program files\speeditup free\speeditupfree.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program

files\openoffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Search - <no file>
IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.15\amvconverter\grab.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google

toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: MediaManager tool grab multimedia file - c:\program files\mp3 player utilities 4.15\mediamanager\grab.html
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: c:\program files\vmware\vmware player\vsocklib.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} -

hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 24.200.243.189 24.200.210.241 24.200.228.113
TCP: Interfaces\{00E98ACD-3D4E-4813-A5E2-95CE5D3990E8} : DHCPNameServer = 24.200.241.37 24.202.72.13 24.200.0.1
TCP: Interfaces\{E80F5666-FAC7-4DA2-935F-0FC96A342014} : DHCPNameServer = 24.200.243.189 24.200.210.241 24.200.228.113
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure

search\viprotocolinstaller\13.2.0\ViProtocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\xx42on42.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\bearshare applications\mediabar\datamngr\firefoxextension\components\DataMngrHlp.dll
FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\xx42on42.default\extensions\{d3f4b70a-92e0-4393-a0f3-

976d03b1ebf5}\components\RadioWMPCoreGecko19.dll
FF - component:

c:\users\user\appdata\roaming\mozilla\firefox\profiles\xx42on42.default\extensions\engine@conduit.com\components\RadioWMPCore

Gecko19.dll
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\13.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\user\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\firefox\profiles\xx42on42.default\extensions\{8e5025c2-8ea3-430d-80b8-

a14151068a6d}\plugins\np-mswmp.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\firefox\profiles\xx42on42.default\extensions\{efb1e45a-148d-40f9-a3f0-

09d5577f9970}\plugins\np-mswmp.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-09-23 15:59; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC

-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-09-23 16:10; toolbar@ask.com;

c:\users\user\appdata\roaming\mozilla\firefox\profiles\xx42on42.default\extensions\toolbar@ask.com
FF - ExtSQL: 2012-10-09 14:51; {8e5025c2-8ea3-430d-80b8-a14151068a6d};

c:\users\user\appdata\roaming\mozilla\firefox\profiles\xx42on42.default\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}
FF - ExtSQL: !HIDDEN! 2009-09-03 10:34; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5

\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyBpULn0p&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 608303e20000000000000024d240e38e
FF - user.js: extensions.incredibar_i.instlDay - 15470
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.144:21:56
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyBpULn0p
FF - user.js: extensions.incredibar_i.upn2n - 92261384804239261
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 20%5F4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-9-21 55008]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 93536]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-6-13 383368]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-6-13 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-6-13 909728]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-9-13 177504]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-3 26984]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-8-12 20352]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-6-13 203088]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-10-2 5783672]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-2 193568]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools

security\bdt\BDTUpdateService.exe [2012-6-13 575416]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-16 40960]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE

[2010-2-28 821664]
R2 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20

21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-4 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-4 676936]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-

4-24 483688]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3

126976]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-3-26 54960]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0

\ToolbarUpdater.exe [2012-11-8 711112]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-5-10 185856]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-26 7168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-4 22856]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-6-13 70736]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-4-24 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-4-24 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-4-24 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-4-24 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe

[2010-4-24 209768]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319

\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop

search\GoogleDesktop.exe [2009-8-12 30192]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-8-12 937984]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-6-13 402336]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-6-13 1118648]
S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-11-08 22:00:36 -------- d-sh--w- C:\found.007
2012-11-08 20:33:00 -------- d-----w- c:\users\user\appdata\local\{B50D6502-2510-4B11-ABB4-A4114988685A}
2012-11-07 11:51:54 -------- d-----w- c:\users\user\appdata\local\{46ADD345-1A98-448B-990B-2E514D8A1924}
2012-11-05 22:13:57 -------- d-----w- c:\users\user\appdata\local\{B9AE6739-6476-4537-860F-2A46E35AD6F5}
2012-11-05 11:00:10 -------- d-----w- c:\users\user\appdata\local\{D4240841-F62E-4FFD-9838-124923CEBBE6}
2012-11-04 23:04:29 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2012-11-04 23:04:22 -------- d-----w- c:\programdata\Malwarebytes
2012-11-04 23:04:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-04 23:04:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-04 21:08:46 -------- d-----w- c:\users\user\appdata\local\{C3F0D3F1-AA0A-47E8-AB56-D22AB4D68697}
2012-11-04 02:40:11 -------- d-----w- c:\users\user\appdata\local\{F0876123-F174-4529-B8B3-221913AC1119}
2012-11-04 02:29:23 -------- d-----w- c:\users\user\appdata\local\{B91C5EF8-2448-4145-B5DD-E9AAFAB74C09}
2012-11-04 02:23:10 -------- d-----w- c:\users\user\appdata\local\{809F33CD-9C83-4E7D-B02F-91F41AEEF190}
2012-11-04 02:05:09 -------- d-----w- c:\users\user\appdata\local\{BCD0271A-F90E-4520-B9ED-9CF3F669A949}
2012-11-03 02:37:15 -------- d-----w- c:\users\user\appdata\local\{4748B114-5164-4DB0-A626-CA0ABC47ABFC}
2012-11-01 21:22:18 -------- d-----w- c:\users\user\appdata\local\{25EC621F-25B2-4757-97C7-398449F689F0}
2012-10-31 02:28:00 -------- d-----w- c:\users\user\appdata\local\{0BC0C0EF-AFF0-4C3B-A0A8-F21A459172EF}
2012-10-29 22:15:37 -------- d-----w- c:\users\user\appdata\local\{45F3D535-3C58-4777-99EB-6EE3E98120F3}
2012-10-29 22:06:22 -------- d-sh--w- C:\found.006
2012-10-28 19:01:12 -------- d-----w- c:\users\user\appdata\local\{383D4255-1022-408C-95F6-9F2D656814F7}
2012-10-28 18:56:10 -------- d-----w- c:\users\user\appdata\local\{89662FC8-712B-47B3-8CAA-F34DDF64C40F}
2012-10-27 19:53:25 -------- d-----w- c:\users\user\appdata\local\{311B872E-35A3-4157-83A2-DF5598AF20B6}
2012-10-25 18:54:25 -------- d-----w- c:\users\user\appdata\local\{5B739FF6-84D8-4B7D-9D4D-45C05DAC9F67}
2012-10-25 07:31:43 -------- d-sh--w- C:\found.005
2012-10-25 04:03:55 -------- d-----w- c:\users\user\appdata\local\{B4A02FE7-BEB4-4A6F-9CD6-8EECF00ED942}
2012-10-24 16:03:30 -------- d-----w- c:\users\user\appdata\local\{0924FC5F-5E51-4005-AA4F-1AC394C4AB16}
2012-10-23 21:03:26 -------- d-sh--w- C:\found.004
2012-10-23 20:57:09 -------- d-----w- c:\users\user\appdata\local\{C6ED9AC0-A03C-467E-84A3-147333DB6DE7}
2012-10-23 20:12:24 -------- d-sh--w- C:\found.003
2012-10-22 21:35:49 -------- d-----w- c:\users\user\appdata\local\{60487F17-0556-4AD6-B3CA-0B8432398667}
2012-10-22 04:07:23 -------- d-----w- c:\users\user\appdata\local\{04493FD8-359C-4EA0-A99F-6A8FB49D234E}
2012-10-21 16:06:50 -------- d-----w- c:\users\user\appdata\local\{867B1819-F9F0-4C67-94AC-EFE16FF301EB}
2012-10-21 01:04:10 -------- d-----w- c:\users\user\appdata\local\{90F12922-6E1C-43FD-9FE2-1F9609B14C2C}
2012-10-20 17:21:15 -------- d-sh--w- C:\found.002
2012-10-20 07:21:33 -------- d-----w- c:\users\user\appdata\local\{9D0FA065-0FB6-4AA7-A9FA-4DBAB8EC0108}
2012-10-19 18:26:39 -------- d-sh--w- C:\found.001
2012-10-19 17:18:44 -------- d-----w- c:\users\user\appdata\local\{28A6D4A2-5057-419C-94DB-1763698E0DB8}
2012-10-17 18:32:25 -------- d-----w- c:\users\user\appdata\local\{4C7F6AAC-68D6-487E-B59C-29FCC319B40C}
2012-10-17 18:28:11 -------- d-----w- c:\users\user\appdata\local\{B9090EB8-49CB-4D15-8900-F8C8BD0D5486}
2012-10-16 20:40:38 -------- d-----w- c:\users\user\appdata\local\{53F48061-1E8B-49D2-9DB2-C61538CFF705}
2012-10-15 19:46:01 -------- d-----w- c:\users\user\appdata\local\{89416269-2BBC-4AEC-AA2E-246BC4441203}
2012-10-15 01:53:54 -------- d-----w- c:\users\user\appdata\local\{AD059F54-98C7-4FDC-ACE7-4A3963EDF453}
2012-10-13 22:36:18 -------- d-----w- c:\users\user\appdata\local\{D9B95C6B-7024-4F7E-A196-E449DA120D19}
2012-10-12 20:10:08 -------- d-----w- c:\users\user\appdata\local\{CA022FA6-D238-4235-BA3D-74C926C81D86}
2012-10-12 13:10:06 -------- d-----w- c:\users\user\appdata\local\{69F3BBD1-FC37-4CB4-8AC7-35AF0FF896A0}
2012-10-11 22:59:17 -------- d-----w- c:\users\user\appdata\local\{ACC03075-D5DE-4660-8C66-9BBF5501F7F3}
2012-10-11 04:55:21 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-11 04:55:21 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-11 04:55:21 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-11 04:55:13 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-11 04:54:25 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-11 04:54:10 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-11 04:54:10 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-11 04:42:26 -------- d-----w- c:\users\user\appdata\local\{37606AC3-8E41-4B10-A7BD-CFAF1B810723}
2012-10-10 19:59:52 -------- d-----w- c:\users\user\appdata\local\{BCC66FE7-6EAB-4507-9F39-1D2B3E03C09B}
.
==================== Find3M ====================
.
2012-11-08 20:30:37 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-09 04:33:10 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 04:33:10 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-02 07:30:38 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-21 07:46:06 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-21 07:46:00 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-09-21 07:45:54 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-09-21 07:45:52 55008 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-14 07:05:20 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-09-13 07:11:20 177504 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-29 00:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-29 00:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 17:47:17,75 ===============











From checkup:




Results of screen317's Security Check version 0.99.54
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
AVG Anti-Virus Free Edition 2013
PC Tools Spyware Doctor with AntiVirus
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
PC Tools Spyware Doctor avec AntiVirus 9.0
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 35
Java™ 6 Update 6
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (16.0.2)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Edited by recklessdog, 08 November 2012 - 06:00 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:04 PM

Posted 08 November 2012 - 09:29 PM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 recklessdog

recklessdog
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 10 November 2012 - 03:21 PM

adwcleaner:

# AdwCleaner v2.007 - Rapport créé le 10/11/2012 à 14:47:23
# Mis à jour le 06/11/2012 par Xplode
# Système d'exploitation : Windows Vista ™ Business Service Pack 2 (32 bits)
# Nom d'utilisateur : User - PC-DE-USER
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\User\Desktop\adwcleaner.exe
# Option [Suppression]


***** [Services] *****

Arrêté & Supprimé : Web Assistant Updater

***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Program Files\01NET.com
Dossier Supprimé : C:\Program Files\Ask.com
Dossier Supprimé : C:\Program Files\AVG Secure Search
Dossier Supprimé : C:\Program Files\Conduit
Dossier Supprimé : C:\Program Files\midicairus
Dossier Supprimé : C:\Program Files\Web Assistant
Dossier Supprimé : C:\ProgramData\Ask
Dossier Supprimé : C:\ProgramData\AVG Secure Search
Dossier Supprimé : C:\ProgramData\InstallMate
Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBflix
Dossier Supprimé : C:\ProgramData\Premium
Dossier Supprimé : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Dossier Supprimé : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Dossier Supprimé : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdmaehkiiampolokajdcelladmnopgp
Dossier Supprimé : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Fichier Supprimé : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Fichier Supprimé : C:\user.js
Supprimé au redémarrage : C:\Program Files\Common Files\AVG Secure Search
Supprimé au redémarrage : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehdmaehkiiampolokajdcelladmnopgp

***** [Registre] *****

Clé Supprimée : HKCU\Software\APN
Clé Supprimée : HKCU\Software\AppDataLow\Software\01NET.com
Clé Supprimée : HKCU\Software\AppDataLow\Software\AskToolbar
Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit
Clé Supprimée : HKCU\Software\AppDataLow\Software\Crossrider
Clé Supprimée : HKCU\Software\AppDataLow\Software\Fun Web Products
Clé Supprimée : HKCU\Software\AppDataLow\Software\midicairus
Clé Supprimée : HKCU\Software\AppDataLow\Software\MyWebSearch
Clé Supprimée : HKCU\Software\AppDataLow\Software\PriceGong
Clé Supprimée : HKCU\Software\AppDataLow\Software\Savings Sidekick
Clé Supprimée : HKCU\Software\AppDataLow\Software\SmartBar
Clé Supprimée : HKCU\Software\AppDataLow\Toolbar
Clé Supprimée : HKCU\Software\Ask.com
Clé Supprimée : HKCU\Software\AVG Secure Search
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\Cr_Installer
Clé Supprimée : HKCU\Software\Google\Chrome\Extensions\ehdmaehkiiampolokajdcelladmnopgp
Clé Supprimée : HKCU\Software\Headlight
Clé Supprimée : HKCU\Software\IM
Clé Supprimée : HKCU\Software\ImInstaller
Clé Supprimée : HKCU\Software\InstalledBrowserExtensions
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{37476589-E48E-439E-A706-56189E2ED4C4}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\clickpotatolitesa
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\midicairus Toolbar
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Savings Sidekick
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5025C2-8EA3-430D-80B8-A14151068A6D}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EFB1E45A-148D-40F9-A3F0-09D5577F9970}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKLM\Software\01NET.com
Clé Supprimée : HKLM\Software\APN
Clé Supprimée : HKLM\Software\AskToolbar
Clé Supprimée : HKLM\Software\AVG Secure Search
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Clé Supprimée : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Clé Supprimée : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Clé Supprimée : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Clé Supprimée : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{151867D5-7359-40AF-8764-66E58D06283C}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{156F4006-0999-4E54-9ED3-B7B064D3DD0A}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022502260}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033503360}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{8E5025C2-8EA3-430D-80B8-A14151068A6D}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{EFB1E45A-148D-40F9-A3F0-09D5577F9970}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0005060.FBApi
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0005060.FBApi.1
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox
Clé Supprimée : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Clé Supprimée : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Clé Supprimée : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Clé Supprimée : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077507760}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Clé Supprimée : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Clé Supprimée : HKLM\SOFTWARE\Classes\S
Clé Supprimée : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Clé Supprimée : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT2849852
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT3128284
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT3184201
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Clé Supprimée : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Clé Supprimée : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Clé Supprimée : HKLM\Software\Conduit
Clé Supprimée : HKLM\Software\Freeze.com
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\ehdmaehkiiampolokajdcelladmnopgp
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1463FB35-9EFB-4AA2-8808-ABDAC4276F23}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E65082D-5A9C-4ED7-BBE3-B83B390236D9}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDF674EA-267C-4C50-A95F-53FB66CF246F}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F0C6051E-8CCA-4E66-8E6B-685896AD8B19}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5025C2-8EA3-430D-80B8-A14151068A6D}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFB1E45A-148D-40F9-A3F0-09D5577F9970}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{151867D5-7359-40AF-8764-66E58D06283C}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{156F4006-0999-4E54-9ED3-B7B064D3DD0A}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\01NET.com Toolbar
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\midicairus Toolbar
Clé Supprimée : HKLM\Software\midicairus
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Clé Supprimée : HKLM\SOFTWARE\Software
Clé Supprimée : HKLM\Software\Web Assistant
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{8E5025C2-8EA3-430D-80B8-A14151068A6D}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EFB1E45A-148D-40F9-A3F0-09D5577F9970}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8E5025C2-8EA3-430D-80B8-A14151068A6D}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EFB1E45A-148D-40F9-A3F0-09D5577F9970}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{8E5025C2-8EA3-430D-80B8-A14151068A6D}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{EFB1E45A-148D-40F9-A3F0-09D5577F9970}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Valeur Supprimée : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Valeur Supprimée : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16421

Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3128284 --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (fr)

-\\ Google Chrome v [Impossible d'obtenir la version]

*************************

AdwCleaner[S1].txt - [15227 octets] - [10/11/2012 14:47:23]

########## EOF - C:\AdwCleaner[S1].txt - [15288 octets] ##########















Rogue Killer:
(Sorry if it's in French, it was the default language and I can't seem to change it)





RogueKiller V8.2.3 [07/11/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Website: http://www.sur-la-toile.com/RogueKiller/
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : User [Droits d'admin]
Mode : Recherche -- Date : 10/11/2012 15:02:04

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 7 ¤¤¤
[RUN][ROGUE ST] HKCU\[...]\Run : RegistryBooster ("C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 ) -> TROUVÉ
[RUN][ROGUE ST] HKUS\S-1-5-21-4273013781-2987401084-2029798254-1000[...]\Run : RegistryBooster ("C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 ) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> TROUVÉ
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600BEVS-26VAT0 +++++
--- User ---
[MBR] a209a388fec9dbec3151aaca9bf43a53
[BSP] 0dc829bba8e546e262ec1e00b4072bf3 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 137368 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 284403712 | Size: 6947 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[1]_S_10112012_150204.txt >>
RKreport[1]_S_10112012_150204.txt












Maybe problems: my computer rebooted 2 times after I finished with RK (just before I was going to close it).

#6 recklessdog

recklessdog
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 10 November 2012 - 03:34 PM

Also, a little question: Could I run those programs in Safe Mode? Because It took me maybe 1 hour to set my computer to work okay on normal mode while safe mode can take me less than 20 minuts, but I figured it would work better in normal mode (I did all of these you asked me in normal mode).

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:04 PM

Posted 10 November 2012 - 05:54 PM

Hello

I would prefere normal mode but safe mode would be OK

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 recklessdog

recklessdog
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 11 November 2012 - 12:30 AM

problem: I ran Combofix as you said and the computer rebooted as you said, but then when it got back, combofix wasn't runing and I saw no report. Is this normal? Do I have to wait until it reboot a few more times or do I need to run Combofix again?

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:04 PM

Posted 11 November 2012 - 06:47 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 recklessdog

recklessdog
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 11 November 2012 - 08:02 PM

weird problems now.

So I run my computer in safe mode and run combofix. Then I had the message: "AVG 2013 is still running please turn it off". But I know that my AVG is not running in safe mode, it's even impossible to activate it. So I uninstalled AVG, rebooted, but it still gave me the same message. So I pressed okay anyway.

Now it ran normally and rebooted but I still don't see a report. I ran combofix another time and it didn't rebooted and no report was shown.

For the question how is the computer doing now? Well, much better. I just boot it and it didn't rebooted during the booting process but it still reboot a few minute after it shows the welcome screen. Earlier today when I boot it, it didn't reboot during the booting process, but it showed black screen two times.

So it's kinda better, but not perfect.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:04 PM

Posted 11 November 2012 - 08:37 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 recklessdog

recklessdog
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 13 November 2012 - 06:31 PM

TDSSKiller:


18:14:35.0950 5092 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:14:36.0390 5092 ============================================================
18:14:36.0390 5092 Current date / time: 2012/11/13 18:14:36.0390
18:14:36.0390 5092 SystemInfo:
18:14:36.0390 5092
18:14:36.0390 5092 OS Version: 6.0.6002 ServicePack: 2.0
18:14:36.0390 5092 Product type: Workstation
18:14:36.0390 5092 ComputerName: PC-DE-USER
18:14:36.0390 5092 UserName: User
18:14:36.0390 5092 Windows directory: C:\Windows
18:14:36.0390 5092 System windows directory: C:\Windows
18:14:36.0390 5092 Processor architecture: Intel x86
18:14:36.0390 5092 Number of processors: 2
18:14:36.0390 5092 Page size: 0x1000
18:14:36.0390 5092 Boot type: Normal boot
18:14:36.0390 5092 ============================================================
18:14:36.0970 5092 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:14:37.0010 5092 ============================================================
18:14:37.0010 5092 \Device\Harddisk0\DR0:
18:14:37.0010 5092 MBR partitions:
18:14:37.0010 5092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x10C4C000
18:14:37.0010 5092 ============================================================
18:14:37.0050 5092 C: <-> \Device\Harddisk0\DR0\Partition1
18:14:37.0050 5092 ============================================================
18:14:37.0050 5092 Initialize success
18:14:37.0050 5092 ============================================================
18:14:46.0280 1816 ============================================================
18:14:46.0280 1816 Scan started
18:14:46.0280 1816 Mode: Manual;
18:14:46.0280 1816 ============================================================
18:14:46.0597 1816 ================ Scan system memory ========================
18:14:46.0597 1816 System memory - ok
18:14:46.0597 1816 ================ Scan services =============================
18:14:46.0787 1816 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:14:46.0797 1816 ACPI - ok
18:14:46.0867 1816 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:14:46.0867 1816 AdobeFlashPlayerUpdateSvc - ok
18:14:46.0927 1816 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:14:46.0927 1816 adp94xx - ok
18:14:46.0967 1816 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:14:46.0977 1816 adpahci - ok
18:14:46.0987 1816 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:14:46.0997 1816 adpu160m - ok
18:14:47.0017 1816 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:14:47.0017 1816 adpu320 - ok
18:14:47.0057 1816 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:14:47.0057 1816 AeLookupSvc - ok
18:14:47.0107 1816 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
18:14:47.0107 1816 AFD - ok
18:14:47.0137 1816 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
18:14:47.0137 1816 AgereModemAudio - ok
18:14:47.0237 1816 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
18:14:47.0267 1816 AgereSoftModem - ok
18:14:47.0317 1816 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:14:47.0317 1816 agp440 - ok
18:14:47.0367 1816 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:14:47.0367 1816 aic78xx - ok
18:14:47.0397 1816 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:14:47.0397 1816 ALG - ok
18:14:47.0417 1816 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
18:14:47.0417 1816 aliide - ok
18:14:47.0437 1816 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:14:47.0437 1816 amdagp - ok
18:14:47.0467 1816 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
18:14:47.0467 1816 amdide - ok
18:14:47.0497 1816 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:14:47.0497 1816 AmdK7 - ok
18:14:47.0507 1816 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:14:47.0517 1816 AmdK8 - ok
18:14:47.0567 1816 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:14:47.0567 1816 Appinfo - ok
18:14:47.0627 1816 [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt C:\Windows\System32\appmgmts.dll
18:14:47.0627 1816 AppMgmt - ok
18:14:47.0657 1816 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
18:14:47.0667 1816 arc - ok
18:14:47.0697 1816 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:14:47.0697 1816 arcsas - ok
18:14:47.0717 1816 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:14:47.0717 1816 AsyncMac - ok
18:14:47.0757 1816 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
18:14:47.0767 1816 atapi - ok
18:14:47.0817 1816 [ 8899BBD6740FEFBDFFD38EB88693DD26 ] athr C:\Windows\system32\DRIVERS\athr.sys
18:14:47.0837 1816 athr - ok
18:14:47.0877 1816 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:14:47.0887 1816 AudioEndpointBuilder - ok
18:14:47.0907 1816 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:14:47.0907 1816 Audiosrv - ok
18:14:48.0177 1816 [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
18:14:48.0307 1816 AVGIDSAgent - ok
18:14:48.0347 1816 [ 2F47851015D8837976E481F6DAA46A67 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
18:14:48.0357 1816 AVGIDSDriver - ok
18:14:48.0377 1816 [ 303BDE0DCDC04CE597C6C1CD06C6F186 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
18:14:48.0377 1816 AVGIDSHX - ok
18:14:48.0397 1816 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
18:14:48.0397 1816 AVGIDSShim - ok
18:14:48.0417 1816 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
18:14:48.0417 1816 Avgldx86 - ok
18:14:48.0447 1816 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
18:14:48.0447 1816 Avglogx - ok
18:14:48.0477 1816 [ 6DF7236D3A16C8417FF72F2EB2ADD244 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
18:14:48.0477 1816 Avgmfx86 - ok
18:14:48.0497 1816 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
18:14:48.0497 1816 Avgrkx86 - ok
18:14:48.0517 1816 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
18:14:48.0527 1816 Avgtdix - ok
18:14:48.0597 1816 [ 57D83B82117C2DDB9D7E9AEA691CEDFC ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
18:14:48.0597 1816 avgtp - ok
18:14:48.0627 1816 [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
18:14:48.0637 1816 avgwd - ok
18:14:48.0737 1816 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
18:14:48.0747 1816 BcmSqlStartupSvc - ok
18:14:48.0787 1816 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:14:48.0787 1816 Beep - ok
18:14:48.0837 1816 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
18:14:48.0837 1816 BFE - ok
18:14:48.0907 1816 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
18:14:48.0917 1816 BITS - ok
18:14:48.0937 1816 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:14:48.0937 1816 blbdrive - ok
18:14:48.0967 1816 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:14:48.0967 1816 bowser - ok
18:14:49.0007 1816 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:14:49.0007 1816 BrFiltLo - ok
18:14:49.0017 1816 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:14:49.0027 1816 BrFiltUp - ok
18:14:49.0057 1816 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:14:49.0057 1816 Browser - ok
18:14:49.0167 1816 [ 7229B58039D5A9338AD633E8AB60619C ] Browser Defender Update Service C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
18:14:49.0177 1816 Browser Defender Update Service - ok
18:14:49.0207 1816 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:14:49.0207 1816 Brserid - ok
18:14:49.0227 1816 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:14:49.0227 1816 BrSerWdm - ok
18:14:49.0247 1816 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:14:49.0257 1816 BrUsbMdm - ok
18:14:49.0267 1816 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:14:49.0267 1816 BrUsbSer - ok
18:14:49.0317 1816 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:14:49.0317 1816 BTHMODEM - ok
18:14:49.0457 1816 catchme - ok
18:14:49.0487 1816 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:14:49.0487 1816 cdfs - ok
18:14:49.0517 1816 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:14:49.0517 1816 cdrom - ok
18:14:49.0577 1816 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:14:49.0577 1816 CertPropSvc - ok
18:14:49.0607 1816 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
18:14:49.0607 1816 circlass - ok
18:14:49.0647 1816 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
18:14:49.0647 1816 CLFS - ok
18:14:49.0707 1816 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:14:49.0707 1816 clr_optimization_v2.0.50727_32 - ok
18:14:49.0777 1816 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:14:49.0777 1816 clr_optimization_v4.0.30319_32 - ok
18:14:49.0807 1816 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:14:49.0807 1816 CmBatt - ok
18:14:49.0827 1816 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:14:49.0837 1816 cmdide - ok
18:14:49.0837 1816 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:14:49.0847 1816 Compbatt - ok
18:14:49.0847 1816 COMSysApp - ok
18:14:49.0927 1816 [ D10D01B2DFCD8D2F32A32ED29E8DA1C2 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
18:14:49.0927 1816 ConfigFree Service - ok
18:14:49.0937 1816 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:14:49.0937 1816 crcdisk - ok
18:14:49.0967 1816 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:14:49.0977 1816 Crusoe - ok
18:14:50.0027 1816 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:14:50.0027 1816 CryptSvc - ok
18:14:50.0097 1816 [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC C:\Windows\system32\drivers\csc.sys
18:14:50.0097 1816 CSC - ok
18:14:50.0147 1816 [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService C:\Windows\System32\cscsvc.dll
18:14:50.0147 1816 CscService - ok
18:14:50.0267 1816 [ 61A86809B62769643892BC0812B204AA ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:14:50.0287 1816 cvhsvc - ok
18:14:50.0357 1816 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:14:50.0377 1816 DcomLaunch - ok
18:14:50.0407 1816 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:14:50.0407 1816 DfsC - ok
18:14:50.0507 1816 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
18:14:50.0557 1816 DFSR - ok
18:14:50.0637 1816 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:14:50.0637 1816 Dhcp - ok
18:14:50.0687 1816 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:14:50.0687 1816 disk - ok
18:14:50.0737 1816 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:14:50.0747 1816 Dnscache - ok
18:14:50.0797 1816 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:14:50.0797 1816 dot3svc - ok
18:14:50.0837 1816 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:14:50.0837 1816 DPS - ok
18:14:50.0887 1816 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:14:50.0887 1816 drmkaud - ok
18:14:50.0937 1816 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:14:50.0957 1816 DXGKrnl - ok
18:14:50.0997 1816 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:14:50.0997 1816 E1G60 - ok
18:14:51.0017 1816 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:14:51.0017 1816 EapHost - ok
18:14:51.0147 1816 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:14:51.0157 1816 Ecache - ok
18:14:51.0227 1816 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:14:51.0237 1816 elxstor - ok
18:14:51.0297 1816 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:14:51.0297 1816 EMDMgmt - ok
18:14:51.0327 1816 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:14:51.0327 1816 ErrDev - ok
18:14:51.0377 1816 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
18:14:51.0387 1816 EventSystem - ok
18:14:51.0437 1816 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
18:14:51.0437 1816 exfat - ok
18:14:51.0467 1816 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:14:51.0477 1816 fastfat - ok
18:14:51.0517 1816 [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax C:\Windows\system32\fxssvc.exe
18:14:51.0527 1816 Fax - ok
18:14:51.0557 1816 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:14:51.0557 1816 fdc - ok
18:14:51.0567 1816 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:14:51.0567 1816 fdPHost - ok
18:14:51.0577 1816 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:14:51.0577 1816 FDResPub - ok
18:14:51.0607 1816 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:14:51.0607 1816 FileInfo - ok
18:14:51.0617 1816 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:14:51.0627 1816 Filetrace - ok
18:14:51.0637 1816 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:14:51.0637 1816 flpydisk - ok
18:14:51.0687 1816 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:14:51.0687 1816 FltMgr - ok
18:14:51.0797 1816 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
18:14:51.0807 1816 FontCache - ok
18:14:51.0847 1816 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:14:51.0847 1816 FontCache3.0.0.0 - ok
18:14:51.0877 1816 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:14:51.0877 1816 Fs_Rec - ok
18:14:51.0907 1816 [ CBC22823628544735625B280665E434E ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
18:14:51.0907 1816 FwLnk - ok
18:14:51.0937 1816 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:14:51.0937 1816 gagp30kx - ok
18:14:52.0007 1816 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
18:14:52.0007 1816 GoogleDesktopManager-051210-111108 - ok
18:14:52.0047 1816 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
18:14:52.0047 1816 gpsvc - ok
18:14:52.0097 1816 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:14:52.0107 1816 gupdate - ok
18:14:52.0107 1816 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:14:52.0107 1816 gupdatem - ok
18:14:52.0157 1816 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:14:52.0157 1816 gusvc - ok
18:14:52.0207 1816 [ AC6586971883C28C1D9E77F921B6105F ] hcmon C:\Windows\system32\drivers\hcmon.sys
18:14:52.0207 1816 hcmon - ok
18:14:52.0257 1816 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:14:52.0267 1816 HdAudAddService - ok
18:14:52.0317 1816 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:14:52.0337 1816 HDAudBus - ok
18:14:52.0367 1816 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:14:52.0367 1816 HidBth - ok
18:14:52.0387 1816 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:14:52.0387 1816 HidIr - ok
18:14:52.0417 1816 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
18:14:52.0417 1816 hidserv - ok
18:14:52.0457 1816 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:14:52.0457 1816 HidUsb - ok
18:14:52.0487 1816 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:14:52.0497 1816 hkmsvc - ok
18:14:52.0507 1816 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:14:52.0507 1816 HpCISSs - ok
18:14:52.0567 1816 [ DD1E0A26D0F60A7EA65A1BEEC7D44EAB ] HssDRV6 C:\Windows\system32\DRIVERS\hssdrv6.sys
18:14:52.0567 1816 HssDRV6 - ok
18:14:52.0667 1816 [ 01947D3CBAFCFEF066E1EB45DADC182D ] HssSrv C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
18:14:52.0677 1816 HssSrv - ok
18:14:52.0807 1816 [ F4C1B3C4847BBA031ACFDCE5A3F0CFCB ] HssWd C:\Program Files\Hotspot Shield\bin\hsswd.exe
18:14:52.0817 1816 HssWd - ok
18:14:52.0907 1816 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:14:52.0907 1816 HTTP - ok
18:14:52.0937 1816 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:14:52.0937 1816 i2omp - ok
18:14:52.0987 1816 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:14:52.0987 1816 i8042prt - ok
18:14:53.0027 1816 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:14:53.0037 1816 iaStor - ok
18:14:53.0117 1816 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:14:53.0127 1816 iaStorV - ok
18:14:53.0217 1816 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:14:53.0247 1816 idsvc - ok
18:14:53.0367 1816 [ 6FB1858D1F0923D122B0331865695041 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:14:53.0447 1816 igfx - ok
18:14:53.0467 1816 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:14:53.0467 1816 iirsp - ok
18:14:53.0507 1816 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
18:14:53.0517 1816 IKEEXT - ok
18:14:53.0657 1816 [ B9CBD3DEA7CA02868621173BF7A2AF9F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:14:53.0747 1816 IntcAzAudAddService - ok
18:14:53.0837 1816 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
18:14:53.0837 1816 intelide - ok
18:14:53.0867 1816 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:14:53.0867 1816 intelppm - ok
18:14:53.0957 1816 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:14:53.0957 1816 IPBusEnum - ok
18:14:53.0977 1816 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:14:53.0977 1816 IpFilterDriver - ok
18:14:54.0057 1816 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:14:54.0057 1816 iphlpsvc - ok
18:14:54.0057 1816 IpInIp - ok
18:14:54.0447 1816 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:14:54.0457 1816 IPMIDRV - ok
18:14:54.0487 1816 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:14:54.0497 1816 IPNAT - ok
18:14:54.0527 1816 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:14:54.0527 1816 IRENUM - ok
18:14:54.0537 1816 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:14:54.0547 1816 isapnp - ok
18:14:54.0587 1816 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:14:54.0597 1816 iScsiPrt - ok
18:14:54.0627 1816 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:14:54.0627 1816 iteatapi - ok
18:14:54.0657 1816 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:14:54.0657 1816 iteraid - ok
18:14:54.0737 1816 [ 723BA0AEC942E91C0A9CE146E73DECEB ] jswpsapi C:\Program Files\Jumpstart\jswpsapi.exe
18:14:54.0767 1816 jswpsapi - ok
18:14:54.0797 1816 [ 7E72514A3A1C5A9F3BFF0660B3866C2B ] jswpslwf C:\Windows\system32\DRIVERS\jswpslwf.sys
18:14:54.0797 1816 jswpslwf - ok
18:14:54.0817 1816 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:14:54.0817 1816 kbdclass - ok
18:14:54.0837 1816 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:14:54.0837 1816 kbdhid - ok
18:14:54.0867 1816 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
18:14:54.0867 1816 KeyIso - ok
18:14:54.0937 1816 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:14:54.0947 1816 KSecDD - ok
18:14:54.0997 1816 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:14:55.0007 1816 KtmRm - ok
18:14:55.0077 1816 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
18:14:55.0077 1816 LanmanServer - ok
18:14:55.0137 1816 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:14:55.0137 1816 LanmanWorkstation - ok
18:14:55.0167 1816 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:14:55.0167 1816 lltdio - ok
18:14:55.0227 1816 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:14:55.0227 1816 lltdsvc - ok
18:14:55.0257 1816 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:14:55.0257 1816 lmhosts - ok
18:14:55.0297 1816 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:14:55.0297 1816 LSI_FC - ok
18:14:55.0327 1816 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:14:55.0337 1816 LSI_SAS - ok
18:14:55.0357 1816 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:14:55.0357 1816 LSI_SCSI - ok
18:14:55.0387 1816 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:14:55.0397 1816 luafv - ok
18:14:55.0437 1816 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:14:55.0437 1816 MBAMProtector - ok
18:14:55.0547 1816 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:14:55.0557 1816 MBAMScheduler - ok
18:14:55.0617 1816 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:14:55.0627 1816 MBAMService - ok
18:14:55.0687 1816 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
18:14:55.0687 1816 megasas - ok
18:14:55.0727 1816 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
18:14:55.0737 1816 MegaSR - ok
18:14:55.0777 1816 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:14:55.0777 1816 MMCSS - ok
18:14:55.0797 1816 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:14:55.0797 1816 Modem - ok
18:14:55.0817 1816 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:14:55.0817 1816 monitor - ok
18:14:55.0827 1816 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:14:55.0827 1816 mouclass - ok
18:14:55.0857 1816 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:14:55.0857 1816 mouhid - ok
18:14:55.0877 1816 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:14:55.0877 1816 MountMgr - ok
18:14:55.0917 1816 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:14:55.0927 1816 MozillaMaintenance - ok
18:14:55.0967 1816 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
18:14:55.0967 1816 mpio - ok
18:14:55.0987 1816 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:14:55.0987 1816 mpsdrv - ok
18:14:56.0027 1816 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
18:14:56.0037 1816 MpsSvc - ok
18:14:56.0107 1816 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:14:56.0107 1816 Mraid35x - ok
18:14:56.0147 1816 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:14:56.0147 1816 MRxDAV - ok
18:14:56.0177 1816 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:14:56.0177 1816 mrxsmb - ok
18:14:56.0217 1816 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:14:56.0217 1816 mrxsmb10 - ok
18:14:56.0227 1816 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:14:56.0237 1816 mrxsmb20 - ok
18:14:56.0257 1816 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
18:14:56.0257 1816 msahci - ok
18:14:56.0277 1816 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:14:56.0287 1816 msdsm - ok
18:14:56.0317 1816 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:14:56.0317 1816 MSDTC - ok
18:14:56.0367 1816 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:14:56.0377 1816 Msfs - ok
18:14:56.0417 1816 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:14:56.0417 1816 msisadrv - ok
18:14:56.0457 1816 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:14:56.0457 1816 MSiSCSI - ok
18:14:56.0467 1816 msiserver - ok
18:14:56.0507 1816 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:14:56.0507 1816 MSKSSRV - ok
18:14:56.0537 1816 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:14:56.0537 1816 MSPCLOCK - ok
18:14:56.0567 1816 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:14:56.0567 1816 MSPQM - ok
18:14:56.0597 1816 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:14:56.0597 1816 MsRPC - ok
18:14:56.0617 1816 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:14:56.0617 1816 mssmbios - ok
18:14:56.0667 1816 MSSQL$MSSMLBIZ - ok
18:14:56.0687 1816 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:14:56.0687 1816 MSSQLServerADHelper - ok
18:14:56.0717 1816 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:14:56.0717 1816 MSTEE - ok
18:14:56.0747 1816 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:14:56.0747 1816 Mup - ok
18:14:56.0787 1816 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
18:14:56.0787 1816 napagent - ok
18:14:56.0847 1816 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:14:56.0847 1816 NativeWifiP - ok
18:14:56.0927 1816 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:14:56.0947 1816 NDIS - ok
18:14:56.0987 1816 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:14:56.0987 1816 NdisTapi - ok
18:14:57.0007 1816 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:14:57.0007 1816 Ndisuio - ok
18:14:57.0047 1816 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:14:57.0047 1816 NdisWan - ok
18:14:57.0067 1816 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:14:57.0067 1816 NDProxy - ok
18:14:57.0087 1816 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:14:57.0087 1816 NetBIOS - ok
18:14:57.0137 1816 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:14:57.0137 1816 netbt - ok
18:14:57.0157 1816 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
18:14:57.0157 1816 Netlogon - ok
18:14:57.0197 1816 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:14:57.0197 1816 Netman - ok
18:14:57.0227 1816 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:14:57.0227 1816 netprofm - ok
18:14:57.0267 1816 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:14:57.0267 1816 NetTcpPortSharing - ok
18:14:57.0297 1816 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:14:57.0297 1816 nfrd960 - ok
18:14:57.0317 1816 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:14:57.0317 1816 NlaSvc - ok
18:14:57.0347 1816 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:14:57.0347 1816 Npfs - ok
18:14:57.0387 1816 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:14:57.0387 1816 nsi - ok
18:14:57.0387 1816 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:14:57.0397 1816 nsiproxy - ok
18:14:57.0457 1816 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:14:57.0497 1816 Ntfs - ok
18:14:57.0517 1816 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:14:57.0517 1816 ntrigdigi - ok
18:14:57.0527 1816 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:14:57.0527 1816 Null - ok
18:14:57.0547 1816 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:14:57.0557 1816 nvraid - ok
18:14:57.0577 1816 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:14:57.0577 1816 nvstor - ok
18:14:57.0597 1816 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:14:57.0607 1816 nv_agp - ok
18:14:57.0607 1816 NwlnkFlt - ok
18:14:57.0617 1816 NwlnkFwd - ok
18:14:57.0667 1816 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:14:57.0677 1816 ohci1394 - ok
18:14:57.0727 1816 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:14:57.0737 1816 ose - ok
18:14:57.0947 1816 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:14:58.0127 1816 osppsvc - ok
18:14:58.0167 1816 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:14:58.0177 1816 p2pimsvc - ok
18:14:58.0197 1816 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
18:14:58.0207 1816 p2psvc - ok
18:14:58.0217 1816 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:14:58.0217 1816 Parport - ok
18:14:58.0257 1816 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:14:58.0257 1816 partmgr - ok
18:14:58.0277 1816 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:14:58.0277 1816 Parvdm - ok
18:14:58.0307 1816 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:14:58.0307 1816 PcaSvc - ok
18:14:58.0347 1816 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
18:14:58.0347 1816 pci - ok
18:14:58.0357 1816 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\DRIVERS\pciide.sys
18:14:58.0357 1816 pciide - ok
18:14:58.0387 1816 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:14:58.0397 1816 pcmcia - ok
18:14:58.0427 1816 [ F66917B35D1E543065BDBA7853D2E26D ] PCTBD C:\Windows\system32\Drivers\PCTBD.sys
18:14:58.0427 1816 PCTBD - ok
18:14:58.0457 1816 [ F7DA28F2AB6CD32B2F76EE96EDAD8F20 ] PCTCore C:\Windows\system32\drivers\PCTCore.sys
18:14:58.0467 1816 PCTCore - ok
18:14:58.0487 1816 [ 3C9FD593E95B98C642B4486CD122C2FB ] pctDS C:\Windows\system32\drivers\pctDS.sys
18:14:58.0497 1816 pctDS - ok
18:14:58.0567 1816 [ DB6B6E47165B9647B215CEEB4DB33B87 ] pctEFA C:\Windows\system32\drivers\pctEFA.sys
18:14:58.0587 1816 pctEFA - ok
18:14:58.0627 1816 [ 4EF1F03DB9064459B9019A19A860DB89 ] PCTSD C:\Windows\system32\Drivers\PCTSD.sys
18:14:58.0627 1816 PCTSD - ok
18:14:58.0687 1816 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:14:58.0707 1816 PEAUTH - ok
18:14:58.0787 1816 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:14:58.0807 1816 pla - ok
18:14:58.0847 1816 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:14:58.0847 1816 PlugPlay - ok
18:14:58.0877 1816 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:14:58.0887 1816 PNRPAutoReg - ok
18:14:58.0907 1816 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:14:58.0917 1816 PNRPsvc - ok
18:14:58.0957 1816 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:14:58.0967 1816 PolicyAgent - ok
18:14:58.0997 1816 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:14:58.0997 1816 PptpMiniport - ok
18:14:59.0017 1816 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
18:14:59.0017 1816 Processor - ok
18:14:59.0047 1816 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
18:14:59.0057 1816 ProfSvc - ok
18:14:59.0067 1816 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:14:59.0077 1816 ProtectedStorage - ok
18:14:59.0127 1816 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:14:59.0127 1816 PSched - ok
18:14:59.0147 1816 [ F7BB4E7A7C02AB4A2672937E124E306E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
18:14:59.0147 1816 PxHelp20 - ok
18:14:59.0207 1816 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:14:59.0237 1816 ql2300 - ok
18:14:59.0247 1816 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:14:59.0257 1816 ql40xx - ok
18:14:59.0297 1816 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:14:59.0297 1816 QWAVE - ok
18:14:59.0307 1816 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:14:59.0307 1816 QWAVEdrv - ok
18:14:59.0317 1816 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:14:59.0317 1816 RasAcd - ok
18:14:59.0337 1816 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:14:59.0337 1816 RasAuto - ok
18:14:59.0347 1816 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:14:59.0347 1816 Rasl2tp - ok
18:14:59.0377 1816 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
18:14:59.0377 1816 RasMan - ok
18:14:59.0417 1816 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:14:59.0417 1816 RasPppoe - ok
18:14:59.0447 1816 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:14:59.0457 1816 RasSstp - ok
18:14:59.0487 1816 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:14:59.0487 1816 rdbss - ok
18:14:59.0507 1816 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:14:59.0507 1816 RDPCDD - ok
18:14:59.0547 1816 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
18:14:59.0557 1816 rdpdr - ok
18:14:59.0557 1816 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:14:59.0557 1816 RDPENCDD - ok
18:14:59.0607 1816 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:14:59.0607 1816 RDPWD - ok
18:14:59.0637 1816 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:14:59.0637 1816 RemoteAccess - ok
18:14:59.0667 1816 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:14:59.0677 1816 RemoteRegistry - ok
18:14:59.0697 1816 [ C2EF513BBE069F0D4EE0938A76F975D3 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
18:14:59.0697 1816 rimmptsk - ok
18:14:59.0747 1816 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
18:14:59.0747 1816 rimsptsk - ok
18:14:59.0777 1816 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
18:14:59.0777 1816 RimUsb - ok
18:14:59.0797 1816 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
18:14:59.0807 1816 rismxdp - ok
18:14:59.0817 1816 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:14:59.0817 1816 RpcLocator - ok
18:14:59.0847 1816 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
18:14:59.0857 1816 RpcSs - ok
18:14:59.0867 1816 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:14:59.0877 1816 rspndr - ok
18:14:59.0917 1816 [ 7157E70A90CCE49DEB8885D23A073A39 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
18:14:59.0927 1816 RTL8169 - ok
18:14:59.0937 1816 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
18:14:59.0937 1816 SamSs - ok
18:14:59.0967 1816 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:14:59.0967 1816 sbp2port - ok
18:15:00.0007 1816 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:15:00.0007 1816 SCardSvr - ok
18:15:00.0047 1816 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
18:15:00.0057 1816 Schedule - ok
18:15:00.0067 1816 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:15:00.0067 1816 SCPolicySvc - ok
18:15:00.0147 1816 [ 17D6A03103586D7954BA74C2219CE1BB ] sdAuxService C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
18:15:00.0157 1816 sdAuxService - ok
18:15:00.0207 1816 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
18:15:00.0207 1816 sdbus - ok
18:15:00.0257 1816 [ 44323C0BCBFFA66A7A90E93F5D027999 ] sdCoreService C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
18:15:00.0287 1816 sdCoreService - ok
18:15:00.0327 1816 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:15:00.0327 1816 SDRSVC - ok
18:15:00.0357 1816 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:15:00.0367 1816 secdrv - ok
18:15:00.0377 1816 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:15:00.0377 1816 seclogon - ok
18:15:00.0387 1816 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
18:15:00.0397 1816 SENS - ok
18:15:00.0417 1816 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:15:00.0417 1816 Serenum - ok
18:15:00.0437 1816 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:15:00.0447 1816 Serial - ok
18:15:00.0457 1816 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:15:00.0457 1816 sermouse - ok
18:15:00.0487 1816 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:15:00.0497 1816 SessionEnv - ok
18:15:00.0517 1816 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
18:15:00.0517 1816 sffdisk - ok
18:15:00.0527 1816 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:15:00.0537 1816 sffp_mmc - ok
18:15:00.0557 1816 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
18:15:00.0557 1816 sffp_sd - ok
18:15:00.0567 1816 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:15:00.0567 1816 sfloppy - ok
18:15:00.0627 1816 [ CC895997C0995A07B6B2779A3B21918B ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
18:15:00.0647 1816 Sftfs - ok
18:15:00.0717 1816 [ 05D2B0D0F1DB139970D4AF18C679429D ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
18:15:00.0727 1816 sftlist - ok
18:15:00.0747 1816 [ CF5E9798637795DB59697F5E40FCA993 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:15:00.0747 1816 Sftplay - ok
18:15:00.0787 1816 [ 4C8076FF8938B365EEEC9123969E0350 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:15:00.0787 1816 Sftredir - ok
18:15:00.0817 1816 [ 6095A5F221ECA9DADA2C9EE80EC0D92D ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
18:15:00.0827 1816 Sftvol - ok
18:15:00.0837 1816 [ E6ED4F02B5A151BB44DE383B365C2117 ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
18:15:00.0837 1816 sftvsa - ok
18:15:00.0887 1816 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:15:00.0887 1816 SharedAccess - ok
18:15:00.0937 1816 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:15:00.0937 1816 ShellHWDetection - ok
18:15:00.0967 1816 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:15:00.0967 1816 sisagp - ok
18:15:00.0987 1816 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:15:00.0987 1816 SiSRaid2 - ok
18:15:01.0007 1816 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:15:01.0017 1816 SiSRaid4 - ok
18:15:01.0087 1816 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:15:01.0087 1816 SkypeUpdate - ok
18:15:01.0197 1816 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
18:15:01.0217 1816 slsvc - ok
18:15:01.0227 1816 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:15:01.0237 1816 SLUINotify - ok
18:15:01.0287 1816 [ 3566310DF25EA5C3B2E9F50F5B50EAC1 ] SmartFaceVWatchSrv C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
18:15:01.0287 1816 SmartFaceVWatchSrv - ok
18:15:01.0317 1816 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:15:01.0317 1816 Smb - ok
18:15:01.0387 1816 [ C8A58FC905C9184FA70E37F71060C64D ] smserial C:\Windows\system32\DRIVERS\smserial.sys
18:15:01.0417 1816 smserial - ok
18:15:01.0497 1816 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:15:01.0497 1816 SNMPTRAP - ok
18:15:01.0507 1816 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:15:01.0507 1816 spldr - ok
18:15:01.0547 1816 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
18:15:01.0547 1816 Spooler - ok
18:15:01.0567 1816 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:15:01.0567 1816 SQLBrowser - ok
18:15:01.0607 1816 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:15:01.0607 1816 SQLWriter - ok
18:15:01.0647 1816 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:15:01.0657 1816 srv - ok
18:15:01.0697 1816 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:15:01.0697 1816 srv2 - ok
18:15:01.0727 1816 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:15:01.0737 1816 srvnet - ok
18:15:01.0747 1816 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:15:01.0757 1816 SSDPSRV - ok
18:15:01.0797 1816 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:15:01.0797 1816 SstpSvc - ok
18:15:01.0837 1816 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
18:15:01.0847 1816 StillCam - ok
18:15:01.0877 1816 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
18:15:01.0887 1816 stisvc - ok
18:15:01.0947 1816 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:15:01.0957 1816 swenum - ok
18:15:01.0987 1816 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
18:15:01.0997 1816 swprv - ok
18:15:02.0027 1816 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:15:02.0027 1816 Symc8xx - ok
18:15:02.0047 1816 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:15:02.0047 1816 Sym_hi - ok
18:15:02.0077 1816 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:15:02.0077 1816 Sym_u3 - ok
18:15:02.0117 1816 [ 55F6E55CC2430CA8713387106FA79817 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:15:02.0127 1816 SynTP - ok
18:15:02.0187 1816 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
18:15:02.0187 1816 SysMain - ok
18:15:02.0227 1816 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:15:02.0237 1816 TabletInputService - ok
18:15:02.0267 1816 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:15:02.0277 1816 TapiSrv - ok
18:15:02.0287 1816 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:15:02.0297 1816 TBS - ok
18:15:02.0357 1816 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:15:02.0367 1816 Tcpip - ok
18:15:02.0407 1816 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:15:02.0407 1816 Tcpip6 - ok
18:15:02.0437 1816 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:15:02.0437 1816 tcpipreg - ok
18:15:02.0467 1816 [ 1825BCEB47BF41C5A9F0E44DE82FC27A ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
18:15:02.0467 1816 tdcmdpst - ok
18:15:02.0507 1816 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:15:02.0507 1816 TDPIPE - ok
18:15:02.0517 1816 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:15:02.0527 1816 TDTCP - ok
18:15:02.0557 1816 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:15:02.0567 1816 tdx - ok
18:15:02.0577 1816 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:15:02.0577 1816 TermDD - ok
18:15:02.0627 1816 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
18:15:02.0647 1816 TermService - ok
18:15:02.0667 1816 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
18:15:02.0667 1816 Themes - ok
18:15:02.0677 1816 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:15:02.0687 1816 THREADORDER - ok
18:15:02.0737 1816 [ 89F74C86523F5E334628DBCE66E6D165 ] TNaviSrv C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
18:15:02.0737 1816 TNaviSrv - ok
18:15:02.0787 1816 [ C5AC715B65B01788ABC22D10749DDDD8 ] TODDSrv C:\Windows\system32\TODDSrv.exe
18:15:02.0797 1816 TODDSrv - ok
18:15:02.0847 1816 [ DA6903958CBDC091FFCBBCA70CCFF34C ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
18:15:02.0857 1816 TosCoSrv - ok
18:15:02.0867 1816 [ 22690DFFC7F2A18279A7A0489AA02BAC ] TOSHIBA SMART Log Service C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
18:15:02.0877 1816 TOSHIBA SMART Log Service - ok
18:15:02.0917 1816 [ 4399A9BF7D8F49991A07FD86590A1619 ] tos_sps32 C:\Windows\system32\DRIVERS\tos_sps32.sys
18:15:02.0917 1816 tos_sps32 - ok
18:15:02.0947 1816 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:15:02.0947 1816 TrkWks - ok
18:15:02.0997 1816 [ 2AA8F32C3DA1E7BC11669E3E72BFF1A5 ] TrueSight C:\Windows\system32\drivers\TrueSight.sys
18:15:02.0997 1816 TrueSight - ok
18:15:03.0047 1816 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:15:03.0047 1816 TrustedInstaller - ok
18:15:03.0087 1816 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:15:03.0087 1816 tssecsrv - ok
18:15:03.0127 1816 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:15:03.0127 1816 tunmp - ok
18:15:03.0187 1816 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:15:03.0187 1816 tunnel - ok
18:15:03.0217 1816 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
18:15:03.0217 1816 TVALZ - ok
18:15:03.0227 1816 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:15:03.0227 1816 uagp35 - ok
18:15:03.0277 1816 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:15:03.0287 1816 udfs - ok
18:15:03.0347 1816 [ 60217BA49D2796EA149DED4D030AF728 ] ufad-ws60 C:\Program Files\VMware\VMware Player\vmware-ufad.exe
18:15:03.0357 1816 ufad-ws60 - ok
18:15:03.0407 1816 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:15:03.0407 1816 UI0Detect - ok
18:15:03.0467 1816 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
18:15:03.0467 1816 UleadBurningHelper - ok
18:15:03.0487 1816 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:15:03.0487 1816 uliagpkx - ok
18:15:03.0507 1816 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:15:03.0507 1816 uliahci - ok
18:15:03.0527 1816 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:15:03.0537 1816 UlSata - ok
18:15:03.0547 1816 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:15:03.0557 1816 ulsata2 - ok
18:15:03.0567 1816 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:15:03.0567 1816 umbus - ok
18:15:03.0607 1816 [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService C:\Windows\System32\umrdp.dll
18:15:03.0607 1816 UmRdpService - ok
18:15:03.0627 1816 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:15:03.0627 1816 upnphost - ok
18:15:03.0687 1816 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:15:03.0697 1816 usbaudio - ok
18:15:03.0737 1816 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:15:03.0747 1816 usbccgp - ok
18:15:03.0767 1816 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:15:03.0767 1816 usbcir - ok
18:15:03.0797 1816 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:15:03.0797 1816 usbehci - ok
18:15:03.0817 1816 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:15:03.0817 1816 usbhub - ok
18:15:03.0837 1816 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:15:03.0837 1816 usbohci - ok
18:15:03.0847 1816 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
18:15:03.0857 1816 usbprint - ok
18:15:03.0867 1816 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:15:03.0867 1816 USBSTOR - ok
18:15:03.0907 1816 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:15:03.0907 1816 usbuhci - ok
18:15:03.0927 1816 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:15:03.0937 1816 usbvideo - ok
18:15:03.0957 1816 [ 8C5094A8AB24DE7496C7C19942F2DF04 ] UVCFTR C:\Windows\system32\Drivers\UVCFTR_S.SYS
18:15:03.0957 1816 UVCFTR - ok
18:15:03.0997 1816 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:15:03.0997 1816 UxSms - ok
18:15:04.0047 1816 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
18:15:04.0057 1816 vds - ok
18:15:04.0087 1816 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:15:04.0087 1816 vga - ok
18:15:04.0107 1816 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:15:04.0107 1816 VgaSave - ok
18:15:04.0137 1816 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:15:04.0137 1816 viaagp - ok
18:15:04.0157 1816 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:15:04.0157 1816 ViaC7 - ok
18:15:04.0177 1816 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
18:15:04.0187 1816 viaide - ok
18:15:04.0227 1816 [ FA9D2C2EBDB70440735DA3E98A9D5C06 ] VMAuthdService C:\Program Files\VMware\VMware Player\vmware-authd.exe
18:15:04.0227 1816 VMAuthdService - ok
18:15:04.0257 1816 [ ECA058FDF9105001B113441F6D420FA4 ] vmci C:\Windows\system32\Drivers\vmci.sys
18:15:04.0257 1816 vmci - ok
18:15:04.0297 1816 [ C993E9325C68DD1F6EE4A8151B34F442 ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
18:15:04.0297 1816 vmkbd - ok
18:15:04.0337 1816 [ 898706A05D20B706848A440961C52436 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
18:15:04.0337 1816 VMnetAdapter - ok
18:15:04.0367 1816 [ 5692CBD2A25E04C62707BFC311884B65 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
18:15:04.0367 1816 VMnetBridge - ok
18:15:04.0387 1816 [ 381522CD063933393D4A78E59FD543C5 ] VMnetDHCP C:\Windows\system32\vmnetdhcp.exe
18:15:04.0397 1816 VMnetDHCP - ok
18:15:04.0407 1816 [ 5F1BA57C5882CEDF70B14DE331F06EE0 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
18:15:04.0407 1816 VMnetuserif - ok
18:15:04.0437 1816 [ 2333306BBB4A7CC1796B9E10FC696E23 ] VMware NAT Service C:\Windows\system32\vmnat.exe
18:15:04.0447 1816 VMware NAT Service - ok
18:15:04.0487 1816 [ 72DEFA27DB4A31E11740E12D745A70F3 ] vmx86 C:\Windows\system32\Drivers\vmx86.sys
18:15:04.0507 1816 vmx86 - ok
18:15:04.0527 1816 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:15:04.0537 1816 volmgr - ok
18:15:04.0577 1816 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:15:04.0577 1816 volmgrx - ok
18:15:04.0627 1816 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:15:04.0637 1816 volsnap - ok
18:15:04.0657 1816 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:15:04.0667 1816 vsmraid - ok
18:15:04.0707 1816 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
18:15:04.0717 1816 VSS - ok
18:15:04.0747 1816 [ E4FA7AFF5046FC49DE22E903B7E35ADD ] vstor2-ws60 C:\Program Files\VMware\VMware Player\vstor2-ws60.sys
18:15:04.0747 1816 vstor2-ws60 - ok
18:15:04.0867 1816 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
18:15:04.0897 1816 vToolbarUpdater13.2.0 - ok
18:15:04.0947 1816 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
18:15:04.0947 1816 W32Time - ok
18:15:04.0967 1816 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:15:04.0967 1816 WacomPen - ok
18:15:04.0977 1816 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:15:04.0987 1816 Wanarp - ok
18:15:04.0997 1816 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:15:04.0997 1816 Wanarpv6 - ok
18:15:05.0077 1816 [ 20B23332885DFB93FE0185362EE811E9 ] wbengine C:\Windows\system32\wbengine.exe
18:15:05.0087 1816 wbengine - ok
18:15:05.0157 1816 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:15:05.0167 1816 wcncsvc - ok
18:15:05.0197 1816 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:15:05.0197 1816 WcsPlugInService - ok
18:15:05.0217 1816 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
18:15:05.0217 1816 Wd - ok
18:15:05.0247 1816 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:15:05.0267 1816 Wdf01000 - ok
18:15:05.0277 1816 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:15:05.0287 1816 WdiServiceHost - ok
18:15:05.0287 1816 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:15:05.0297 1816 WdiSystemHost - ok
18:15:05.0317 1816 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
18:15:05.0327 1816 WebClient - ok
18:15:05.0357 1816 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:15:05.0357 1816 Wecsvc - ok
18:15:05.0377 1816 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:15:05.0377 1816 wercplsupport - ok
18:15:05.0417 1816 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:15:05.0417 1816 WerSvc - ok
18:15:05.0487 1816 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:15:05.0497 1816 WinDefend - ok
18:15:05.0497 1816 WinHttpAutoProxySvc - ok
18:15:05.0567 1816 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:15:05.0577 1816 Winmgmt - ok
18:15:05.0627 1816 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
18:15:05.0637 1816 WinRM - ok
18:15:05.0687 1816 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:15:05.0717 1816 Wlansvc - ok
18:15:05.0787 1816 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:15:05.0837 1816 wlidsvc - ok
18:15:05.0927 1816 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:15:05.0927 1816 WmiAcpi - ok
18:15:05.0977 1816 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:15:05.0977 1816 wmiApSrv - ok
18:15:06.0047 1816 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:15:06.0047 1816 WMPNetworkSvc - ok
18:15:06.0077 1816 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:15:06.0077 1816 WPDBusEnum - ok
18:15:06.0107 1816 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:15:06.0107 1816 WpdUsb - ok
18:15:06.0217 1816 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:15:06.0227 1816 WPFFontCache_v0400 - ok
18:15:06.0237 1816 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:15:06.0247 1816 ws2ifsl - ok
18:15:06.0277 1816 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
18:15:06.0287 1816 wscsvc - ok
18:15:06.0287 1816 WSearch - ok
18:15:06.0397 1816 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:15:06.0407 1816 wuauserv - ok
18:15:06.0447 1816 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:15:06.0447 1816 WUDFRd - ok
18:15:06.0487 1816 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:15:06.0487 1816 wudfsvc - ok
18:15:06.0507 1816 XDva397 - ok
18:15:06.0597 1816 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:15:06.0607 1816 YahooAUService - ok
18:15:06.0627 1816 ================ Scan global ===============================
18:15:06.0657 1816 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:15:06.0687 1816 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:15:06.0707 1816 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:15:06.0767 1816 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:15:06.0777 1816 [Global] - ok
18:15:06.0777 1816 ================ Scan MBR ==================================
18:15:06.0797 1816 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
18:15:07.0047 1816 \Device\Harddisk0\DR0 - ok
18:15:07.0047 1816 ================ Scan VBR ==================================
18:15:07.0057 1816 [ 4693E6D3A1CA3C59D5536F92D51741CC ] \Device\Harddisk0\DR0\Partition1
18:15:07.0057 1816 \Device\Harddisk0\DR0\Partition1 - ok
18:15:07.0057 1816 ============================================================
18:15:07.0057 1816 Scan finished
18:15:07.0057 1816 ============================================================
18:15:07.0067 5824 Detected object count: 0
18:15:07.0067 5824 Actual detected object count: 0














aswMBR:



aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-13 18:17:54
-----------------------------
18:17:54.865 OS Version: Windows 6.0.6002 Service Pack 2
18:17:54.865 Number of processors: 2 586 0x170A
18:17:54.867 ComputerName: PC-DE-USER UserName: User
18:17:59.141 Initialize success
18:19:29.130 AVAST engine defs: 12111301
18:19:43.372 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:19:43.372 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
18:19:43.403 Disk 0 MBR read successfully
18:19:43.403 Disk 0 MBR scan
18:19:43.403 Disk 0 Windows VISTA default MBR code
18:19:43.419 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
18:19:43.434 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 137368 MB offset 3074048
18:19:43.481 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 6947 MB offset 284403712
18:19:43.481 Disk 0 scanning sectors +298631168
18:19:43.590 Disk 0 scanning C:\Windows\system32\drivers
18:19:55.978 Service scanning
18:20:29.161 Modules scanning
18:20:36.293 Disk 0 trace - called modules:
18:20:36.313 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys iaStor.sys hal.dll
18:20:36.313 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87325408]
18:20:36.323 3 CLASSPNP.SYS[88f158b3] -> nt!IofCallDriver -> [0x87325cd0]
18:20:36.333 5 PCTCore.sys[8898682d] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85d44028]
18:20:37.593 AVAST engine scan C:\Windows
18:20:42.833 AVAST engine scan C:\Windows\system32
18:24:37.556 AVAST engine scan C:\Windows\system32\drivers
18:24:56.896 AVAST engine scan C:\Users\User
18:27:27.898 Disk 0 MBR has been saved successfully to "C:\Users\User\Downloads\MBR.dat"
18:27:27.908 The log file has been saved successfully to "C:\Users\User\Downloads\aswMBR.txt"
18:28:04.096 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
18:28:04.106 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-13 18:17:54
-----------------------------
18:17:54.865 OS Version: Windows 6.0.6002 Service Pack 2
18:17:54.865 Number of processors: 2 586 0x170A
18:17:54.867 ComputerName: PC-DE-USER UserName: User
18:17:59.141 Initialize success
18:19:29.130 AVAST engine defs: 12111301
18:19:43.372 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:19:43.372 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
18:19:43.403 Disk 0 MBR read successfully
18:19:43.403 Disk 0 MBR scan
18:19:43.403 Disk 0 Windows VISTA default MBR code
18:19:43.419 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
18:19:43.434 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 137368 MB offset 3074048
18:19:43.481 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 6947 MB offset 284403712
18:19:43.481 Disk 0 scanning sectors +298631168
18:19:43.590 Disk 0 scanning C:\Windows\system32\drivers
18:19:55.978 Service scanning
18:20:29.161 Modules scanning
18:20:36.293 Disk 0 trace - called modules:
18:20:36.313 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys iaStor.sys hal.dll
18:20:36.313 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87325408]
18:20:36.323 3 CLASSPNP.SYS[88f158b3] -> nt!IofCallDriver -> [0x87325cd0]
18:20:36.333 5 PCTCore.sys[8898682d] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85d44028]
18:20:37.593 AVAST engine scan C:\Windows
18:20:42.833 AVAST engine scan C:\Windows\system32
18:24:37.556 AVAST engine scan C:\Windows\system32\drivers
18:24:56.896 AVAST engine scan C:\Users\User
18:27:27.898 Disk 0 MBR has been saved successfully to "C:\Users\User\Downloads\MBR.dat"
18:27:27.908 The log file has been saved successfully to "C:\Users\User\Downloads\aswMBR.txt"
18:28:04.096 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
18:28:04.106 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"
18:28:28.991 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
18:28:28.991 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:04 PM

Posted 13 November 2012 - 08:46 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 recklessdog

recklessdog
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:04:04 PM

Posted 15 November 2012 - 03:21 AM

Just letting you know that earlier today my computer refused to boot that's why I took so long. It showed the toshiba screen and after a black screen with a little white stripe on the top left and froze like that for 15 minutes. It never did that before, I hope it's the last time.

For the scan, I let the thing you didn't mentioned as default, but I'm woried about the 30 days file age. What if I got the infection more than 30 days ago? Anyway, here is the notepad content:


OTL logfile created on: 2012-11-15 02:44:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c0c | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

1,87 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 48,62% Memory free
3,98 Gb Paging File | 2,61 Gb Available in Paging File | 65,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134,15 Gb Total Space | 48,73 Gb Free Space | 36,33% Space Free | Partition Type: NTFS
Drive E: | 3,85 Gb Total Space | 1,76 Gb Free Space | 45,79% Space Free | Partition Type: FAT32

Computer Name: PC-DE-USER | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Hide My IP\HideMyIpSrv.exe (Hide My IP)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()


========== Services (SafeList) ==========

SRV - (vToolbarUpdater13.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE ()
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (HideMyIpSRV) -- C:\Program Files\Hide My IP\HideMyIpSrv.exe (Hide My IP)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sdCoreService) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (ufad-ws60) -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (SmartFaceVWatchSrv) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (jswpsapi) -- C:\Program Files\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (XDva397) -- C:\Windows\system32\XDva397.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\User\AppData\Local\Temp\catchme.sys File not found
DRV - (TrueSight) -- C:\Windows\System32\drivers\TrueSight.sys ()
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (HssDRV6) -- C:\Windows\System32\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (PCTSD) -- C:\Windows\System32\drivers\PCTSD.sys (PC Tools)
DRV - (PCTBD) -- C:\Windows\System32\drivers\PCTBD.sys (PC Tools)
DRV - (PCTCore) -- C:\Windows\System32\drivers\PCTCore.sys (PC Tools)
DRV - (pctEFA) -- C:\Windows\System32\drivers\pctEFA.sys (PC Tools)
DRV - (pctDS) -- C:\Windows\System32\drivers\pctDS.sys (PC Tools)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.)
DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (vstor2-ws60) -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4273013781-2987401084-2029798254-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-4273013781-2987401084-2029798254-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4273013781-2987401084-2029798254-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-4273013781-2987401084-2029798254-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4273013781-2987401084-2029798254-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4273013781-2987401084-2029798254-1000\..\SearchScopes\{3EDCC4CA-B3A7-4392-943D-8C443D79475D}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=5ED10A95-7C75-4C0F-96BC-39BD269A21BB&apn_sauid=8E8430EC-8CA4-4691-B47A-DD47424E4509
IE - HKU\S-1-5-21-4273013781-2987401084-2029798254-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=jZt1AwCVV1jgaZ4puc08soyy9Oo?q={searchTerms}
IE - HKU\S-1-5-21-4273013781-2987401084-2029798254-1000\..\SearchScopes\{87394793-8317-426A-A380-443282519A7D}: "URL" = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHC_fr
IE - HKU\S-1-5-21-4273013781-2987401084-2029798254-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
IE - HKU\S-1-5-21-4273013781-2987401084-2029798254-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledAddons: 4faaf1bcdbef6@4faaf1bcdbef7.info:5.1
FF - prefs.js..extensions.enabledAddons: ffxtlbr@incredibar.com:1.5.0
FF - prefs.js..extensions.enabledAddons: {ef79f67a-6ad7-4715-a0f8-932fca442023}:3.16.0.3


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012-06-13 23:19:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-10-28 15:54:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-11-04 18:24:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-10-28 15:54:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-11-04 18:24:15 | 000,000,000 | ---D | M]

[2010-12-09 02:37:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2009-08-31 15:08:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012-11-12 16:16:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xx42on42.default\extensions
[2010-09-12 19:52:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xx42on42.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012-10-15 20:30:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xx42on42.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012-09-29 02:08:22 | 000,000,000 | ---D | M] (Fast Search by Surf Canyon) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xx42on42.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}(45)
[2012-11-12 06:58:06 | 000,000,000 | ---D | M] (01NET.com) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xx42on42.default\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}(28)
[2012-11-07 08:00:04 | 000,000,000 | ---D | M] (CompTool0269 Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xx42on42.default\extensions\{d3f4b70a-92e0-4393-a0f3-976d03b1ebf5}(49)
[2012-11-08 15:47:21 | 000,000,000 | ---D | M] (BittorrentBar_FR Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xx42on42.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}
[2012-05-10 03:24:42 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xx42on42.default\extensions\4faaf1bcdbef6@4faaf1bcdbef7.info
[2012-10-07 02:17:26 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xx42on42.default\extensions\crossriderapp5060@crossrider(19).com
[2011-03-25 18:02:30 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xx42on42.default\extensions\engine@conduit.com
[2012-05-10 03:21:55 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xx42on42.default\extensions\ffxtlbr@incredibar.com
[2012-09-23 15:10:50 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xx42on42.default\extensions\toolbar@ask.com
[2011-08-08 17:26:16 | 000,013,782 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\xx42on42.default\extensions\switchproxy@siju.mathew.xpi
[2012-05-02 19:34:52 | 000,095,628 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\xx42on42.default\extensions\{7a88e876-d715-4503-a7bf-a8eba13ca3f9}.xpi
[2011-05-17 12:23:59 | 000,017,696 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\xx42on42.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
[2012-11-12 06:58:13 | 000,001,048 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\xx42on42.default\searchplugins\01netcom-customized-web-search.xml
[2012-09-23 15:10:50 | 000,002,299 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\xx42on42.default\searchplugins\askcom.xml
[2010-09-14 07:41:12 | 000,002,506 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\xx42on42.default\searchplugins\BearShareWebSearch.xml
[2011-05-17 12:24:07 | 000,005,212 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\xx42on42.default\searchplugins\ecosia.xml
[2010-08-12 03:21:14 | 000,002,486 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\xx42on42.default\searchplugins\iMeshWebSearch.xml
[2012-05-10 03:21:42 | 000,002,203 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\xx42on42.default\searchplugins\MyStart Search.xml
[2012-11-13 00:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012-10-28 15:54:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012-10-28 15:54:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012-11-15 01:01:09 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files\mozilla firefox\extensions\afurladvisor@anchorfree.com
[2012-10-28 15:54:39 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-10-28 15:54:35 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010-09-14 07:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2012-10-28 15:54:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-10-28 15:54:35 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012-10-28 15:54:35 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010-08-12 03:21:14 | 000,002,486 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml
[2012-10-28 15:54:35 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012-10-28 15:54:35 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - homepage: http://search.conduit.com/?ctid=CT3128284&SearchSource=48
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3128284
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.conduit.com/?ctid=CT3128284&SearchSource=48
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.430_0\npbrowserext.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
CHR - plugin: PopCap Games Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Recherche Google = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Secure Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.34_0\
CHR - Extension: TheBflix = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdocdfodkciedpifdocfnobcmbofacpp\5.1_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012-11-11 00:01:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-4273013781-2987401084-2029798254-1000..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O4 - HKU\S-1-5-21-4273013781-2987401084-2029798254-1000..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4273013781-2987401084-2029798254-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4273013781-2987401084-2029798254-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4273013781-2987401084-2029798254-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html ()
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\HMIPCore.dll (Hide My IP)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\HMIPCore.dll (Hide My IP)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\HMIPCore.dll (Hide My IP)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\HMIPCore.dll (Hide My IP)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\HMIPCore.dll (Hide My IP)
O15 - HKU\S-1-5-21-4273013781-2987401084-2029798254-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-4273013781-2987401084-2029798254-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.243.189 24.200.241.37 24.201.245.77
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E80F5666-FAC7-4DA2-935F-0FC96A342014}: DhcpNameServer = 24.200.243.189 24.200.241.37 24.201.245.77
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (Scanning HKEY_LOCAL_MACHINE BootExecute se)
O34 - HKLM BootExecute: (tings...)
O34 - HKLM BootExecute: (ountPoints2\Q\Shell)
O34 - HKLM BootExecute: (nts2\CPC\Shell)
O34 - HKLM BootExecute: (hell)
O34 - HKLM BootExecute: (11de-9606-806e6f6e6963}\Shell)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-4273013781-2987401084-2029798254-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-11-15 02:36:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012-11-13 00:58:37 | 000,340,112 | ---- | C] (Hide My IP) -- C:\Windows\System32\HMIPCore.dll
[2012-11-13 00:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hide My IP
[2012-11-13 00:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\Hide My IP
[2012-11-13 00:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield
[2012-11-13 00:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2012-11-13 00:44:34 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2012-11-12 23:14:31 | 000,000,000 | -HSD | C] -- C:\found.008
[2012-11-12 16:22:01 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\antimalware
[2012-11-11 19:22:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-11-11 19:16:47 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012-11-11 19:14:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp(22)
[2012-11-11 00:04:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-11-11 00:04:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp
[2012-11-10 23:45:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-11-10 23:45:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-11-10 23:45:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-11-10 23:45:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-11-10 23:45:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-11-10 13:14:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{82FD069F-F6A7-4FF5-B48D-D93A59E932A6}
[2012-11-08 17:00:36 | 000,000,000 | ---D | C] -- C:\found.007
[2012-11-08 15:33:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B50D6502-2510-4B11-ABB4-A4114988685A}
[2012-11-07 06:51:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{46ADD345-1A98-448B-990B-2E514D8A1924}
[2012-11-05 17:13:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B9AE6739-6476-4537-860F-2A46E35AD6F5}
[2012-11-05 06:00:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D4240841-F62E-4FFD-9838-124923CEBBE6}
[2012-11-04 18:04:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012-11-04 18:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-11-04 18:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-11-04 18:04:20 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012-11-04 18:04:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-11-04 16:08:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C3F0D3F1-AA0A-47E8-AB56-D22AB4D68697}
[2012-11-03 21:40:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F0876123-F174-4529-B8B3-221913AC1119}
[2012-11-03 21:29:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B91C5EF8-2448-4145-B5DD-E9AAFAB74C09}
[2012-11-03 21:23:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{809F33CD-9C83-4E7D-B02F-91F41AEEF190}
[2012-11-03 21:05:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BCD0271A-F90E-4520-B9ED-9CF3F669A949}
[2012-11-02 21:37:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4748B114-5164-4DB0-A626-CA0ABC47ABFC}
[2012-11-01 16:22:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{25EC621F-25B2-4757-97C7-398449F689F0}
[2012-11-01 13:21:56 | 000,035,560 | ---- | C] (AnchorFree Inc.) -- C:\Windows\System32\drivers\hssdrv6.sys
[2012-10-30 21:28:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0BC0C0EF-AFF0-4C3B-A0A8-F21A459172EF}
[2012-10-29 17:15:37 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{45F3D535-3C58-4777-99EB-6EE3E98120F3}
[2012-10-29 17:06:22 | 000,000,000 | ---D | C] -- C:\found.006
[2012-10-28 15:54:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012-10-28 14:01:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{383D4255-1022-408C-95F6-9F2D656814F7}
[2012-10-28 13:56:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{89662FC8-712B-47B3-8CAA-F34DDF64C40F}
[2012-10-27 14:53:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{311B872E-35A3-4157-83A2-DF5598AF20B6}
[2012-10-25 13:54:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5B739FF6-84D8-4B7D-9D4D-45C05DAC9F67}
[2012-10-25 02:31:43 | 000,000,000 | ---D | C] -- C:\found.005
[2012-10-24 23:03:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B4A02FE7-BEB4-4A6F-9CD6-8EECF00ED942}
[2012-10-24 11:03:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0924FC5F-5E51-4005-AA4F-1AC394C4AB16}
[2012-10-23 16:03:26 | 000,000,000 | ---D | C] -- C:\found.004
[2012-10-23 15:57:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C6ED9AC0-A03C-467E-84A3-147333DB6DE7}
[2012-10-23 15:12:24 | 000,000,000 | ---D | C] -- C:\found.003
[2012-10-22 16:35:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{60487F17-0556-4AD6-B3CA-0B8432398667}
[2012-10-21 23:07:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{04493FD8-359C-4EA0-A99F-6A8FB49D234E}
[2012-10-21 11:06:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{867B1819-F9F0-4C67-94AC-EFE16FF301EB}
[2012-10-20 20:04:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{90F12922-6E1C-43FD-9FE2-1F9609B14C2C}
[2012-10-20 12:21:15 | 000,000,000 | ---D | C] -- C:\found.002
[2012-10-20 02:21:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9D0FA065-0FB6-4AA7-A9FA-4DBAB8EC0108}
[2012-10-19 13:26:39 | 000,000,000 | ---D | C] -- C:\found.001
[2012-10-19 12:18:44 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{28A6D4A2-5057-419C-94DB-1763698E0DB8}
[2012-10-17 13:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012-10-17 13:32:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4C7F6AAC-68D6-487E-B59C-29FCC319B40C}
[2012-10-17 13:28:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B9090EB8-49CB-4D15-8900-F8C8BD0D5486}
[2012-10-16 15:40:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{53F48061-1E8B-49D2-9DB2-C61538CFF705}
[2011-09-11 13:51:49 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Users\User\taskmgr.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-11-15 02:40:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-11-15 02:36:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012-11-15 02:33:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-11-15 02:07:01 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4273013781-2987401084-2029798254-1000UA.job
[2012-11-15 01:43:30 | 000,754,742 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012-11-15 01:43:30 | 000,653,680 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-11-15 01:43:30 | 000,157,074 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012-11-15 01:43:30 | 000,128,584 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-11-15 01:23:56 | 002,269,425 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012-11-15 01:08:48 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012-11-15 01:06:43 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-11-15 01:06:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-11-15 01:06:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-11-15 01:06:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-11-13 20:47:47 | 000,066,380 | ---- | M] () -- C:\Users\User\Documents\screen.jpg
[2012-11-13 02:04:01 | 000,270,182 | ---- | M] () -- C:\Users\User\Documents\DSC00235.jpg
[2012-11-13 00:47:12 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2012-11-11 03:07:04 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4273013781-2987401084-2029798254-1000Core.job
[2012-11-11 00:01:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012-11-10 15:00:07 | 000,014,336 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012-11-10 13:44:28 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012-11-09 06:39:47 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2012-11-08 20:13:14 | 000,164,642 | ---- | M] () -- C:\Users\User\Documents\IMG_08112012_191049.png
[2012-11-08 17:33:51 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable
[2012-11-08 15:30:37 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012-11-05 04:33:05 | 000,050,074 | ---- | M] () -- C:\Users\User\Documents\errors.jpg
[2012-11-04 23:54:39 | 000,248,853 | ---- | M] () -- C:\Users\User\Documents\DSC00430.jpg
[2012-11-01 00:08:22 | 000,269,708 | ---- | M] () -- C:\Users\User\Documents\DSC00426.jpg
[2012-10-31 23:33:10 | 000,179,569 | ---- | M] () -- C:\Users\User\Documents\DSC00427.jpg
[2012-10-26 02:07:51 | 000,213,880 | ---- | M] () -- C:\Users\User\Documents\DSC00377.jpg
[2012-10-26 01:08:45 | 000,259,831 | ---- | M] () -- C:\Users\User\Documents\DSC00380.jpg
[2012-10-24 11:55:07 | 000,000,000 | ---- | M] () -- C:\Users\User\AppData\Local\prvlcl.dat
[2012-10-23 12:25:20 | 000,340,112 | ---- | M] (Hide My IP) -- C:\Windows\System32\HMIPCore.dll
[2012-10-21 11:43:11 | 242,591,683 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012-10-20 22:30:22 | 001,194,581 | ---- | M] () -- C:\Users\User\Documents\tumblr_ll515cSVYg1qfjjgl_r1.mov
[2012-10-17 13:58:02 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-11-13 20:47:45 | 000,066,380 | ---- | C] () -- C:\Users\User\Documents\screen.jpg
[2012-11-13 02:03:53 | 000,270,182 | ---- | C] () -- C:\Users\User\Documents\DSC00235.jpg
[2012-11-13 00:47:12 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2012-11-10 23:45:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-11-10 23:45:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-11-10 23:45:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-11-10 23:45:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-11-10 23:45:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-11-10 15:00:07 | 000,014,336 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2012-11-08 20:13:10 | 000,164,642 | ---- | C] () -- C:\Users\User\Documents\IMG_08112012_191049.png
[2012-11-08 17:33:51 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable
[2012-11-05 04:33:03 | 000,050,074 | ---- | C] () -- C:\Users\User\Documents\errors.jpg
[2012-11-04 23:54:29 | 000,248,853 | ---- | C] () -- C:\Users\User\Documents\DSC00430.jpg
[2012-10-31 23:33:01 | 000,179,569 | ---- | C] () -- C:\Users\User\Documents\DSC00427.jpg
[2012-10-31 22:06:58 | 000,269,708 | ---- | C] () -- C:\Users\User\Documents\DSC00426.jpg
[2012-10-26 01:40:01 | 000,213,880 | ---- | C] () -- C:\Users\User\Documents\DSC00377.jpg
[2012-10-26 01:08:40 | 000,259,831 | ---- | C] () -- C:\Users\User\Documents\DSC00380.jpg
[2012-10-21 11:43:11 | 242,591,683 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012-10-20 22:29:26 | 001,194,581 | ---- | C] () -- C:\Users\User\Documents\tumblr_ll515cSVYg1qfjjgl_r1.mov
[2012-07-03 05:07:40 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012-06-13 23:19:13 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012-01-08 17:48:36 | 000,011,574 | ---- | C] () -- C:\Users\User\attachment.php
[2012-01-07 07:19:27 | 000,010,274 | -HS- | C] () -- C:\Users\User\AppData\Local\hn808xx243ifnu08210mn31655k38ut345h0wx0q2qo404
[2012-01-07 07:19:27 | 000,010,274 | -HS- | C] () -- C:\ProgramData\hn808xx243ifnu08210mn31655k38ut345h0wx0q2qo404
[2011-08-13 20:54:33 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011-06-25 19:12:47 | 000,000,129 | ---- | C] () -- C:\Users\User\jagex_runescape_preferences2.dat
[2011-06-25 19:11:29 | 000,000,034 | ---- | C] () -- C:\Users\User\jagex_runescape_preferences.dat
[2011-05-31 23:49:00 | 000,010,460 | -HS- | C] () -- C:\Users\User\AppData\Local\060a0lgv5xri3o0
[2011-05-31 23:49:00 | 000,010,460 | -HS- | C] () -- C:\ProgramData\060a0lgv5xri3o0
[2011-03-28 02:40:57 | 000,003,976 | ---- | C] () -- C:\Users\User\AppData\Local\springsettings.cfg
[2011-03-28 02:26:24 | 000,001,049 | ---- | C] () -- C:\Windows\disney.ini
[2010-10-17 14:31:44 | 002,974,864 | ---- | C] () -- C:\Users\User\sound.mp3
[2010-04-27 15:53:18 | 000,008,078 | -HS- | C] () -- C:\Users\User\AppData\Local\KLry0l
[2010-04-27 15:53:18 | 000,008,078 | -HS- | C] () -- C:\ProgramData\KLry0l
[2009-12-28 18:16:54 | 000,014,022 | ---- | C] () -- C:\Users\User\pm_inbox3.asp
[2009-12-28 18:16:34 | 000,014,021 | ---- | C] () -- C:\Users\User\pm_inbox2.asp
[2009-12-28 18:14:47 | 000,014,042 | ---- | C] () -- C:\Users\User\pm_inbox.asp.htm
[2009-12-06 22:23:24 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\prvlcl.dat
[2009-08-13 13:41:14 | 000,019,968 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-08-12 08:30:45 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006-11-02 07:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:FB6A21E3
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:268F887D
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D2D4B33E

< End of report >

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:04 PM

Posted 15 November 2012 - 07:38 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
    O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
    O4 - HKU\S-1-5-21-4273013781-2987401084-2029798254-1000..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
    @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:FB6A21E3
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:268F887D
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D2D4B33E  
    FF - prefs.js..extensions.enabledAddons: ffxtlbr@incredibar.com:1.5.0
    FF - prefs.js..extensions.enabledAddons: ffxtlbr@incredibar.com:1.5.0
    [2012-09-23 15:10:50 | 000,002,299 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\xx42on42.default\searchplugins\askcom.xml
    [2010-09-14 07:41:12 | 000,002,506 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\xx42on42.default\searchplugins\BearShareWebSearch.xml
    [2011-05-17 12:24:07 | 000,005,212 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\xx42on42.default\searchplugins\ecosia.xml
    [2010-08-12 03:21:14 | 000,002,486 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\xx42on42.default\searchplugins\iMeshWebSearch.xml
    [2012-05-10 03:21:42 | 000,002,203 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\xx42on42.default\searchplugins\MyStart Search.xml
    [2012-01-07 07:19:27 | 000,010,274 | -HS- | C] () -- C:\Users\User\AppData\Local\hn808xx243ifnu08210mn31655k38ut345h0wx0q2qo404
    [2012-01-07 07:19:27 | 000,010,274 | -HS- | C] () -- C:\ProgramData\hn808xx243ifnu08210mn31655k38ut345h0wx0q2qo404
    [2011-05-31 23:49:00 | 000,010,460 | -HS- | C] () -- C:\Users\User\AppData\Local\060a0lgv5xri3o0
    [2011-05-31 23:49:00 | 000,010,460 | -HS- | C] () -- C:\ProgramData\060a0lgv5xri3o0
    [2010-04-27 15:53:18 | 000,008,078 | -HS- | C] () -- C:\Users\User\AppData\Local\KLry0l
    [2010-04-27 15:53:18 | 000,008,078 | -HS- | C] () -- C:\ProgramData\KLry0l
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users