Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search redirect virus


  • This topic is locked This topic is locked
39 replies to this topic

#1 alo

alo

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 27 November 2012 - 02:54 AM

When ever i search in the address bar my results get redirected to searchnut.com

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Administrator at 23:43:45 on 2012-11-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4084.1749 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlbucoms.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3184310
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://feed.snap.do/?publisher=InternetTurbo&dpid=InternetTurbo&co=US&userid=4ddb310e-97e5-44d5-9dfc-7e113005333f&searchtype=ds&q={searchTerms}
uSearch Page = hxxp://feed.snap.do/?publisher=InternetTurbo&dpid=InternetTurbo&co=US&userid=4ddb310e-97e5-44d5-9dfc-7e113005333f&searchtype=ds&q={searchTerms}
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5081121
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5081121
uSearchAssistant = hxxp://feed.snap.do/?publisher=InternetTurbo&dpid=InternetTurbo&co=US&userid=4ddb310e-97e5-44d5-9dfc-7e113005333f&searchtype=ds&q={searchTerms}
uURLSearchHooks: {c28f5072-1bfa-42f0-ba55-5a802d3490cb} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Swiki_IE: {34191E35-BBFC-4587-87A9-4B397107119D} -
BHO: FBDownloader BHO: {553318DA-D010-469E-84B1-496563CAE1BF} - C:\Program Files (x86)\HTTO Group, Ltd\FBDownloader IE Add-on\FBDownloader.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [DataMgr] C:\Users\Administrator\AppData\Roaming\DataMgr\datamgr.exe
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
mRun: [BJCFD] "C:\Program Files (x86)\BroadJump\Client Foundation\CFD.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
TCP: NameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{2E2F15AD-01F7-4331-920C-F976B8E49B33} : NameServer = 107.6.133.8,23.23.180.210
TCP: Interfaces\{2E2F15AD-01F7-4331-920C-F976B8E49B33} : DHCPNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{64685DB7-B0B1-4A1E-A65F-4B8CD1BFEFF0} : NameServer = 107.6.133.8,23.23.180.210
TCP: Interfaces\{64685DB7-B0B1-4A1E-A65F-4B8CD1BFEFF0} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{9DCBCD70-2680-4DA0-9604-ED6E9EBA888F} : NameServer = 107.6.133.8,23.23.180.210
TCP: Interfaces\{9DCBCD70-2680-4DA0-9604-ED6E9EBA888F} : DHCPNameServer = 198.224.174.135 198.224.173.135
TCP: Interfaces\{c328fed4-6a85-11db-9fbd-806e6f6e6963} : NameServer = 107.6.133.8,23.23.180.210
TCP: Interfaces\{CFAB2CF6-B4C9-4EF6-B953-DDA781968BC1} : NameServer = 107.6.133.8,23.23.180.210
TCP: Interfaces\{CFAB2CF6-B4C9-4EF6-B953-DDA781968BC1} : DHCPNameServer = 192.168.42.129
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5081121
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [Skytel] Skytel.exe
x64-Run: [DLBUCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\DLBUtime.dll,RunDLLEntry
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qkjuccny.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3184310&SearchSource=2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-10-21 20:05; mozilla_cc@internetdownloadmanager.com; C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5
FF - ExtSQL: 2012-11-20 21:04; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qkjuccny.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQQWcDv41&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 44629f4900000000000000219b11a48e
FF - user.js: extensions.incredibar_i.instlDay - 15670
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1415:24:56
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQQWcDv41
FF - user.js: extensions.incredibar_i.upn2n - 92543995556618685
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10687
FF - user.js: extensions.incredibar_i.ppd -
.
============= SERVICES / DRIVERS ===============
.
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2008-11-21 53488]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R2 AERTFilters;Andrea RT Filters Service;C:\Windows\System32\AERTSr64.exe [2008-11-21 86016]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2012-8-28 158944]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-7-27 170824]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2008-11-21 411136]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-10-21 121416]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\System32\drivers\NwUsbCdFil64.sys [2008-7-7 25600]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\System32\drivers\nwusbser2.sys [2008-5-9 213120]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-11-2 125416]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-11-2 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-11-2 159208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-11-14 16:02:29 66395536 ----a-w- C:\Windows\System32\mrt.exe
2012-11-13 22:52:53 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-13 22:52:53 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-22 21:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-10-15 11:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-10-12 23:35:52 72104 ----a-w- C:\Windows\CouponPrinter.ocx
2012-10-12 14:53:34 2769920 ----a-w- C:\Windows\System32\win32k.sys
2012-10-07 16:50:03 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-10-07 16:50:03 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-07 08:21:59 65024 ----a-w- C:\Windows\System32\pngfilt.dll
2012-10-07 08:21:59 149504 ----a-w- C:\Windows\System32\occache.dll
2012-10-07 08:19:43 792576 ----a-w- C:\Windows\System32\d3d11.dll
2012-10-05 11:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-04 03:03:05 17811968 ----a-w- C:\Windows\System32\mshtml.dll
2012-10-04 02:24:36 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2012-10-04 02:18:45 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-04 02:12:16 1346048 ----a-w- C:\Windows\System32\urlmon.dll
2012-10-04 02:11:22 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-04 02:10:43 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-04 02:10:19 237056 ----a-w- C:\Windows\System32\url.dll
2012-10-04 02:08:50 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2012-10-04 02:07:11 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-04 02:07:01 816640 ----a-w- C:\Windows\System32\jscript.dll
2012-10-04 02:06:55 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-04 02:05:40 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2012-10-04 02:04:55 2144768 ----a-w- C:\Windows\System32\iertutil.dll
2012-10-04 02:03:48 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2012-10-04 02:03:26 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-04 01:59:12 248320 ----a-w- C:\Windows\System32\ieui.dll
2012-10-03 23:00:04 12320768 ----a-w- C:\Windows\SysWow64\mshtml.dll
2012-10-03 22:35:48 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
2012-10-03 22:30:48 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-03 22:22:51 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
2012-10-03 22:21:58 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-03 22:21:57 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-03 22:20:53 231936 ----a-w- C:\Windows\SysWow64\url.dll
2012-10-03 22:19:28 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2012-10-03 22:18:27 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-03 22:18:10 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2012-10-03 22:18:01 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-03 22:16:41 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2012-10-03 22:16:03 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
2012-10-03 22:15:16 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2012-10-03 22:14:47 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 22:11:09 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2012-10-02 11:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-09-30 03:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-25 16:31:19 91648 ----a-w- C:\Windows\System32\synceng.dll
2012-09-25 16:19:41 75776 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 06:16:33 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-25 06:08:31 246760 ----a-w- C:\Windows\SysWow64\javaws.exe
2012-09-25 06:08:27 174056 ----a-w- C:\Windows\SysWow64\javaw.exe
2012-09-25 06:07:57 174056 ----a-w- C:\Windows\SysWow64\java.exe
2012-09-21 11:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 11:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2012-09-14 11:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2012-09-13 13:45:46 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-13 13:28:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-29 11:40:01 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2006-07-24 14:42:39 125358 ------w- C:\Program Files\SBC Self Support Tool
.
============= FINISH: 23:44:12.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:06 PM

Posted 27 November 2012 - 07:52 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 alo

alo
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 27 November 2012 - 11:12 AM

Here are the logs
Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 24
Java™ 6 Update 35
Java 7 Update 9
Java™ 6 Update 7
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.5.502.110
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (17.0)
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

The next one


-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=InternetTurbo&dpid=InternetTurbo&co=US&userid=4ddb310e-97e5-44d5-9dfc-7e113005333f&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3184310 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=InternetTurbo&dpid=InternetTurbo&co=US&userid=4ddb310e-97e5-44d5-9dfc-7e113005333f&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=InternetTurbo&dpid=InternetTurbo&co=US&userid=4ddb310e-97e5-44d5-9dfc-7e113005333f&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=InternetTurbo&dpid=InternetTurbo&co=US&userid=4ddb310e-97e5-44d5-9dfc-7e113005333f&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0 (en-US)

Profile name : default
File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qkjuccny.default\prefs.js

C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qkjuccny.default\user.js ... Deleted !

Deleted : user_pref("CT3184310_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3184310&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "LittleFishBar Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3184310[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredibar.com/mb196/?loc=IB_DS&a[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3184310");
Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb196?a=6PQQWcDv41&i=26");
Deleted : user_pref("browser.search.defaultenginename", "MyStart Search");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10687");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "44629f4900000000000000219b11a48e");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15670");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQQWcDv41&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6PQQWcDv41");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92543995556618685");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1415:24:56");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3184310&SearchSource=2&q=[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.39] : icon_url = "hxxp://search.conduit.com/fav.ico",
Deleted [l.42] : keyword = "search.conduit.com",
Deleted [l.45] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3[...]

*************************

AdwCleaner[S1].txt - [8463 octets] - [27/11/2012 07:59:53]

########## EOF - C:\AdwCleaner[S1].txt - [8523 octets] ##########

The last one

[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{9DCBCD70-2680-4DA0-9604-ED6E9EBA888F} : NameServer (107.6.133.8,23.23.180.210) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{c328fed4-6a85-11db-9fbd-806e6f6e6963} : NameServer (107.6.133.8,23.23.180.210) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{CFAB2CF6-B4C9-4EF6-B953-DDA781968BC1} : NameServer (107.6.133.8,23.23.180.210) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD642JJ ATA Device +++++
--- User ---
[MBR] 41c7cf2dae606c03b7e47730e225d455
[BSP] 389b93f2421e68d4604b664e537f8b21 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 595439 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3500418AS ATA Device +++++
--- User ---
[MBR] 5a5315ce6afbf19798d96bf73c13f37b
[BSP] e25f1561ba154c204f277a9503e01aa5 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: TEAC USB HS-CF Card USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: TEAC USB HS-xD/SM USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: TEAC USB HS-MS Card USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_11272012_02d0807.txt >>
RKreport[1]_S_11272012_02d0807.txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:06 PM

Posted 27 November 2012 - 06:19 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 alo

alo
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 27 November 2012 - 07:23 PM

My searches still get redirected to searchnut.com
Also it said it could not apply some options since it did not have administrator permissions
but i do not know how to do that

Here is the combofix log

ComboFix 12-11-27.01 - Administrator 11/27/2012 15:30:00.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4084.2501 [GMT -8:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\PAV
c:\program files (x86)\PAV\pav.exe.tmp1
c:\program files (x86)\Vid-Saver
c:\program files (x86)\Vid-Saver\Vid-Saver-bg.exe
c:\programdata\SPL823F.tmp
c:\users\Public\DynamicInstaller.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-10-27 to 2012-11-27 )))))))))))))))))))))))))))))))
.
.
2012-11-27 04:27 . 2012-11-27 04:27 -------- d-----w- c:\users\Administrator\AppData\Roaming\AVG2013
2012-11-27 04:25 . 2012-11-27 04:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\TuneUp Software
2012-11-27 04:23 . 2012-11-27 04:26 -------- d-----w- c:\programdata\AVG2013
2012-11-27 04:23 . 2012-11-27 04:23 -------- d-----w- C:\$AVG
2012-11-27 04:22 . 2012-11-27 04:22 -------- d-----w- c:\program files (x86)\AVG
2012-11-27 04:20 . 2012-11-27 17:31 -------- d-----w- c:\programdata\MFAData
2012-11-27 04:20 . 2012-11-27 06:00 -------- d-----w- c:\users\Administrator\AppData\Local\Avg2013
2012-11-27 04:20 . 2012-11-27 04:20 -------- d-----w- c:\users\Administrator\AppData\Local\MFAData
2012-11-27 01:08 . 2012-11-27 01:08 -------- d-----w- c:\users\AppData
2012-11-27 01:08 . 2012-11-27 01:08 -------- d-----w- c:\users\Administrator\AppData\Local\CRE
2012-11-27 00:58 . 2012-11-27 00:58 -------- d-----w- c:\users\Administrator\AppData\Local\7Wonders2
2012-11-27 00:52 . 2012-11-27 00:52 -------- d-----w- c:\users\Administrator\AppData\Roaming\fltk.org
2012-11-27 00:50 . 2012-11-27 00:50 -------- d-----w- c:\program files (x86)\HTTO Group, Ltd
2012-11-27 00:43 . 2012-11-27 00:43 -------- d-----w- c:\programdata\MumboJumbo
2012-11-27 00:16 . 2012-11-27 02:10 -------- d-----w- c:\program files (x86)\File Type Assistant
2012-11-27 00:06 . 2012-11-27 00:06 -------- d-----w- c:\users\Administrator\AppData\Local\WeatherBug
2012-11-27 00:06 . 2012-11-27 00:06 -------- d-----w- c:\users\Administrator\AppData\Roaming\WeatherBug
2012-11-27 00:06 . 2012-11-27 00:06 18944 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2012-11-26 23:50 . 2012-11-26 23:51 -------- d-----w- c:\users\Administrator\AppData\Roaming\flightgear.org
2012-11-26 23:16 . 2012-11-27 02:08 -------- d-----w- c:\program files (x86)\WrapApp
2012-11-26 23:04 . 2012-11-27 02:19 -------- d-----w- c:\program files (x86)\OtShot
2012-11-26 23:04 . 2012-11-26 23:04 -------- d-----w- c:\programdata\ZalmanInstaller_otshot
2012-11-26 23:00 . 2012-11-27 02:09 -------- d-----w- c:\program files (x86)\fbDownloader
2012-11-24 17:54 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66AD68FD-1E3C-4CBD-B874-522EA3A3BF18}\mpengine.dll
2012-11-21 04:51 . 2012-11-21 04:51 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-11-18 22:15 . 2012-11-18 22:15 -------- d-----w- c:\program files (x86)\SDA
2012-11-18 22:14 . 2012-11-18 22:14 -------- d-----w- c:\users\Administrator\AppData\Local\Downloaded Installations
2012-11-14 22:43 . 2012-11-14 22:43 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2012-11-14 22:43 . 2012-11-14 22:43 -------- d-----w- c:\programdata\Malwarebytes
2012-11-14 22:43 . 2012-11-14 22:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-14 22:43 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-14 17:13 . 2012-11-14 17:13 -------- d-----w- c:\users\Administrator\DoctorWeb
2012-11-14 11:24 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 11:24 . 2012-09-25 16:19 75776 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-14 11:24 . 2012-10-12 14:53 2769920 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 07:22 . 2012-11-13 07:22 -------- d-----w- c:\users\Administrator\iPod Photo Cache
2012-11-13 00:53 . 2012-11-13 00:53 -------- d-----w- c:\users\Administrator\AppData\Local\IAC
2012-11-05 04:09 . 2012-11-05 04:09 -------- d-----w- c:\users\Administrator\AppData\Roaming\Azureus
2012-11-02 16:56 . 2010-05-25 07:59 16872 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2012-11-02 16:56 . 2010-05-25 07:59 159208 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2012-11-02 16:56 . 2010-05-25 07:59 13800 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2012-11-02 16:56 . 2010-05-25 07:59 13800 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2012-11-02 16:56 . 2010-05-25 07:59 13288 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2012-11-02 16:56 . 2010-05-25 07:59 13288 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2012-11-02 16:56 . 2010-05-25 07:59 125416 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2012-11-02 16:53 . 2012-11-02 16:53 -------- d-----w- c:\program files\SAMSUNG
2012-11-02 16:53 . 2012-11-02 16:53 -------- d-----w- c:\programdata\Samsung
2012-10-31 02:53 . 2012-10-31 02:53 -------- d-----w- c:\program files (x86)\7-Zip
2012-10-30 01:13 . 2012-10-30 01:14 -------- d-----w- c:\programdata\FarmFrenzy3_Madagascar
2012-10-30 01:13 . 2012-10-30 01:13 -------- d-----w- c:\programdata\AlawarWrapper
2012-10-30 01:12 . 2012-10-30 15:21 -------- d-----w- c:\program files (x86)\Alawar
2012-10-30 01:12 . 2012-10-30 01:12 -------- d-----w- c:\windows\SChecker
2012-10-29 15:39 . 2012-10-29 15:39 -------- d-----w- c:\program files (x86)\Coupons
2012-10-28 23:53 . 2012-11-27 02:20 -------- d-----w- c:\program files (x86)\Real
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 16:02 . 2006-11-02 12:35 66395536 ----a-w- c:\windows\system32\mrt.exe
2012-11-13 22:52 . 2012-10-07 16:58 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-13 22:52 . 2012-10-07 16:58 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-22 21:02 . 2012-10-22 21:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-15 11:48 . 2012-10-15 11:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-12 23:35 . 2012-01-30 04:25 72104 ----a-w- c:\windows\CouponPrinter.ocx
2012-10-07 16:50 . 2012-10-07 15:31 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-10-07 16:50 . 2012-10-07 15:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-07 08:22 . 2012-10-07 08:22 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-10-07 08:22 . 2012-10-07 08:22 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-10-07 08:22 . 2012-10-07 08:22 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-10-07 08:22 . 2012-10-07 08:22 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-10-07 08:22 . 2012-10-07 08:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-10-07 08:22 . 2012-10-07 08:22 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-10-07 08:22 . 2012-10-07 08:22 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-10-07 08:22 . 2012-10-07 08:22 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-10-07 08:22 . 2012-10-07 08:22 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-10-07 08:22 . 2012-10-07 08:22 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-10-07 08:22 . 2012-10-07 08:22 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-10-07 08:22 . 2012-10-07 08:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-10-07 08:22 . 2012-10-07 08:22 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-10-07 08:22 . 2012-10-07 08:22 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-10-07 08:22 . 2012-10-07 08:22 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-10-07 08:22 . 2012-10-07 08:22 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-10-07 08:22 . 2012-10-07 08:22 222208 ----a-w- c:\windows\system32\msls31.dll
2012-10-07 08:22 . 2012-10-07 08:22 197120 ----a-w- c:\windows\system32\msrating.dll
2012-10-07 08:22 . 2012-10-07 08:22 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-10-07 08:22 . 2012-10-07 08:22 12288 ----a-w- c:\windows\system32\mshta.exe
2012-10-07 08:22 . 2012-10-07 08:22 114176 ----a-w- c:\windows\system32\admparse.dll
2012-10-07 08:22 . 2012-10-07 08:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-10-07 08:22 . 2012-10-07 08:22 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-10-07 08:22 . 2012-10-07 08:22 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-10-07 08:22 . 2012-10-07 08:22 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-10-07 08:22 . 2012-10-07 08:22 82432 ----a-w- c:\windows\system32\icardie.dll
2012-10-07 08:22 . 2012-10-07 08:22 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-10-07 08:22 . 2012-10-07 08:22 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-10-07 08:22 . 2012-10-07 08:22 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-10-07 08:22 . 2012-10-07 08:22 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-10-07 08:22 . 2012-10-07 08:22 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-10-07 08:22 . 2012-10-07 08:22 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-10-07 08:22 . 2012-10-07 08:22 448512 ----a-w- c:\windows\system32\html.iec
2012-10-07 08:22 . 2012-10-07 08:22 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-10-07 08:22 . 2012-10-07 08:22 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-10-07 08:22 . 2012-10-07 08:22 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-10-07 08:22 . 2012-10-07 08:22 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-10-07 08:22 . 2012-10-07 08:22 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-10-07 08:22 . 2012-10-07 08:22 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-10-07 08:22 . 2012-10-07 08:22 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-10-07 08:22 . 2012-10-07 08:22 160256 ----a-w- c:\windows\system32\wextract.exe
2012-10-07 08:22 . 2012-10-07 08:22 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-10-07 08:22 . 2012-10-07 08:22 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-10-07 08:22 . 2012-10-07 08:22 136192 ----a-w- c:\windows\system32\advpack.dll
2012-10-07 08:22 . 2012-10-07 08:22 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-10-07 08:22 . 2012-10-07 08:22 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-10-07 08:22 . 2012-10-07 08:22 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-10-07 08:22 . 2012-10-07 08:22 103936 ----a-w- c:\windows\system32\inseng.dll
2012-10-07 08:21 . 2012-10-07 08:21 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-10-07 08:21 . 2012-10-07 08:21 149504 ----a-w- c:\windows\system32\occache.dll
2012-10-07 08:20 . 2012-10-07 08:20 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2012-10-07 08:20 . 2012-10-07 08:20 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-10-07 08:20 . 2012-10-07 08:20 377344 ----a-w- c:\windows\system32\mfmp4src.dll
2012-10-07 08:20 . 2012-10-07 08:20 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll
2012-10-07 08:20 . 2012-10-07 08:20 3548672 ----a-w- c:\windows\system32\mf.dll
2012-10-07 08:20 . 2012-10-07 08:20 345088 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-10-07 08:20 . 2012-10-07 08:20 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll
2012-10-07 08:20 . 2012-10-07 08:20 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2012-10-07 08:20 . 2012-10-07 08:20 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-10-07 08:20 . 2012-10-07 08:20 98816 ----a-w- c:\windows\SysWow64\mfps.dll
2012-10-07 08:20 . 2012-10-07 08:20 748544 ----a-w- c:\windows\system32\stobject.dll
2012-10-07 08:20 . 2012-10-07 08:20 586240 ----a-w- c:\windows\SysWow64\stobject.dll
2012-10-07 08:20 . 2012-10-07 08:20 34304 ----a-w- c:\windows\system32\mfpmp.exe
2012-10-07 08:20 . 2012-10-07 08:20 2873344 ----a-w- c:\windows\SysWow64\mf.dll
2012-10-07 08:20 . 2012-10-07 08:20 278528 ----a-w- c:\windows\system32\mfplat.dll
2012-10-07 08:20 . 2012-10-07 08:20 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
2012-10-07 08:20 . 2012-10-07 08:20 195072 ----a-w- c:\windows\system32\mfps.dll
2012-10-07 08:20 . 2012-10-07 08:20 1204224 ----a-w- c:\windows\system32\shdocvw.dll
2012-10-07 08:20 . 2012-10-07 08:20 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-10-07 08:20 . 2012-10-07 08:20 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-10-07 08:20 . 2012-10-07 08:20 625152 ----a-w- c:\windows\system32\dxgi.dll
2012-10-07 08:20 . 2012-10-07 08:20 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2012-10-07 08:20 . 2012-10-07 08:20 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-10-07 08:20 . 2012-10-07 08:20 478720 ----a-w- c:\windows\SysWow64\dxgi.dll
2012-10-07 08:20 . 2012-10-07 08:20 47104 ----a-w- c:\windows\system32\cdd.dll
2012-10-07 08:20 . 2012-10-07 08:20 366592 ----a-w- c:\windows\system32\winspool.drv
2012-10-07 08:20 . 2012-10-07 08:20 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-10-07 08:20 . 2012-10-07 08:20 287232 ----a-w- c:\windows\system32\d3d10core.dll
2012-10-07 08:20 . 2012-10-07 08:20 258048 ----a-w- c:\windows\SysWow64\winspool.drv
2012-10-07 08:20 . 2012-10-07 08:20 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
2012-10-07 08:20 . 2012-10-07 08:20 1268224 ----a-w- c:\windows\system32\d3d10.dll
2012-10-07 08:20 . 2012-10-07 08:20 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-10-07 08:20 . 2012-10-07 08:20 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
2012-10-07 08:20 . 2012-10-07 08:20 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll
2012-10-07 08:20 . 2012-10-07 08:20 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll
2012-10-07 08:20 . 2012-10-07 08:20 1461760 ----a-w- c:\windows\system32\OpcServices.dll
2012-10-07 08:20 . 2012-10-07 08:20 3068416 ----a-w- c:\windows\system32\xpsservices.dll
2012-10-07 08:20 . 2012-10-07 08:20 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2012-10-07 08:19 . 2012-10-07 08:19 792576 ----a-w- c:\windows\system32\d3d11.dll
2012-10-07 08:19 . 2012-10-07 08:19 519680 ----a-w- c:\windows\SysWow64\d3d11.dll
2012-10-07 08:19 . 2012-10-07 08:19 449024 ----a-w- c:\windows\system32\WMPhoto.dll
2012-10-07 08:19 . 2012-10-07 08:19 369664 ----a-w- c:\windows\SysWow64\WMPhoto.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{553318DA-D010-469E-84B1-496563CAE1BF}]
2012-06-23 09:40 136192 ----a-w- c:\program files (x86)\HTTO Group, Ltd\FBDownloader IE Add-on\FBDownloader.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-10-22 3519936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-06-15 47408]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2008-11-21 50688]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [2008-07-18 86016]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 22:52]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-22 03:22]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-22 03:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-18 6453760]
"DLBUCATS"="c:\windows\system32\spool\DRIVERS\x64\3\DLBUtime.dll" [2007-02-13 28672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-16 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-16 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-16 202264]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5081121
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{2E2F15AD-01F7-4331-920C-F976B8E49B33}: NameServer = 107.6.133.8,23.23.180.210
TCP: Interfaces\{64685DB7-B0B1-4A1E-A65F-4B8CD1BFEFF0}: NameServer = 107.6.133.8,23.23.180.210
TCP: Interfaces\{9DCBCD70-2680-4DA0-9604-ED6E9EBA888F}: NameServer = 107.6.133.8,23.23.180.210
TCP: Interfaces\{c328fed4-6a85-11db-9fbd-806e6f6e6963}: NameServer = 107.6.133.8,23.23.180.210
TCP: Interfaces\{CFAB2CF6-B4C9-4EF6-B953-DDA781968BC1}: NameServer = 107.6.133.8,23.23.180.210
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qkjuccny.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - ExtSQL: 2012-10-21 20:05; mozilla_cc@internetdownloadmanager.com; c:\users\Administrator\AppData\Roaming\IDM\idmmzcc5
FF - ExtSQL: 2012-11-20 21:04; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qkjuccny.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{c28f5072-1bfa-42f0-ba55-5a802d3490cb} - (no file)
BHO-{34191E35-BBFC-4587-87A9-4B397107119D} - c:\program files (x86)\Swiki_IE\ScriptHost.dll
Wow6432Node-HKCU-Run-Weather - c:\program files (x86)\AWS\WeatherBug\Weather.exe
Wow6432Node-HKLM-Run-BJCFD - c:\program files (x86)\BroadJump\Client Foundation\CFD.exe
Wow6432Node-HKLM-Run-hpqSRMon - (no file)
Wow6432Node-HKLM-Run-Driver Genius - (no file)
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
Wow6432Node-HKLM-Run-OtShot - c:\program files (x86)\OtShot\otshot.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{C28F5072-1BFA-42F0-BA55-5A802D3490CB} - (no file)
HKLM-Run-ECenter - c:\dell\E-Center\EULALauncher.exe
HKLM-Run-Skytel - Skytel.exe
AddRemove-SBC Self Support Tool - c:\progra~1\SBCSEL~1\CustomUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,3b,1b,a1,df,0f,
3b,56,1c,bb,54,84,14,4b,d0,23,e7,8a,56
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,c8,
00,9e,bd,ec,07,ba,9a,b1,17,88,6c,fa,da
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,3b,1b,48,f0,4f,
b2,ee,54,fe,08,9c,3f,84,50,53,36,34,ee
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,3b,1b,53,c3,7e,
b7,6b,28,57,03,a9,f6,85,26,b1,ef,67,44
"{CA6319C0-31B7-401E-A518-A07C3DB8F777}"=hex:51,66,7a,6c,4c,1d,3b,1b,d0,04,74,
d2,84,64,71,05,ba,14,eb,3c,39,fa,b0,6e
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,df,
c3,76,f1,34,06,a3,78,d7,65,c5,87,cf,b0
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,3b,1b,ef,e2,e8,
e7,7d,9a,44,0a,a2,ce,45,32,e5,54,ef,4f
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,3b,1b,9a,56,17,
2a,9a,11,88,06,9b,e5,cb,c8,3c,c2,d2,00
"{154D932F-DC51-4A4F-9D52-B78B1419D3B4}"=hex:51,66,7a,6c,4c,1d,3b,1b,3f,8e,5a,
0d,62,89,20,0f,82,5e,fc,cb,10,5b,94,ad
"{34191E35-BBFC-4587-87A9-4B397107119D}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,03,0e,
2c,cf,ee,e8,00,98,a5,00,79,75,45,56,84
"{3462C343-BE19-4143-AF70-CEFB56F46FC6}"=hex:51,66,7a,6c,4c,1d,3b,1b,53,de,75,
2c,2a,eb,2c,04,b0,7c,85,bb,52,b6,28,df
"{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}"=hex:51,66,7a,6c,4c,1d,3b,1b,9f,01,55,
22,0b,b7,84,0f,97,78,f3,f5,f6,8e,00,6b
"{60E91567-EF8A-4520-BCE2-83ABA5256799}"=hex:51,66,7a,6c,4c,1d,3b,1b,77,08,fe,
78,b9,ba,4f,00,a3,ee,c8,eb,a1,67,20,80
"{C28F5072-1BFA-42F0-BA55-5A802D3490CB}"=hex:51,66,7a,6c,4c,1d,3b,1b,62,4d,98,
da,c9,4e,9f,07,a5,59,11,c0,29,76,d7,d2
"{11111111-1111-1111-1111-110011341191}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,0c,06,
09,22,44,7e,54,0e,1d,5a,40,15,76,56,88
"{23C8BC15-E9CE-4DF3-A2A9-1F2585F56F99}"=hex:51,66,7a,6c,4c,1d,3b,1b,05,a1,df,
3b,fd,bc,9c,08,bd,a5,54,65,81,b7,28,80
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,3b,1b,f9,de,5e,
28,52,e1,aa,0e,97,7c,07,49,10,23,d5,d3
"{553318DA-D010-469E-84B1-496563CAE1BF}"=hex:51,66,7a,6c,4c,1d,3b,1b,ca,05,24,
4d,23,85,f1,03,9b,bd,02,25,67,88,a6,a6
"{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}"=hex:51,66,7a,6c,4c,1d,3b,1b,fb,ab,8d,
b8,86,64,23,00,88,e0,d0,69,49,d0,a9,33
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:30,ef,a0,bd,3b,cc,cd,01
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\7zFM.exe"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.avi"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m4a"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-11-27 15:37:41
ComboFix-quarantined-files.txt 2012-11-27 23:37
.
Pre-Run: 326,592,000,000 bytes free
Post-Run: 326,592,180,224 bytes free
.
- - End Of File - - 4107090218B66B0996851FF8A7A3E06F

Edited by alo, 27 November 2012 - 07:27 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:06 PM

Posted 27 November 2012 - 09:11 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 alo

alo
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 27 November 2012 - 09:42 PM

Starting tomorrow i wont have access to internet until monday I wanted to let you
know so that you don't think bad if i am not replying.
Also some new things have been happening my computer takes alot of time to load a page
usually its almost instant but now it takes more than a minute sometimes and also my computer
freezes sometimes and the only way to fix it is to hold the power button down
Here are the logs

18:26:56.0681 0596 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:26:57.0377 0596 ============================================================
18:26:57.0377 0596 Current date / time: 2012/11/27 18:26:57.0377
18:26:57.0377 0596 SystemInfo:
18:26:57.0377 0596
18:26:57.0377 0596 OS Version: 6.0.6002 ServicePack: 2.0
18:26:57.0377 0596 Product type: Workstation
18:26:57.0377 0596 ComputerName: AARON-PC
18:26:57.0377 0596 UserName: Administrator
18:26:57.0377 0596 Windows directory: C:\Windows
18:26:57.0377 0596 System windows directory: C:\Windows
18:26:57.0377 0596 Running under WOW64
18:26:57.0378 0596 Processor architecture: Intel x64
18:26:57.0378 0596 Number of processors: 2
18:26:57.0378 0596 Page size: 0x1000
18:26:57.0378 0596 Boot type: Normal boot
18:26:57.0378 0596 ============================================================
18:26:58.0416 0596 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:27:02.0131 0596 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:27:02.0207 0596 ============================================================
18:27:02.0207 0596 \Device\Harddisk0\DR0:
18:27:02.0207 0596 MBR partitions:
18:27:02.0207 0596 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
18:27:02.0207 0596 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x48AF7AB0
18:27:02.0207 0596 \Device\Harddisk1\DR1:
18:27:02.0207 0596 MBR partitions:
18:27:02.0207 0596 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x3A384C02
18:27:02.0207 0596 ============================================================
18:27:02.0235 0596 C: <-> \Device\Harddisk0\DR0\Partition2
18:27:02.0258 0596 D: <-> \Device\Harddisk0\DR0\Partition1
18:27:02.0258 0596 E: <-> \Device\Harddisk1\DR1\Partition1
18:27:02.0259 0596 ============================================================
18:27:02.0259 0596 Initialize success
18:27:02.0259 0596 ============================================================
18:27:08.0870 3296 ============================================================
18:27:08.0870 3296 Scan started
18:27:08.0870 3296 Mode: Manual;
18:27:08.0870 3296 ============================================================
18:27:09.0390 3296 ================ Scan system memory ========================
18:27:09.0390 3296 System memory - ok
18:27:09.0390 3296 ================ Scan services =============================
18:27:09.0560 3296 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:27:09.0563 3296 ACPI - ok
18:27:09.0625 3296 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:27:09.0626 3296 AdobeARMservice - ok
18:27:09.0736 3296 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:27:09.0738 3296 AdobeFlashPlayerUpdateSvc - ok
18:27:09.0768 3296 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:27:09.0775 3296 adp94xx - ok
18:27:09.0805 3296 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:27:09.0811 3296 adpahci - ok
18:27:09.0828 3296 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:27:09.0831 3296 adpu160m - ok
18:27:09.0845 3296 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:27:09.0848 3296 adpu320 - ok
18:27:09.0886 3296 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:27:09.0887 3296 AeLookupSvc - ok
18:27:09.0929 3296 [ 0D7A11395C0A33D9E7587CDB9866EFAD ] AERTFilters C:\Windows\system32\AERTSr64.exe
18:27:09.0950 3296 AERTFilters - ok
18:27:10.0000 3296 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
18:27:10.0006 3296 AFD - ok
18:27:10.0025 3296 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:27:10.0027 3296 agp440 - ok
18:27:10.0054 3296 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:27:10.0057 3296 aic78xx - ok
18:27:10.0070 3296 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
18:27:10.0071 3296 ALG - ok
18:27:10.0085 3296 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys
18:27:10.0087 3296 aliide - ok
18:27:10.0103 3296 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
18:27:10.0105 3296 amdide - ok
18:27:10.0142 3296 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:27:10.0144 3296 AmdK8 - ok
18:27:10.0188 3296 [ 71AFF825B960731E2AE366467BC0D1F3 ] Amfilter C:\Windows\system32\DRIVERS\Amfltx64.sys
18:27:10.0190 3296 Amfilter - ok
18:27:10.0198 3296 [ 8F1DB3D133197AFFA3A721953EB0988C ] Amusbprt C:\Windows\system32\DRIVERS\Amusbx64.sys
18:27:10.0200 3296 Amusbprt - ok
18:27:10.0228 3296 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
18:27:10.0229 3296 Appinfo - ok
18:27:10.0275 3296 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:27:10.0277 3296 Apple Mobile Device - ok
18:27:10.0310 3296 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
18:27:10.0312 3296 arc - ok
18:27:10.0329 3296 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:27:10.0331 3296 arcsas - ok
18:27:10.0446 3296 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:27:10.0448 3296 aspnet_state - ok
18:27:10.0467 3296 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:27:10.0469 3296 AsyncMac - ok
18:27:10.0520 3296 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
18:27:10.0521 3296 atapi - ok
18:27:10.0576 3296 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:27:10.0580 3296 AudioEndpointBuilder - ok
18:27:10.0589 3296 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:27:10.0592 3296 AudioSrv - ok
18:27:11.0088 3296 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
18:27:11.0159 3296 AVGIDSAgent - ok
18:27:11.0214 3296 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
18:27:11.0217 3296 AVGIDSDriver - ok
18:27:11.0236 3296 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
18:27:11.0238 3296 AVGIDSHA - ok
18:27:11.0259 3296 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
18:27:11.0263 3296 Avgldx64 - ok
18:27:11.0323 3296 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
18:27:11.0327 3296 Avgloga - ok
18:27:11.0338 3296 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
18:27:11.0341 3296 Avgmfx64 - ok
18:27:11.0356 3296 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
18:27:11.0358 3296 Avgrkx64 - ok
18:27:11.0386 3296 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
18:27:11.0390 3296 Avgtdia - ok
18:27:11.0441 3296 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
18:27:11.0443 3296 avgwd - ok
18:27:11.0452 3296 Beep - ok
18:27:11.0505 3296 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
18:27:11.0511 3296 BFE - ok
18:27:11.0580 3296 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
18:27:11.0594 3296 BITS - ok
18:27:11.0619 3296 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:27:11.0621 3296 blbdrive - ok
18:27:11.0707 3296 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:27:11.0712 3296 Bonjour Service - ok
18:27:11.0760 3296 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:27:11.0764 3296 bowser - ok
18:27:11.0785 3296 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:27:11.0786 3296 BrFiltLo - ok
18:27:11.0795 3296 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:27:11.0797 3296 BrFiltUp - ok
18:27:11.0817 3296 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
18:27:11.0819 3296 Browser - ok
18:27:11.0837 3296 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
18:27:11.0840 3296 Brserid - ok
18:27:11.0852 3296 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:27:11.0854 3296 BrSerWdm - ok
18:27:11.0870 3296 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:27:11.0871 3296 BrUsbMdm - ok
18:27:11.0884 3296 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:27:11.0886 3296 BrUsbSer - ok
18:27:11.0900 3296 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:27:11.0902 3296 BTHMODEM - ok
18:27:12.0003 3296 catchme - ok
18:27:12.0042 3296 [ 6C2DD66A3DB32450D661BA89B18B1941 ] CAXHWBS2 C:\Windows\system32\DRIVERS\CAXHWBS2.sys
18:27:12.0049 3296 CAXHWBS2 - ok
18:27:12.0062 3296 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:27:12.0064 3296 cdfs - ok
18:27:12.0113 3296 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:27:12.0115 3296 cdrom - ok
18:27:12.0171 3296 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
18:27:12.0172 3296 CertPropSvc - ok
18:27:12.0206 3296 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
18:27:12.0207 3296 circlass - ok
18:27:12.0259 3296 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
18:27:12.0264 3296 CLFS - ok
18:27:12.0354 3296 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:27:12.0357 3296 clr_optimization_v2.0.50727_32 - ok
18:27:12.0403 3296 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:27:12.0406 3296 clr_optimization_v2.0.50727_64 - ok
18:27:12.0504 3296 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:27:12.0507 3296 clr_optimization_v4.0.30319_32 - ok
18:27:12.0520 3296 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:27:12.0524 3296 clr_optimization_v4.0.30319_64 - ok
18:27:12.0541 3296 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:27:12.0542 3296 cmdide - ok
18:27:12.0553 3296 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:27:12.0555 3296 Compbatt - ok
18:27:12.0563 3296 COMSysApp - ok
18:27:12.0572 3296 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:27:12.0573 3296 crcdisk - ok
18:27:12.0629 3296 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:27:12.0630 3296 CryptSvc - ok
18:27:12.0681 3296 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
18:27:12.0686 3296 DcomLaunch - ok
18:27:12.0722 3296 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:27:12.0724 3296 DfsC - ok
18:27:13.0150 3296 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
18:27:13.0222 3296 DFSR - ok
18:27:13.0283 3296 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:27:13.0286 3296 Dhcp - ok
18:27:13.0337 3296 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
18:27:13.0340 3296 disk - ok
18:27:13.0354 3296 dlbu_device - ok
18:27:13.0406 3296 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:27:13.0408 3296 Dnscache - ok
18:27:13.0451 3296 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
18:27:13.0454 3296 dot3svc - ok
18:27:13.0483 3296 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
18:27:13.0487 3296 Dot4 - ok
18:27:13.0505 3296 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:27:13.0506 3296 Dot4Print - ok
18:27:13.0532 3296 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
18:27:13.0534 3296 dot4usb - ok
18:27:13.0575 3296 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
18:27:13.0577 3296 DPS - ok
18:27:13.0605 3296 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:27:13.0606 3296 drmkaud - ok
18:27:13.0668 3296 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:27:13.0680 3296 DXGKrnl - ok
18:27:13.0733 3296 [ D3233A444D7B4970141DB7F1A3C4C507 ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
18:27:13.0736 3296 e1express - ok
18:27:13.0757 3296 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
18:27:13.0760 3296 E1G60 - ok
18:27:13.0782 3296 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
18:27:13.0783 3296 EapHost - ok
18:27:13.0836 3296 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
18:27:13.0840 3296 Ecache - ok
18:27:13.0891 3296 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:27:13.0895 3296 ehRecvr - ok
18:27:13.0907 3296 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
18:27:13.0909 3296 ehSched - ok
18:27:13.0928 3296 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
18:27:13.0928 3296 ehstart - ok
18:27:13.0955 3296 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:27:13.0961 3296 elxstor - ok
18:27:14.0007 3296 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:27:14.0011 3296 EMDMgmt - ok
18:27:14.0035 3296 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:27:14.0037 3296 ErrDev - ok
18:27:14.0086 3296 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
18:27:14.0089 3296 EventSystem - ok
18:27:14.0123 3296 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
18:27:14.0127 3296 exfat - ok
18:27:14.0166 3296 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:27:14.0171 3296 fastfat - ok
18:27:14.0184 3296 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:27:14.0186 3296 fdc - ok
18:27:14.0214 3296 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
18:27:14.0215 3296 fdPHost - ok
18:27:14.0225 3296 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
18:27:14.0226 3296 FDResPub - ok
18:27:14.0241 3296 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:27:14.0243 3296 FileInfo - ok
18:27:14.0254 3296 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:27:14.0256 3296 Filetrace - ok
18:27:14.0271 3296 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:27:14.0273 3296 flpydisk - ok
18:27:14.0287 3296 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:27:14.0292 3296 FltMgr - ok
18:27:14.0378 3296 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
18:27:14.0394 3296 FontCache - ok
18:27:14.0458 3296 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:27:14.0459 3296 FontCache3.0.0.0 - ok
18:27:14.0473 3296 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:27:14.0474 3296 Fs_Rec - ok
18:27:14.0489 3296 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:27:14.0491 3296 gagp30kx - ok
18:27:14.0536 3296 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:27:14.0537 3296 GEARAspiWDM - ok
18:27:14.0591 3296 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
18:27:14.0600 3296 gpsvc - ok
18:27:14.0730 3296 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:27:14.0732 3296 gupdate - ok
18:27:14.0737 3296 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:27:14.0739 3296 gupdatem - ok
18:27:14.0793 3296 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:27:14.0796 3296 gusvc - ok
18:27:14.0857 3296 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:27:14.0869 3296 HDAudBus - ok
18:27:14.0885 3296 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:27:14.0886 3296 HidBth - ok
18:27:14.0901 3296 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:27:14.0903 3296 HidIr - ok
18:27:14.0946 3296 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
18:27:14.0947 3296 hidserv - ok
18:27:14.0991 3296 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:27:14.0992 3296 HidUsb - ok
18:27:15.0014 3296 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
18:27:15.0016 3296 hkmsvc - ok
18:27:15.0041 3296 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:27:15.0042 3296 HpCISSs - ok
18:27:15.0100 3296 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:27:15.0111 3296 hpqcxs08 - ok
18:27:15.0126 3296 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
18:27:15.0134 3296 hpqddsvc - ok
18:27:15.0163 3296 [ 60F1D0EDE7AE2B92B3A8886E825B7147 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
18:27:15.0181 3296 HSF_DPV - ok
18:27:15.0228 3296 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:27:15.0256 3296 HTTP - ok
18:27:15.0276 3296 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:27:15.0277 3296 i2omp - ok
18:27:15.0294 3296 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:27:15.0297 3296 i8042prt - ok
18:27:15.0318 3296 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:27:15.0322 3296 iaStorV - ok
18:27:15.0349 3296 [ F1458110073AD3B6C5DC3C592A36D1D0 ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys
18:27:15.0351 3296 IDMWFP - ok
18:27:15.0405 3296 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:27:15.0422 3296 idsvc - ok
18:27:15.0660 3296 [ F7AB8285BBECFAA5ED4050CCB89E073D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:27:15.0793 3296 igfx - ok
18:27:15.0815 3296 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:27:15.0817 3296 iirsp - ok
18:27:15.0863 3296 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
18:27:15.0870 3296 IKEEXT - ok
18:27:15.0974 3296 [ B3FB479A7C0626499EB5989BC087CF8D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:27:16.0097 3296 IntcAzAudAddService - ok
18:27:16.0157 3296 [ 42CEE1BA152FA267AE8587B4DE3B7B28 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
18:27:16.0159 3296 Intel® PROSet Monitoring Service - ok
18:27:16.0178 3296 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
18:27:16.0179 3296 intelide - ok
18:27:16.0201 3296 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:27:16.0202 3296 intelppm - ok
18:27:16.0238 3296 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:27:16.0239 3296 IPBusEnum - ok
18:27:16.0277 3296 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:27:16.0279 3296 IpFilterDriver - ok
18:27:16.0324 3296 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:27:16.0326 3296 iphlpsvc - ok
18:27:16.0330 3296 IpInIp - ok
18:27:16.0344 3296 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:27:16.0345 3296 IPMIDRV - ok
18:27:16.0361 3296 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:27:16.0363 3296 IPNAT - ok
18:27:16.0403 3296 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:27:16.0413 3296 iPod Service - ok
18:27:16.0431 3296 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:27:16.0433 3296 IRENUM - ok
18:27:16.0451 3296 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:27:16.0452 3296 isapnp - ok
18:27:16.0498 3296 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:27:16.0501 3296 iScsiPrt - ok
18:27:16.0514 3296 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:27:16.0515 3296 iteatapi - ok
18:27:16.0543 3296 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:27:16.0545 3296 iteraid - ok
18:27:16.0558 3296 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:27:16.0559 3296 kbdclass - ok
18:27:16.0570 3296 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:27:16.0572 3296 kbdhid - ok
18:27:16.0596 3296 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
18:27:16.0598 3296 KeyIso - ok
18:27:16.0641 3296 [ 4E76398AEF64CB6D782CFEB99B4EAE55 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
18:27:16.0652 3296 KMWDFILTER - ok
18:27:16.0682 3296 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:27:16.0690 3296 KSecDD - ok
18:27:16.0700 3296 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:27:16.0702 3296 ksthunk - ok
18:27:16.0748 3296 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
18:27:16.0754 3296 KtmRm - ok
18:27:16.0795 3296 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:27:16.0799 3296 LanmanServer - ok
18:27:16.0856 3296 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:27:16.0860 3296 LanmanWorkstation - ok
18:27:16.0878 3296 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:27:16.0881 3296 lltdio - ok
18:27:16.0902 3296 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:27:16.0908 3296 lltdsvc - ok
18:27:16.0918 3296 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:27:16.0920 3296 lmhosts - ok
18:27:16.0949 3296 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:27:16.0952 3296 LSI_FC - ok
18:27:16.0973 3296 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:27:16.0975 3296 LSI_SAS - ok
18:27:16.0992 3296 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:27:16.0994 3296 LSI_SCSI - ok
18:27:17.0014 3296 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
18:27:17.0017 3296 luafv - ok
18:27:17.0044 3296 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:27:17.0047 3296 Mcx2Svc - ok
18:27:17.0082 3296 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:27:17.0083 3296 mdmxsdk - ok
18:27:17.0097 3296 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
18:27:17.0099 3296 megasas - ok
18:27:17.0140 3296 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
18:27:17.0147 3296 MegaSR - ok
18:27:17.0169 3296 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
18:27:17.0171 3296 MMCSS - ok
18:27:17.0186 3296 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
18:27:17.0188 3296 Modem - ok
18:27:17.0202 3296 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:27:17.0204 3296 monitor - ok
18:27:17.0258 3296 [ C030F9E822A057C1A7A9BB4EA3E8877E ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
18:27:17.0261 3296 MotioninJoyXFilter - ok
18:27:17.0272 3296 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:27:17.0274 3296 mouclass - ok
18:27:17.0303 3296 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:27:17.0305 3296 mouhid - ok
18:27:17.0320 3296 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:27:17.0322 3296 MountMgr - ok
18:27:17.0362 3296 [ 313265CF4F5F02ED927774DA1DB3FE00 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:27:17.0377 3296 MozillaMaintenance - ok
18:27:17.0396 3296 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
18:27:17.0399 3296 mpio - ok
18:27:17.0421 3296 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:27:17.0423 3296 mpsdrv - ok
18:27:17.0472 3296 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
18:27:17.0480 3296 MpsSvc - ok
18:27:17.0494 3296 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:27:17.0496 3296 Mraid35x - ok
18:27:17.0513 3296 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:27:17.0516 3296 MRxDAV - ok
18:27:17.0536 3296 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:27:17.0540 3296 mrxsmb - ok
18:27:17.0553 3296 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:27:17.0558 3296 mrxsmb10 - ok
18:27:17.0571 3296 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:27:17.0574 3296 mrxsmb20 - ok
18:27:17.0603 3296 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys
18:27:17.0605 3296 msahci - ok
18:27:17.0624 3296 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:27:17.0626 3296 msdsm - ok
18:27:17.0657 3296 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
18:27:17.0660 3296 MSDTC - ok
18:27:17.0678 3296 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:27:17.0680 3296 Msfs - ok
18:27:17.0711 3296 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:27:17.0713 3296 msisadrv - ok
18:27:17.0747 3296 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:27:17.0751 3296 MSiSCSI - ok
18:27:17.0756 3296 msiserver - ok
18:27:17.0771 3296 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:27:17.0773 3296 MSKSSRV - ok
18:27:17.0798 3296 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:27:17.0799 3296 MSPCLOCK - ok
18:27:17.0809 3296 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:27:17.0811 3296 MSPQM - ok
18:27:17.0855 3296 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:27:17.0861 3296 MsRPC - ok
18:27:17.0877 3296 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:27:17.0878 3296 mssmbios - ok
18:27:17.0883 3296 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:27:17.0886 3296 MSTEE - ok
18:27:17.0912 3296 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
18:27:17.0914 3296 Mup - ok
18:27:17.0980 3296 [ 2D23D6835C655154EB7CBB2FF4975E23 ] NAL C:\Windows\system32\Drivers\iqvw64e.sys
18:27:17.0982 3296 NAL - ok
18:27:18.0023 3296 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
18:27:18.0030 3296 napagent - ok
18:27:18.0085 3296 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:27:18.0089 3296 NativeWifiP - ok
18:27:18.0148 3296 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:27:18.0159 3296 NDIS - ok
18:27:18.0169 3296 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:27:18.0171 3296 NdisTapi - ok
18:27:18.0199 3296 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:27:18.0201 3296 Ndisuio - ok
18:27:18.0216 3296 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:27:18.0220 3296 NdisWan - ok
18:27:18.0229 3296 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:27:18.0232 3296 NDProxy - ok
18:27:18.0275 3296 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:27:18.0285 3296 Net Driver HPZ12 - ok
18:27:18.0321 3296 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
18:27:18.0323 3296 Netaapl - ok
18:27:18.0335 3296 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:27:18.0337 3296 NetBIOS - ok
18:27:18.0385 3296 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:27:18.0389 3296 netbt - ok
18:27:18.0402 3296 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
18:27:18.0404 3296 Netlogon - ok
18:27:18.0430 3296 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
18:27:18.0433 3296 Netman - ok
18:27:18.0467 3296 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:27:18.0469 3296 NetMsmqActivator - ok
18:27:18.0473 3296 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:27:18.0474 3296 NetPipeActivator - ok
18:27:18.0490 3296 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
18:27:18.0494 3296 netprofm - ok
18:27:18.0498 3296 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:27:18.0500 3296 NetTcpActivator - ok
18:27:18.0504 3296 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:27:18.0505 3296 NetTcpPortSharing - ok
18:27:18.0519 3296 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:27:18.0521 3296 nfrd960 - ok
18:27:18.0537 3296 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
18:27:18.0540 3296 NlaSvc - ok
18:27:18.0559 3296 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:27:18.0561 3296 Npfs - ok
18:27:18.0595 3296 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
18:27:18.0596 3296 nsi - ok
18:27:18.0600 3296 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:27:18.0604 3296 nsiproxy - ok
18:27:18.0663 3296 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:27:18.0681 3296 Ntfs - ok
18:27:18.0696 3296 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
18:27:18.0698 3296 Null - ok
18:27:18.0713 3296 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:27:18.0715 3296 nvraid - ok
18:27:18.0736 3296 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:27:18.0737 3296 nvstor - ok
18:27:18.0749 3296 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:27:18.0752 3296 nv_agp - ok
18:27:18.0796 3296 [ 952AB3BDEF38A7391AA05BC8C6028F15 ] NWADI C:\Windows\system32\DRIVERS\NWADIenum.sys
18:27:18.0799 3296 NWADI - ok
18:27:18.0804 3296 NwlnkFlt - ok
18:27:18.0809 3296 NwlnkFwd - ok
18:27:18.0857 3296 [ DE3ABD010D9734CD4AD4E0BA81F50B63 ] NWUSBCDFIL64 C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys
18:27:18.0859 3296 NWUSBCDFIL64 - ok
18:27:18.0903 3296 [ 6AE72C04633788C3C3B71B5BEB17183C ] NWUSBModem C:\Windows\system32\DRIVERS\nwusbmdm.sys
18:27:18.0908 3296 NWUSBModem - ok
18:27:18.0950 3296 [ 6AE72C04633788C3C3B71B5BEB17183C ] NWUSBPort C:\Windows\system32\DRIVERS\nwusbser.sys
18:27:18.0954 3296 NWUSBPort - ok
18:27:18.0998 3296 [ 6AE72C04633788C3C3B71B5BEB17183C ] NWUSBPort2 C:\Windows\system32\DRIVERS\nwusbser2.sys
18:27:19.0002 3296 NWUSBPort2 - ok
18:27:19.0028 3296 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:27:19.0030 3296 ohci1394 - ok
18:27:19.0086 3296 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:27:19.0102 3296 p2pimsvc - ok
18:27:19.0118 3296 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
18:27:19.0126 3296 p2psvc - ok
18:27:19.0138 3296 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
18:27:19.0140 3296 Parport - ok
18:27:19.0181 3296 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:27:19.0183 3296 partmgr - ok
18:27:19.0206 3296 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
18:27:19.0208 3296 PcaSvc - ok
18:27:19.0250 3296 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
18:27:19.0253 3296 pci - ok
18:27:19.0278 3296 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
18:27:19.0280 3296 pciide - ok
18:27:19.0298 3296 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:27:19.0302 3296 pcmcia - ok
18:27:19.0329 3296 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:27:19.0339 3296 PEAUTH - ok
18:27:19.0415 3296 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:27:19.0416 3296 PerfHost - ok
18:27:19.0478 3296 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
18:27:19.0497 3296 pla - ok
18:27:19.0519 3296 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:27:19.0524 3296 PlugPlay - ok
18:27:19.0565 3296 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:27:19.0577 3296 Pml Driver HPZ12 - ok
18:27:19.0600 3296 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:27:19.0607 3296 PNRPAutoReg - ok
18:27:19.0622 3296 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:27:19.0629 3296 PNRPsvc - ok
18:27:19.0678 3296 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:27:19.0686 3296 PolicyAgent - ok
18:27:19.0730 3296 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:27:19.0733 3296 PptpMiniport - ok
18:27:19.0757 3296 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
18:27:19.0759 3296 Processor - ok
18:27:19.0804 3296 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
18:27:19.0807 3296 ProfSvc - ok
18:27:19.0821 3296 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
18:27:19.0822 3296 ProtectedStorage - ok
18:27:19.0846 3296 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:27:19.0848 3296 PSched - ok
18:27:19.0893 3296 [ 46851BC18322DA70F3F2299A1007C479 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
18:27:19.0894 3296 PxHlpa64 - ok
18:27:19.0933 3296 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:27:19.0949 3296 ql2300 - ok
18:27:19.0979 3296 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:27:19.0982 3296 ql40xx - ok
18:27:20.0009 3296 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
18:27:20.0013 3296 QWAVE - ok
18:27:20.0024 3296 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:27:20.0026 3296 QWAVEdrv - ok
18:27:20.0082 3296 [ 2A09A6B271D1F50ADF5E33B37D460DE6 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
18:27:20.0115 3296 R300 - ok
18:27:20.0124 3296 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:27:20.0126 3296 RasAcd - ok
18:27:20.0160 3296 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
18:27:20.0163 3296 RasAuto - ok
18:27:20.0208 3296 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:27:20.0211 3296 Rasl2tp - ok
18:27:20.0229 3296 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
18:27:20.0234 3296 RasMan - ok
18:27:20.0278 3296 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:27:20.0280 3296 RasPppoe - ok
18:27:20.0321 3296 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:27:20.0323 3296 RasSstp - ok
18:27:20.0371 3296 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:27:20.0377 3296 rdbss - ok
18:27:20.0389 3296 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:27:20.0391 3296 RDPCDD - ok
18:27:20.0415 3296 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:27:20.0428 3296 rdpdr - ok
18:27:20.0434 3296 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:27:20.0442 3296 RDPENCDD - ok
18:27:20.0492 3296 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:27:20.0497 3296 RDPWD - ok
18:27:20.0524 3296 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:27:20.0526 3296 RemoteAccess - ok
18:27:20.0570 3296 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:27:20.0573 3296 RemoteRegistry - ok
18:27:20.0583 3296 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
18:27:20.0585 3296 RpcLocator - ok
18:27:20.0643 3296 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
18:27:20.0648 3296 RpcSs - ok
18:27:20.0664 3296 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:27:20.0666 3296 rspndr - ok
18:27:20.0675 3296 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
18:27:20.0676 3296 SamSs - ok
18:27:20.0691 3296 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:27:20.0693 3296 sbp2port - ok
18:27:20.0739 3296 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:27:20.0741 3296 SCardSvr - ok
18:27:20.0802 3296 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
18:27:20.0808 3296 Schedule - ok
18:27:20.0846 3296 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:27:20.0847 3296 SCPolicySvc - ok
18:27:20.0869 3296 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:27:20.0872 3296 SDRSVC - ok
18:27:20.0882 3296 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:27:20.0883 3296 secdrv - ok
18:27:20.0894 3296 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
18:27:20.0896 3296 seclogon - ok
18:27:20.0909 3296 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
18:27:20.0911 3296 SENS - ok
18:27:20.0921 3296 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:27:20.0922 3296 Serenum - ok
18:27:20.0938 3296 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
18:27:20.0940 3296 Serial - ok
18:27:20.0953 3296 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:27:20.0955 3296 sermouse - ok
18:27:20.0971 3296 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
18:27:20.0972 3296 SessionEnv - ok
18:27:20.0980 3296 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:27:20.0981 3296 sffdisk - ok
18:27:20.0992 3296 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:27:20.0993 3296 sffp_mmc - ok
18:27:21.0003 3296 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:27:21.0004 3296 sffp_sd - ok
18:27:21.0017 3296 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:27:21.0018 3296 sfloppy - ok
18:27:21.0045 3296 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:27:21.0048 3296 SharedAccess - ok
18:27:21.0113 3296 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:27:21.0116 3296 ShellHWDetection - ok
18:27:21.0139 3296 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:27:21.0141 3296 SiSRaid2 - ok
18:27:21.0159 3296 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:27:21.0162 3296 SiSRaid4 - ok
18:27:21.0500 3296 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
18:27:21.0540 3296 slsvc - ok
18:27:21.0577 3296 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:27:21.0579 3296 SLUINotify - ok
18:27:21.0604 3296 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:27:21.0607 3296 Smb - ok
18:27:21.0647 3296 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:27:21.0650 3296 SNMPTRAP - ok
18:27:21.0687 3296 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
18:27:21.0689 3296 spldr - ok
18:27:21.0745 3296 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
18:27:21.0749 3296 Spooler - ok
18:27:21.0797 3296 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
18:27:21.0805 3296 srv - ok
18:27:21.0853 3296 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:27:21.0857 3296 srv2 - ok
18:27:21.0899 3296 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:27:21.0902 3296 srvnet - ok
18:27:21.0959 3296 [ 866F8212EF7E75BAC8BCA03331E30CB4 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
18:27:21.0962 3296 ssadbus - ok
18:27:22.0018 3296 [ 73E2BA39E7EB024DC686412E2E924A74 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
18:27:22.0019 3296 ssadmdfl - ok
18:27:22.0035 3296 [ 74B032D6C1E36AE2F790752FDE8CE055 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
18:27:22.0038 3296 ssadmdm - ok
18:27:22.0063 3296 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:27:22.0066 3296 SSDPSRV - ok
18:27:22.0092 3296 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:27:22.0095 3296 SstpSvc - ok
18:27:22.0149 3296 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
18:27:22.0157 3296 stisvc - ok
18:27:22.0213 3296 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
18:27:22.0214 3296 stllssvr - ok
18:27:22.0239 3296 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:27:22.0240 3296 swenum - ok
18:27:22.0287 3296 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
18:27:22.0294 3296 swprv - ok
18:27:22.0310 3296 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:27:22.0312 3296 Symc8xx - ok
18:27:22.0322 3296 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:27:22.0324 3296 Sym_hi - ok
18:27:22.0337 3296 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:27:22.0339 3296 Sym_u3 - ok
18:27:22.0397 3296 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
18:27:22.0407 3296 SysMain - ok
18:27:22.0430 3296 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:27:22.0433 3296 TabletInputService - ok
18:27:22.0471 3296 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:27:22.0475 3296 TapiSrv - ok
18:27:22.0492 3296 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
18:27:22.0495 3296 TBS - ok
18:27:22.0551 3296 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:27:22.0571 3296 Tcpip - ok
18:27:22.0593 3296 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:27:22.0605 3296 Tcpip6 - ok
18:27:22.0652 3296 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:27:22.0655 3296 tcpipreg - ok
18:27:22.0662 3296 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:27:22.0664 3296 TDPIPE - ok
18:27:22.0680 3296 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:27:22.0682 3296 TDTCP - ok
18:27:22.0729 3296 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:27:22.0732 3296 tdx - ok
18:27:22.0744 3296 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:27:22.0746 3296 TermDD - ok
18:27:22.0796 3296 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
18:27:22.0802 3296 TermService - ok
18:27:22.0823 3296 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
18:27:22.0827 3296 Themes - ok
18:27:22.0842 3296 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
18:27:22.0844 3296 THREADORDER - ok
18:27:22.0869 3296 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
18:27:22.0871 3296 TrkWks - ok
18:27:22.0938 3296 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:27:22.0939 3296 TrustedInstaller - ok
18:27:22.0956 3296 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:27:22.0958 3296 tssecsrv - ok
18:27:22.0991 3296 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:27:22.0993 3296 tunmp - ok
18:27:23.0039 3296 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:27:23.0041 3296 tunnel - ok
18:27:23.0055 3296 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:27:23.0057 3296 uagp35 - ok
18:27:23.0104 3296 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:27:23.0110 3296 udfs - ok
18:27:23.0121 3296 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:27:23.0124 3296 UI0Detect - ok
18:27:23.0142 3296 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:27:23.0144 3296 uliagpkx - ok
18:27:23.0159 3296 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:27:23.0165 3296 uliahci - ok
18:27:23.0188 3296 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:27:23.0192 3296 UlSata - ok
18:27:23.0203 3296 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:27:23.0206 3296 ulsata2 - ok
18:27:23.0224 3296 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:27:23.0226 3296 umbus - ok
18:27:23.0268 3296 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
18:27:23.0274 3296 upnphost - ok
18:27:23.0328 3296 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:27:23.0331 3296 USBAAPL64 - ok
18:27:23.0391 3296 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:27:23.0394 3296 usbccgp - ok
18:27:23.0414 3296 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:27:23.0416 3296 usbcir - ok
18:27:23.0449 3296 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:27:23.0451 3296 usbehci - ok
18:27:23.0497 3296 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:27:23.0502 3296 usbhub - ok
18:27:23.0518 3296 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:27:23.0520 3296 usbohci - ok
18:27:23.0547 3296 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:27:23.0549 3296 usbprint - ok
18:27:23.0596 3296 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:27:23.0597 3296 usbscan - ok
18:27:23.0639 3296 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:27:23.0641 3296 USBSTOR - ok
18:27:23.0649 3296 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:27:23.0651 3296 usbuhci - ok
18:27:23.0700 3296 [ 1E36BB1A3C5AAF2AA9FA9A126DF8C16C ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
18:27:23.0702 3296 usb_rndisx - ok
18:27:23.0736 3296 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
18:27:23.0738 3296 UxSms - ok
18:27:23.0789 3296 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
18:27:23.0794 3296 vds - ok
18:27:23.0806 3296 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:27:23.0808 3296 vga - ok
18:27:23.0836 3296 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:27:23.0838 3296 VgaSave - ok
18:27:23.0869 3296 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
18:27:23.0870 3296 viaide - ok
18:27:23.0894 3296 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:27:23.0895 3296 volmgr - ok
18:27:23.0968 3296 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:27:23.0974 3296 volmgrx - ok
18:27:24.0022 3296 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:27:24.0026 3296 volsnap - ok
18:27:24.0038 3296 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:27:24.0040 3296 vsmraid - ok
18:27:24.0095 3296 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
18:27:24.0115 3296 VSS - ok
18:27:24.0146 3296 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
18:27:24.0150 3296 W32Time - ok
18:27:24.0162 3296 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:27:24.0164 3296 WacomPen - ok
18:27:24.0203 3296 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:27:24.0206 3296 Wanarp - ok
18:27:24.0209 3296 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:27:24.0211 3296 Wanarpv6 - ok
18:27:24.0230 3296 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:27:24.0234 3296 wcncsvc - ok
18:27:24.0256 3296 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:27:24.0258 3296 WcsPlugInService - ok
18:27:24.0266 3296 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
18:27:24.0268 3296 Wd - ok
18:27:24.0314 3296 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:27:24.0323 3296 Wdf01000 - ok
18:27:24.0334 3296 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:27:24.0337 3296 WdiServiceHost - ok
18:27:24.0341 3296 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:27:24.0343 3296 WdiSystemHost - ok
18:27:24.0353 3296 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
18:27:24.0357 3296 WebClient - ok
18:27:24.0399 3296 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:27:24.0402 3296 Wecsvc - ok
18:27:24.0415 3296 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:27:24.0417 3296 wercplsupport - ok
18:27:24.0432 3296 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
18:27:24.0435 3296 WerSvc - ok
18:27:24.0468 3296 [ A53CDE6BEEA165FE9B430476EEDE3C54 ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
18:27:24.0479 3296 winachsf - ok
18:27:24.0498 3296 WinDefend - ok
18:27:24.0508 3296 WinHttpAutoProxySvc - ok
18:27:24.0578 3296 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:27:24.0581 3296 Winmgmt - ok
18:27:24.0649 3296 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
18:27:24.0679 3296 WinRM - ok
18:27:24.0736 3296 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:27:24.0743 3296 Wlansvc - ok
18:27:24.0767 3296 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:27:24.0768 3296 WmiAcpi - ok
18:27:24.0788 3296 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:27:24.0790 3296 wmiApSrv - ok
18:27:24.0798 3296 WMPNetworkSvc - ok
18:27:24.0824 3296 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:27:24.0827 3296 WPCSvc - ok
18:27:24.0875 3296 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:27:24.0878 3296 WPDBusEnum - ok
18:27:24.0906 3296 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:27:24.0908 3296 WpdUsb - ok
18:27:25.0029 3296 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:27:25.0037 3296 WPFFontCache_v0400 - ok
18:27:25.0051 3296 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:27:25.0053 3296 ws2ifsl - ok
18:27:25.0088 3296 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
18:27:25.0091 3296 wscsvc - ok
18:27:25.0096 3296 WSearch - ok
18:27:25.0171 3296 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:27:25.0203 3296 wuauserv - ok
18:27:25.0232 3296 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:27:25.0235 3296 WUDFRd - ok
18:27:25.0265 3296 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:27:25.0267 3296 wudfsvc - ok
18:27:25.0298 3296 [ F22E443518BC599D12888DAF292A56D8 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
18:27:25.0299 3296 XAudio - ok
18:27:25.0318 3296 [ 963C27034BBA4AC52A13F7A3C657C708 ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe
18:27:25.0322 3296 XAudioService - ok
18:27:25.0367 3296 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
18:27:25.0370 3296 xusb21 - ok
18:27:25.0399 3296 ================ Scan global ===============================
18:27:25.0420 3296 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
18:27:25.0474 3296 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
18:27:25.0488 3296 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
18:27:25.0538 3296 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
18:27:25.0542 3296 [Global] - ok
18:27:25.0543 3296 ================ Scan MBR ==================================
18:27:25.0553 3296 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
18:27:25.0761 3296 \Device\Harddisk0\DR0 - ok
18:27:25.0764 3296 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR1
18:27:25.0768 3296 \Device\Harddisk1\DR1 - ok
18:27:25.0769 3296 ================ Scan VBR ==================================
18:27:25.0781 3296 [ 0CFB5E5FCB69A102736196FC7EABA60A ] \Device\Harddisk0\DR0\Partition1
18:27:25.0783 3296 \Device\Harddisk0\DR0\Partition1 - ok
18:27:25.0788 3296 [ 496F7348AE01DE796295FD6B42B4BA15 ] \Device\Harddisk0\DR0\Partition2
18:27:25.0794 3296 \Device\Harddisk0\DR0\Partition2 - ok
18:27:25.0798 3296 [ C98170DAE78F9EA0EFC801440BDD50C4 ] \Device\Harddisk1\DR1\Partition1
18:27:25.0799 3296 \Device\Harddisk1\DR1\Partition1 - ok
18:27:25.0800 3296 ============================================================
18:27:25.0800 3296 Scan finished
18:27:25.0800 3296 ============================================================
18:27:25.0812 5036 Detected object count: 0
18:27:25.0812 5036 Actual detected object count: 0
18:28:57.0426 3184 Deinitialize success

And

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-27 18:31:37
-----------------------------
18:31:37.878 OS Version: Windows x64 6.0.6002 Service Pack 2
18:31:37.878 Number of processors: 2 586 0x1706
18:31:37.880 ComputerName: AARON-PC UserName:
18:31:39.554 Initialize success
18:32:25.313 AVAST engine defs: 12112701
18:32:34.277 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:32:34.280 Disk 0 Vendor: SAMSUNG_HD642JJ 1AA01113 Size: 610480MB BusType: 3
18:32:34.282 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
18:32:34.284 Disk 1 Vendor: ST3500418AS CC35 Size: 476940MB BusType: 3
18:32:34.296 Disk 0 MBR read successfully
18:32:34.298 Disk 0 MBR scan
18:32:34.303 Disk 0 Windows VISTA default MBR code
18:32:34.306 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
18:32:34.316 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
18:32:34.328 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 595439 MB offset 30801920
18:32:34.353 Disk 0 scanning C:\Windows\system32\drivers
18:32:45.123 Service scanning
18:33:06.009 Modules scanning
18:33:06.020 Disk 0 trace - called modules:
18:33:06.035 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:33:06.040 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a25060]
18:33:06.045 3 CLASSPNP.SYS[fffffa6000fd1c33] -> nt!IofCallDriver -> [0xfffffa800485ea90]
18:33:06.050 5 acpi.sys[fffffa60008c5fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004855060]
18:33:07.566 AVAST engine scan C:\Windows
18:33:12.194 AVAST engine scan C:\Windows\system32
18:37:51.361 AVAST engine scan C:\Windows\system32\drivers
18:38:09.087 AVAST engine scan C:\Users\Administrator
18:39:05.924 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
18:39:05.930 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

Edited by alo, 27 November 2012 - 11:30 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:06 PM

Posted 28 November 2012 - 07:12 AM

Hello


Also some new things have been happening my computer takes alot of time to load a page usually its almost instant but now it takes more than a minute sometimes - do you know when this first started or at least when you first noticed it?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 alo

alo
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 28 November 2012 - 10:06 AM

It started about two days ago some pages that would normally loat in like two seconds or less started taking a lot longer
to load at first I did not worry because it happened then it stopped but now its happening again and also some pages just
freeze for like a minute then they load up or sometimes just freeze my whole computer and then the only way to turn it off
is by holding the power button down

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:06 PM

Posted 28 November 2012 - 09:34 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 alo

alo
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 28 November 2012 - 10:00 PM

OTL logfile created on: 11/28/2012 6:49:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 64.92% Memory free
8.21 Gb Paging File | 6.54 Gb Available in Paging File | 79.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.48 Gb Total Space | 300.15 Gb Free Space | 51.62% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 8.54 Gb Free Space | 58.33% Space Free | Partition Type: NTFS
Drive E: | 465.70 Gb Total Space | 228.15 Gb Free Space | 48.99% Space Free | Partition Type: FAT32

Computer Name: AARON-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Administrator\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe (Tonec Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (Intel® -- C:\Windows\SysNative\IProsetMonitor.exe (Intel Corporation)
SRV:64bit: - (AERTFilters) -- C:\Windows\SysNative\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (dlbu_device) -- C:\Windows\SysNative\dlbucoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\DRIVERS\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\DRIVERS\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NAL) -- C:\Windows\SysNative\Drivers\iqvw64e.sys (Intel Corporation )
DRV:64bit: - (IDMWFP) -- C:\Windows\SysNative\DRIVERS\idmwfp.sys (Tonec Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\DRIVERS\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\DRIVERS\netaapl64.sys (Apple Inc.)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\DRIVERS\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\DRIVERS\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (NWUSBCDFIL64) -- C:\Windows\SysNative\DRIVERS\NwUsbCdFil64.sys (Novatel Wireless Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWBS2) -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys (Conexant Systems, Inc.)
DRV:64bit: - (NWADI) -- C:\Windows\SysNative\DRIVERS\NWADIenum.sys (Novatel Wireless Inc)
DRV:64bit: - (NWUSBPort2) -- C:\Windows\SysNative\DRIVERS\nwusbser2.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBPort) -- C:\Windows\SysNative\DRIVERS\nwusbser.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBModem) -- C:\Windows\SysNative\DRIVERS\nwusbmdm.sys (Novatel Wireless Inc.)
DRV:64bit: - (Amusbprt) -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys (A4Tech Co.,Ltd.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Amfilter) -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys ((Standard mouse types))
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DMUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5081121
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3514608379-4125247381-384991581-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3514608379-4125247381-384991581-500\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3514608379-4125247381-384991581-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3514608379-4125247381-384991581-500\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3514608379-4125247381-384991581-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3514608379-4125247381-384991581-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-3514608379-4125247381-384991581-500\..\SearchScopes\{97CD4B58-F9A7-4AE0-99F5-38C038890E19}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ARCD&o=102810&src=kw&q={searchTerms}&locale=&apn_ptnrs=8W&apn_dtid=YYYYYYYYUS&apn_uid=da6f1e54-495c-4fc0-b511-92bd47f14176&apn_sauid=0B0D86B4-55BA-400F-AC7B-5268C093A71C
IE - HKU\S-1-5-21-3514608379-4125247381-384991581-500\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb196/?search={searchTerms}&loc=IB_DS&a=6PQQWcDv41&i=26
IE - HKU\S-1-5-21-3514608379-4125247381-384991581-500\..\SearchScopes\{DA669B2D-3F23-4B39-891F-AAF70EE85272}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3184310
IE - HKU\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbdownloader@KMcore: C:\Program Files (x86)\SDIV 2.0\Lib\xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/20 20:51:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/26 18:20:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2012/10/21 19:05:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Administrator\AppData\Roaming\IDM\idmmzcc5 [2012/10/21 19:05:48 | 000,000,000 | ---D | M]

[2012/11/20 20:51:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2012/11/26 17:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qkjuccny.default\extensions
[2012/11/23 21:17:16 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qkjuccny.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/11/20 20:51:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/09/03 19:29:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/11/19 22:17:52 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/12 15:35:53 | 000,092,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/10/12 15:35:55 | 000,092,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/11/19 22:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/19 22:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\pdf.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\plugins/PerionChromeInfoBar-32.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkdgphikkepnnefheniljdgolldgpld\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkdgphikkepnnefheniljdgolldgpld\10.13.20.29_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2012/11/27 15:36:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Swiki_IE) - {34191E35-BBFC-4587-87A9-4B397107119D} - C:\Program Files (x86)\Swiki_IE\ScriptHost.dll File not found
O2 - BHO: (FBDownloader BHO) - {553318DA-D010-469E-84B1-496563CAE1BF} - C:\Program Files (x86)\HTTO Group, Ltd\FBDownloader IE Add-on\FBDownloader.dll (HTTO Group, Ltd)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\S-1-5-21-3514608379-4125247381-384991581-500\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [DLBUCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\DLBUtime.DLL ()
O4:64bit: - HKLM..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] Skytel.exe File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-3514608379-4125247381-384991581-500..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3514608379-4125247381-384991581-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3514608379-4125247381-384991581-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3514608379-4125247381-384991581-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 198.224.174.135 198.224.173.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E2F15AD-01F7-4331-920C-F976B8E49B33}: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E2F15AD-01F7-4331-920C-F976B8E49B33}: NameServer = 107.6.133.8,23.23.180.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64685DB7-B0B1-4A1E-A65F-4B8CD1BFEFF0}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64685DB7-B0B1-4A1E-A65F-4B8CD1BFEFF0}: NameServer = 107.6.133.8,23.23.180.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DCBCD70-2680-4DA0-9604-ED6E9EBA888F}: DhcpNameServer = 198.224.174.135 198.224.173.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DCBCD70-2680-4DA0-9604-ED6E9EBA888F}: NameServer = 107.6.133.8,23.23.180.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{c328fed4-6a85-11db-9fbd-806e6f6e6963}: NameServer = 107.6.133.8,23.23.180.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFAB2CF6-B4C9-4EF6-B953-DDA781968BC1}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFAB2CF6-B4C9-4EF6-B953-DDA781968BC1}: NameServer = 107.6.133.8,23.23.180.210
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/28 11:23:43 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012/11/27 19:59:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/27 16:19:04 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/11/27 16:02:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/27 16:02:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2012/11/27 15:28:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/27 15:28:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/27 15:28:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/27 15:28:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/27 15:28:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/26 20:27:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\AVG2013
[2012/11/26 20:25:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2012/11/26 20:25:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/11/26 20:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/11/26 20:23:45 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/11/26 20:22:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/11/26 20:20:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\MFAData
[2012/11/26 20:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/11/26 20:20:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Avg2013
[2012/11/26 17:08:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\CRE
[2012/11/26 16:58:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\7Wonders2
[2012/11/26 16:52:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\fltk.org
[2012/11/26 16:50:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTTO Group, Ltd
[2012/11/26 16:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\MumboJumbo
[2012/11/26 16:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Assistant
[2012/11/26 16:06:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\WeatherBug
[2012/11/26 16:06:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\WeatherBug
[2012/11/26 15:50:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\flightgear.org
[2012/11/26 15:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealArcade
[2012/11/26 15:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OtShot
[2012/11/26 15:04:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OtShot
[2012/11/26 15:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\ZalmanInstaller_otshot
[2012/11/26 15:00:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fbDownloader
[2012/11/20 20:51:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2012/11/20 20:51:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/11/20 15:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/18 14:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
[2012/11/18 14:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SDA
[2012/11/18 14:14:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Downloaded Installations
[2012/11/14 14:43:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012/11/14 14:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/14 14:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/14 14:43:33 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/14 14:43:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/14 09:13:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\DoctorWeb
[2012/11/14 08:01:36 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/14 08:01:36 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/14 08:01:35 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/14 08:01:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/14 08:01:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/14 08:01:35 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/14 08:01:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/14 08:01:34 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/14 08:01:34 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/14 08:01:34 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/14 08:01:34 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/14 08:01:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/14 08:01:33 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/14 08:01:33 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/14 08:01:32 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/14 03:24:41 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/14 03:24:41 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/12 23:22:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\iPod Photo Cache
[2012/11/12 23:22:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\iPod Photo Cache
[2012/11/12 16:53:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\IAC
[2012/11/04 20:09:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Azureus
[2012/11/04 20:08:24 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/11/02 08:56:48 | 000,159,208 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2012/11/02 08:56:48 | 000,125,416 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2012/11/02 08:56:48 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2012/11/02 08:56:48 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2012/11/02 08:56:48 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2012/11/02 08:56:48 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2012/11/02 08:56:48 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2012/11/02 08:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2012/11/02 08:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/10/30 18:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/10/30 18:53:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/28 18:27:11 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/28 18:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/28 18:04:52 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/28 18:04:52 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/28 17:03:43 | 000,755,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/28 17:03:43 | 000,640,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/28 17:03:43 | 000,118,660 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/28 16:05:07 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/28 16:04:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/28 16:04:45 | 4283,617,280 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/27 20:20:57 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/11/27 20:20:57 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/11/27 18:39:05 | 000,000,512 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/11/27 15:36:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/26 20:32:26 | 000,000,866 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012/11/26 17:08:40 | 000,000,009 | ---- | M] () -- C:\END
[2012/11/26 16:39:54 | 000,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2012/11/20 20:51:45 | 000,000,874 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/18 14:15:13 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\SDFormatter.lnk
[2012/11/14 08:21:28 | 000,315,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/02 01:53:22 | 000,137,848 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/11/01 16:23:36 | 000,001,714 | ---- | M] () -- C:\Users\Administrator\Desktop\iTunes.lnk
[2012/10/31 21:29:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/27 18:39:05 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/11/27 15:28:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/27 15:28:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/27 15:28:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/27 15:28:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/27 15:28:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/26 17:08:06 | 000,000,009 | ---- | C] () -- C:\END
[2012/11/26 16:01:28 | 000,000,866 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2012/11/26 15:04:43 | 000,000,792 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OtShot.lnk
[2012/11/20 20:51:45 | 000,000,874 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/20 20:51:45 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/18 14:15:13 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\SDFormatter.lnk
[2012/11/02 01:53:22 | 000,137,848 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/11/01 16:23:36 | 000,001,714 | ---- | C] () -- C:\Users\Administrator\Desktop\iTunes.lnk
[2012/10/31 21:29:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2012/10/30 16:27:21 | 000,256,983 | ---- | C] () -- C:\Users\Administrator\Documents\Untitled-1.pdf
[2012/10/30 16:27:20 | 001,077,727 | ---- | C] () -- C:\Users\Administrator\Documents\Untitled-1.ai
[2012/10/23 19:08:01 | 000,750,820 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/23 19:07:29 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2008/12/19 21:04:53 | 000,125,358 | ---- | C] () -- C:\Program Files\SBC Self Support Tool
[2007/03/24 08:05:13 | 000,019,968 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 07:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 09:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/10 23:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 18:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:06 PM

Posted 28 November 2012 - 10:15 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
    O2 - BHO: (Swiki_IE) - {34191E35-BBFC-4587-87A9-4B397107119D} - C:\Program Files (x86)\Swiki_IE\ScriptHost.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3 - HKU\S-1-5-21-3514608379-4125247381-384991581-500\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe File not found
    O4:64bit: - HKLM..\Run: [Skytel] Skytel.exe File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    IE - HKU\S-1-5-21-3514608379-4125247381-384991581-500\..\SearchScopes\{97CD4B58-F9A7-4AE0-99F5-38C038890E19}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ARCD&o=102810&src=kw&q={searchTerms}&locale=&apn_ptnrs=8W&apn_dtid=YYYYYYYYUS&apn_uid=da6f1e54-495c-4fc0-b511-92bd47f14176&apn_sauid=0B0D86B4-55BA-400F-AC7B-5268C093A71C
    IE - HKU\S-1-5-21-3514608379-4125247381-384991581-500\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb196/?search={searchTerms}&loc=IB_DS&a=6PQQWcDv41&i=26
    IE - HKU\S-1-5-21-3514608379-4125247381-384991581-500\..\SearchScopes\{DA669B2D-3F23-4B39-891F-AAF70EE85272}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3184310
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 alo

alo
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 28 November 2012 - 10:37 PM

My searches no longer get redirected and everything else seems to be working fine now
Thank you for all your help

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34191E35-BBFC-4587-87A9-4B397107119D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34191E35-BBFC-4587-87A9-4B397107119D}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ECenter deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Skytel deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
File oft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
Registry key HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Internet Explorer\SearchScopes\{97CD4B58-F9A7-4AE0-99F5-38C038890E19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97CD4B58-F9A7-4AE0-99F5-38C038890E19}\ not found.
Registry key HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Internet Explorer\SearchScopes\{DA669B2D-3F23-4B39-891F-AAF70EE85272}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA669B2D-3F23-4B39-891F-AAF70EE85272}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Administrator\Downloads\cmd.bat deleted successfully.
C:\Users\Administrator\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: aaron
->Java cache emptied: 3531388 bytes

User: Administrator
->Java cache emptied: 9022184 bytes

User: All Users

User: ALO

User: AppData

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 12.00 mb


[EMPTYFLASH]

User: aaron
->Flash cache emptied: 227491 bytes

User: Administrator
->Flash cache emptied: 81988 bytes

User: All Users

User: ALO

User: AppData

User: Default
->Flash cache emptied: 56504 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11282012_192625

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:06 PM

Posted 28 November 2012 - 10:38 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 alo

alo
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 28 November 2012 - 11:18 PM

No problems happened the computer is working fine now no more problems to report
Here is the log

ComboFix 12-11-28.02 - Administrator 11/28/2012 19:50:04.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4084.2764 [GMT -8:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
Command switches used :: c:\users\Administrator\Downloads\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-29 )))))))))))))))))))))))))))))))
.
.
2012-11-29 03:57 . 2012-11-29 03:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-29 03:57 . 2012-11-29 03:57 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-11-29 03:57 . 2012-11-29 03:57 -------- d-----w- c:\users\aaron\AppData\Local\temp
2012-11-29 03:26 . 2012-11-29 03:26 -------- d-----w- C:\_OTL
2012-11-28 19:23 . 2012-11-28 19:23 -------- d-----r- C:\Sandbox
2012-11-27 04:27 . 2012-11-27 04:27 -------- d-----w- c:\users\Administrator\AppData\Roaming\AVG2013
2012-11-27 04:25 . 2012-11-27 04:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\TuneUp Software
2012-11-27 04:23 . 2012-11-27 04:26 -------- d-----w- c:\programdata\AVG2013
2012-11-27 04:23 . 2012-11-27 04:23 -------- d-----w- C:\$AVG
2012-11-27 04:22 . 2012-11-27 04:22 -------- d-----w- c:\program files (x86)\AVG
2012-11-27 04:20 . 2012-11-29 02:51 -------- d-----w- c:\programdata\MFAData
2012-11-27 04:20 . 2012-11-27 06:00 -------- d-----w- c:\users\Administrator\AppData\Local\Avg2013
2012-11-27 04:20 . 2012-11-27 04:20 -------- d-----w- c:\users\Administrator\AppData\Local\MFAData
2012-11-27 01:08 . 2012-11-27 23:37 -------- d-----w- c:\users\AppData
2012-11-27 01:08 . 2012-11-27 01:08 -------- d-----w- c:\users\Administrator\AppData\Local\CRE
2012-11-27 00:58 . 2012-11-27 00:58 -------- d-----w- c:\users\Administrator\AppData\Local\7Wonders2
2012-11-27 00:52 . 2012-11-27 00:52 -------- d-----w- c:\users\Administrator\AppData\Roaming\fltk.org
2012-11-27 00:50 . 2012-11-27 00:50 -------- d-----w- c:\program files (x86)\HTTO Group, Ltd
2012-11-27 00:43 . 2012-11-27 00:43 -------- d-----w- c:\programdata\MumboJumbo
2012-11-27 00:16 . 2012-11-27 02:10 -------- d-----w- c:\program files (x86)\File Type Assistant
2012-11-27 00:06 . 2012-11-27 00:06 -------- d-----w- c:\users\Administrator\AppData\Local\WeatherBug
2012-11-27 00:06 . 2012-11-27 00:06 -------- d-----w- c:\users\Administrator\AppData\Roaming\WeatherBug
2012-11-27 00:06 . 2012-11-27 00:06 18944 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2012-11-26 23:50 . 2012-11-26 23:51 -------- d-----w- c:\users\Administrator\AppData\Roaming\flightgear.org
2012-11-26 23:27 . 2012-11-26 23:27 -------- d-----w- c:\program files (x86)\RealArcade
2012-11-26 23:04 . 2012-11-27 02:19 -------- d-----w- c:\program files (x86)\OtShot
2012-11-26 23:04 . 2012-11-26 23:04 -------- d-----w- c:\programdata\ZalmanInstaller_otshot
2012-11-26 23:00 . 2012-11-27 02:09 -------- d-----w- c:\program files (x86)\fbDownloader
2012-11-24 17:54 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66AD68FD-1E3C-4CBD-B874-522EA3A3BF18}\mpengine.dll
2012-11-21 04:51 . 2012-11-21 04:51 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-11-18 22:15 . 2012-11-18 22:15 -------- d-----w- c:\program files (x86)\SDA
2012-11-18 22:14 . 2012-11-18 22:14 -------- d-----w- c:\users\Administrator\AppData\Local\Downloaded Installations
2012-11-14 22:43 . 2012-11-14 22:43 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2012-11-14 22:43 . 2012-11-14 22:43 -------- d-----w- c:\programdata\Malwarebytes
2012-11-14 22:43 . 2012-11-14 22:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-14 22:43 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-14 17:13 . 2012-11-14 17:13 -------- d-----w- c:\users\Administrator\DoctorWeb
2012-11-14 11:24 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 11:24 . 2012-09-25 16:19 75776 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-14 11:24 . 2012-10-12 14:53 2769920 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 07:22 . 2012-11-13 07:22 -------- d-----w- c:\users\Administrator\iPod Photo Cache
2012-11-13 00:53 . 2012-11-13 00:53 -------- d-----w- c:\users\Administrator\AppData\Local\IAC
2012-11-05 04:09 . 2012-11-05 04:09 -------- d-----w- c:\users\Administrator\AppData\Roaming\Azureus
2012-11-02 16:56 . 2010-05-25 07:59 16872 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2012-11-02 16:56 . 2010-05-25 07:59 159208 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2012-11-02 16:56 . 2010-05-25 07:59 13800 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2012-11-02 16:56 . 2010-05-25 07:59 13800 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2012-11-02 16:56 . 2010-05-25 07:59 13288 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2012-11-02 16:56 . 2010-05-25 07:59 13288 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2012-11-02 16:56 . 2010-05-25 07:59 125416 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2012-11-02 16:53 . 2012-11-02 16:53 -------- d-----w- c:\program files\SAMSUNG
2012-11-02 16:53 . 2012-11-02 16:53 -------- d-----w- c:\programdata\Samsung
2012-10-31 02:53 . 2012-10-31 02:53 -------- d-----w- c:\program files (x86)\7-Zip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-28 04:20 . 2012-10-07 16:58 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-28 04:20 . 2012-10-07 16:58 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-14 16:02 . 2006-11-02 12:35 66395536 ----a-w- c:\windows\system32\mrt.exe
2012-10-22 21:02 . 2012-10-22 21:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-15 11:48 . 2012-10-15 11:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-12 23:35 . 2012-01-30 04:25 72104 ----a-w- c:\windows\CouponPrinter.ocx
2012-10-07 16:50 . 2012-10-07 15:31 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-10-07 16:50 . 2012-10-07 15:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-07 08:22 . 2012-10-07 08:22 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-10-07 08:22 . 2012-10-07 08:22 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-10-07 08:22 . 2012-10-07 08:22 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-10-07 08:22 . 2012-10-07 08:22 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-10-07 08:22 . 2012-10-07 08:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-10-07 08:22 . 2012-10-07 08:22 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-10-07 08:22 . 2012-10-07 08:22 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-10-07 08:22 . 2012-10-07 08:22 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-10-07 08:22 . 2012-10-07 08:22 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-10-07 08:22 . 2012-10-07 08:22 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-10-07 08:22 . 2012-10-07 08:22 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-10-07 08:22 . 2012-10-07 08:22 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-10-07 08:22 . 2012-10-07 08:22 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-10-07 08:22 . 2012-10-07 08:22 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-10-07 08:22 . 2012-10-07 08:22 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-10-07 08:22 . 2012-10-07 08:22 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-10-07 08:22 . 2012-10-07 08:22 222208 ----a-w- c:\windows\system32\msls31.dll
2012-10-07 08:22 . 2012-10-07 08:22 197120 ----a-w- c:\windows\system32\msrating.dll
2012-10-07 08:22 . 2012-10-07 08:22 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-10-07 08:22 . 2012-10-07 08:22 12288 ----a-w- c:\windows\system32\mshta.exe
2012-10-07 08:22 . 2012-10-07 08:22 114176 ----a-w- c:\windows\system32\admparse.dll
2012-10-07 08:22 . 2012-10-07 08:22 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-10-07 08:22 . 2012-10-07 08:22 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-10-07 08:22 . 2012-10-07 08:22 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-10-07 08:22 . 2012-10-07 08:22 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-10-07 08:22 . 2012-10-07 08:22 82432 ----a-w- c:\windows\system32\icardie.dll
2012-10-07 08:22 . 2012-10-07 08:22 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-10-07 08:22 . 2012-10-07 08:22 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-10-07 08:22 . 2012-10-07 08:22 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-10-07 08:22 . 2012-10-07 08:22 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-10-07 08:22 . 2012-10-07 08:22 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-10-07 08:22 . 2012-10-07 08:22 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-10-07 08:22 . 2012-10-07 08:22 448512 ----a-w- c:\windows\system32\html.iec
2012-10-07 08:22 . 2012-10-07 08:22 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-10-07 08:22 . 2012-10-07 08:22 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-10-07 08:22 . 2012-10-07 08:22 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-10-07 08:22 . 2012-10-07 08:22 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-10-07 08:22 . 2012-10-07 08:22 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-10-07 08:22 . 2012-10-07 08:22 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-10-07 08:22 . 2012-10-07 08:22 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-10-07 08:22 . 2012-10-07 08:22 160256 ----a-w- c:\windows\system32\wextract.exe
2012-10-07 08:22 . 2012-10-07 08:22 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-10-07 08:22 . 2012-10-07 08:22 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-10-07 08:22 . 2012-10-07 08:22 136192 ----a-w- c:\windows\system32\advpack.dll
2012-10-07 08:22 . 2012-10-07 08:22 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-10-07 08:22 . 2012-10-07 08:22 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-10-07 08:22 . 2012-10-07 08:22 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-10-07 08:22 . 2012-10-07 08:22 103936 ----a-w- c:\windows\system32\inseng.dll
2012-10-07 08:21 . 2012-10-07 08:21 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-10-07 08:21 . 2012-10-07 08:21 149504 ----a-w- c:\windows\system32\occache.dll
2012-10-07 08:20 . 2012-10-07 08:20 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2012-10-07 08:20 . 2012-10-07 08:20 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-10-07 08:20 . 2012-10-07 08:20 377344 ----a-w- c:\windows\system32\mfmp4src.dll
2012-10-07 08:20 . 2012-10-07 08:20 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll
2012-10-07 08:20 . 2012-10-07 08:20 3548672 ----a-w- c:\windows\system32\mf.dll
2012-10-07 08:20 . 2012-10-07 08:20 345088 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-10-07 08:20 . 2012-10-07 08:20 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll
2012-10-07 08:20 . 2012-10-07 08:20 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2012-10-07 08:20 . 2012-10-07 08:20 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-10-07 08:20 . 2012-10-07 08:20 98816 ----a-w- c:\windows\SysWow64\mfps.dll
2012-10-07 08:20 . 2012-10-07 08:20 748544 ----a-w- c:\windows\system32\stobject.dll
2012-10-07 08:20 . 2012-10-07 08:20 586240 ----a-w- c:\windows\SysWow64\stobject.dll
2012-10-07 08:20 . 2012-10-07 08:20 34304 ----a-w- c:\windows\system32\mfpmp.exe
2012-10-07 08:20 . 2012-10-07 08:20 2873344 ----a-w- c:\windows\SysWow64\mf.dll
2012-10-07 08:20 . 2012-10-07 08:20 278528 ----a-w- c:\windows\system32\mfplat.dll
2012-10-07 08:20 . 2012-10-07 08:20 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
2012-10-07 08:20 . 2012-10-07 08:20 195072 ----a-w- c:\windows\system32\mfps.dll
2012-10-07 08:20 . 2012-10-07 08:20 1204224 ----a-w- c:\windows\system32\shdocvw.dll
2012-10-07 08:20 . 2012-10-07 08:20 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-10-07 08:20 . 2012-10-07 08:20 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-10-07 08:20 . 2012-10-07 08:20 625152 ----a-w- c:\windows\system32\dxgi.dll
2012-10-07 08:20 . 2012-10-07 08:20 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2012-10-07 08:20 . 2012-10-07 08:20 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-10-07 08:20 . 2012-10-07 08:20 478720 ----a-w- c:\windows\SysWow64\dxgi.dll
2012-10-07 08:20 . 2012-10-07 08:20 47104 ----a-w- c:\windows\system32\cdd.dll
2012-10-07 08:20 . 2012-10-07 08:20 366592 ----a-w- c:\windows\system32\winspool.drv
2012-10-07 08:20 . 2012-10-07 08:20 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-10-07 08:20 . 2012-10-07 08:20 287232 ----a-w- c:\windows\system32\d3d10core.dll
2012-10-07 08:20 . 2012-10-07 08:20 258048 ----a-w- c:\windows\SysWow64\winspool.drv
2012-10-07 08:20 . 2012-10-07 08:20 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
2012-10-07 08:20 . 2012-10-07 08:20 1268224 ----a-w- c:\windows\system32\d3d10.dll
2012-10-07 08:20 . 2012-10-07 08:20 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-10-07 08:20 . 2012-10-07 08:20 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
2012-10-07 08:20 . 2012-10-07 08:20 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll
2012-10-07 08:20 . 2012-10-07 08:20 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll
2012-10-07 08:20 . 2012-10-07 08:20 1461760 ----a-w- c:\windows\system32\OpcServices.dll
2012-10-07 08:20 . 2012-10-07 08:20 3068416 ----a-w- c:\windows\system32\xpsservices.dll
2012-10-07 08:20 . 2012-10-07 08:20 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2012-10-07 08:19 . 2012-10-07 08:19 792576 ----a-w- c:\windows\system32\d3d11.dll
2012-10-07 08:19 . 2012-10-07 08:19 519680 ----a-w- c:\windows\SysWow64\d3d11.dll
2012-10-07 08:19 . 2012-10-07 08:19 449024 ----a-w- c:\windows\system32\WMPhoto.dll
2012-10-07 08:19 . 2012-10-07 08:19 369664 ----a-w- c:\windows\SysWow64\WMPhoto.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{553318DA-D010-469E-84B1-496563CAE1BF}]
2012-06-23 09:40 136192 ----a-w- c:\program files (x86)\HTTO Group, Ltd\FBDownloader IE Add-on\FBDownloader.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-10-22 3519936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-06-15 47408]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2008-11-21 50688]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [2008-07-18 86016]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 04:20]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-22 03:22]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-22 03:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-18 6453760]
"DLBUCATS"="c:\windows\system32\spool\DRIVERS\x64\3\DLBUtime.dll" [2007-02-13 28672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-01-16 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-01-16 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-01-16 202264]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5081121
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 198.224.174.135 198.224.173.135
TCP: Interfaces\{2E2F15AD-01F7-4331-920C-F976B8E49B33}: NameServer = 107.6.133.8,23.23.180.210
TCP: Interfaces\{64685DB7-B0B1-4A1E-A65F-4B8CD1BFEFF0}: NameServer = 107.6.133.8,23.23.180.210
TCP: Interfaces\{9DCBCD70-2680-4DA0-9604-ED6E9EBA888F}: NameServer = 107.6.133.8,23.23.180.210
TCP: Interfaces\{c328fed4-6a85-11db-9fbd-806e6f6e6963}: NameServer = 107.6.133.8,23.23.180.210
TCP: Interfaces\{CFAB2CF6-B4C9-4EF6-B953-DDA781968BC1}: NameServer = 107.6.133.8,23.23.180.210
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qkjuccny.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - ExtSQL: 2012-10-21 20:05; mozilla_cc@internetdownloadmanager.com; c:\users\Administrator\AppData\Roaming\IDM\idmmzcc5
FF - ExtSQL: 2012-11-20 21:04; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\qkjuccny.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-SBC Self Support Tool - c:\progra~1\SBCSEL~1\CustomUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,3b,1b,a1,df,0f,
3b,56,1c,bb,54,84,14,4b,d0,23,e7,8a,56
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,c8,
00,9e,bd,ec,07,ba,9a,b1,17,88,6c,fa,da
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,3b,1b,48,f0,4f,
b2,ee,54,fe,08,9c,3f,84,50,53,36,34,ee
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,3b,1b,53,c3,7e,
b7,6b,28,57,03,a9,f6,85,26,b1,ef,67,44
"{CA6319C0-31B7-401E-A518-A07C3DB8F777}"=hex:51,66,7a,6c,4c,1d,3b,1b,d0,04,74,
d2,84,64,71,05,ba,14,eb,3c,39,fa,b0,6e
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,df,
c3,76,f1,34,06,a3,78,d7,65,c5,87,cf,b0
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,3b,1b,ef,e2,e8,
e7,7d,9a,44,0a,a2,ce,45,32,e5,54,ef,4f
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,3b,1b,9a,56,17,
2a,9a,11,88,06,9b,e5,cb,c8,3c,c2,d2,00
"{154D932F-DC51-4A4F-9D52-B78B1419D3B4}"=hex:51,66,7a,6c,4c,1d,3b,1b,3f,8e,5a,
0d,62,89,20,0f,82,5e,fc,cb,10,5b,94,ad
"{34191E35-BBFC-4587-87A9-4B397107119D}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,03,0e,
2c,cf,ee,e8,00,98,a5,00,79,75,45,56,84
"{3462C343-BE19-4143-AF70-CEFB56F46FC6}"=hex:51,66,7a,6c,4c,1d,3b,1b,53,de,75,
2c,2a,eb,2c,04,b0,7c,85,bb,52,b6,28,df
"{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}"=hex:51,66,7a,6c,4c,1d,3b,1b,9f,01,55,
22,0b,b7,84,0f,97,78,f3,f5,f6,8e,00,6b
"{60E91567-EF8A-4520-BCE2-83ABA5256799}"=hex:51,66,7a,6c,4c,1d,3b,1b,77,08,fe,
78,b9,ba,4f,00,a3,ee,c8,eb,a1,67,20,80
"{C28F5072-1BFA-42F0-BA55-5A802D3490CB}"=hex:51,66,7a,6c,4c,1d,3b,1b,62,4d,98,
da,c9,4e,9f,07,a5,59,11,c0,29,76,d7,d2
"{11111111-1111-1111-1111-110011341191}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,0c,06,
09,22,44,7e,54,0e,1d,5a,40,15,76,56,88
"{23C8BC15-E9CE-4DF3-A2A9-1F2585F56F99}"=hex:51,66,7a,6c,4c,1d,3b,1b,05,a1,df,
3b,fd,bc,9c,08,bd,a5,54,65,81,b7,28,80
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,3b,1b,f9,de,5e,
28,52,e1,aa,0e,97,7c,07,49,10,23,d5,d3
"{553318DA-D010-469E-84B1-496563CAE1BF}"=hex:51,66,7a,6c,4c,1d,3b,1b,ca,05,24,
4d,23,85,f1,03,9b,bd,02,25,67,88,a6,a6
"{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}"=hex:51,66,7a,6c,4c,1d,3b,1b,fb,ab,8d,
b8,86,64,23,00,88,e0,d0,69,49,d0,a9,33
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:30,ef,a0,bd,3b,cc,cd,01
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\7zFM.exe"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.avi"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.m4a"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3514608379-4125247381-384991581-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-11-28 20:03:17
ComboFix-quarantined-files.txt 2012-11-29 04:03
ComboFix2.txt 2012-11-28 00:02
ComboFix3.txt 2012-11-27 23:37
.
Pre-Run: 322,526,265,344 bytes free
Post-Run: 322,471,669,760 bytes free
.
- - End Of File - - 2CDACAC4DE38BC3540E91AAAB36410FB




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users