Jump to content

Google Redirect Malware And Disembodied Ads


Recommended Posts

Latley i have been having Issues with Google redirecting me to sites other than the link is supposed to take me to.

Along wiht that, whenever i log into google and try to go to the search engine, it either apears as if i am logged out, or it wont load the site. It also does this when i try to search for images.

I have also been having Ads start on my computer, but it is just the Audio and will happen without any program open.

Here is the log the intructions said to post.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1

Run by Jim at 17:49:31 on 2012-07-25

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1271 [GMT -7:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe

E:\Program Files\LeapFrog Connect\Monitor.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Jim\Application Data\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

E:\Program Files\LeapFrog Connect\CommandService.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Nexon\Mabinogi\npkcmsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Cyberlink\Shared files\RichVideo.exe

C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\AVG\AVG9\avgui.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=108844&mntrId=1b0529e00000000000000016ec2fa0b3

uSearch Page = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local;<local>

uSearchAssistant = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearchAssistant = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Jobs Toolbar: {4abe316f-6a24-4e80-b8f3-3b69c1578ab8} - c:\program files\jobstoolbar\vmntemplateX.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll

BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll

BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wi371a~1\datamngr\IEBHO.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google

toolbar\component\fastsearch_219B3E1547538286.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: AlxHelper Class: {f443a627-5009-4323-9c1d-7fd598d0d712} - c:\program files\amazon browser bar\AmazonBrowserBar.3.0.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll

TB: Need2Find Bar: {4d1c4e89-a32a-416b-bcdb-33b3ef3617d3} - c:\program files\need2find\bar\1.bin\ND2FNBAR.DLL

TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll

TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll

TB: Jobs Toolbar: {4abe316f-6a24-4e80-b8f3-3b69c1578ab8} - c:\program files\jobstoolbar\vmntemplateX.dll

TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll

TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Amazon Browser Bar: {ea582743-9076-4178-9aa6-7393fdf4d5ce} - c:\program files\amazon browser bar\AmazonBrowserBar.3.0.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [AdobeBridge]

uRun: [spotify Web Helper] "c:\documents and settings\jim\application data\spotify\data\SpotifyWebHelper.exe"

mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -check_deprecation

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Monitor] "e:\program files\leapfrog connect\Monitor.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [QuickTime Task] "e:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_ActiveX.exe -update activex

StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive

manager\WDDMStatus.exe

StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\wg111v~1.lnk - c:\program files\netgear\wg111v2 configuration utility\RtlWake.exe

IE: &Search

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

LSP: mswsock.dll

DPF: RaptisoftGameLoader - hxxp://www.gamehouse.com/realarcade-webgames/hamsterball/raptisoftgameloader.cab

DPF: {01111F00-3E00-11D2-8470-0060089874ED} - hxxp://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157962516983

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157962579358

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\iebho.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

mASetup: {1D8CE183-1EBB-7FCA-9EAC-FE677F0EAD9D} - c:\documents and settings\jim\application data\bot1.exe

mASetup: {CAA91FDD-EDBE-588A-DB60-B4CBDFFFBE6D} - c:\documents and settings\jim\application data\bot.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jim\application data\mozilla\firefox\profiles\1ig2pwy8.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/

FF - plugin: c:\documents and settings\all users.windows\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - plugin: e:\program files\canon\mycamera download plugin\NPCIG.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin2.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin3.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin4.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin5.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin6.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin7.dll

.

============= SERVICES / DRIVERS ===============

.

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-21 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-1-25 29712]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-21 243152]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-1-12 66048]

R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users.windows\application data\skype\toolbars\skype c2c service\c2c_service.exe

[2012-7-5 3048136]

R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2011-3-9 238592]

R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2011-3-9 1060864]

R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2011-3-9 484352]

R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-9-15 25704]

R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-9-15 25704]

R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-9-15 25704]

R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-9-15 25704]

R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-9-15 25704]

S0 tpcdrdrv;tpcdrdrv;c:\windows\system32\drivers\tpcdrdrv.sys --> c:\windows\system32\drivers\tpcdrdrv.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-6-7 1262400]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-16 250056]

S3 Alpham;Ideazon Merc Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [2006-3-12 37248]

S3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [2011-9-15 16640]

S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2010-7-7 2944]

S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [2010-7-7 3168]

S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [2010-7-7 39552]

S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2010-7-7 60416]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-21 113120]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-1-12 167808]

S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2009-1-12 13532]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-6-16 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18

753504]

.

=============== File Associations ===============

.

.scr=SageThumbsImage.scr

.

=============== Created Last 30 ================

.

2012-07-24 05:24:59 -------- d-----w- c:\program files\Oracle

2012-07-24 05:24:31 143872 ----a-w- c:\windows\system32javacpl.cpl

2012-07-21 09:20:34 19424 ----a-w- c:\program files\mozilla firefox\nsu95.tmp\xpcom.dll

2012-07-21 09:12:14 -------- d-----w- c:\program files\Amazon Browser Bar

2012-07-12 04:14:26 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-07-10 10:32:24 -------- d-----w- c:\program files\MonitorDriver

.

==================== Find3M ====================

.

2012-07-17 02:23:33 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin

2012-07-17 02:23:33 1 ----a-w- c:\windows\system32\nvdrssel.bin

2012-07-12 04:15:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-12 04:15:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-06 05:07:08 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-07-06 05:06:30 772544 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-07-06 05:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-07 21:55:26 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 10:18:00 883008 ----a-w- c:\windows\system32\nvgenco32.dll

2012-05-15 10:18:00 65536 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:18:00 6012928 ----a-w- c:\windows\system32\nvcuda.dll

2012-05-15 10:18:00 4373248 ----a-w- c:\windows\system32\nv4_disp.dll

2012-05-15 10:18:00 2530624 ----a-w- c:\windows\system32\nvcuvid.dll

2012-05-15 10:18:00 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-05-15 10:18:00 2359808 ----a-w- c:\windows\system32\nvapi.dll

2012-05-15 10:18:00 18771968 ----a-w- c:\windows\system32\nvoglnt.dll

2012-05-15 10:18:00 17543168 ----a-w- c:\windows\system32\nvcompiler.dll

2012-05-15 10:18:00 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2012-05-15 10:18:00 1000768 ----a-w- c:\windows\system32\nvdispco32.dll

2012-05-15 09:40:26 54272 ----a-w- c:\windows\system32\nvwddi.dll

2012-05-15 09:40:02 15504192 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 09:40:02 143680 ----a-w- c:\windows\system32\nvcolor.exe

2012-05-15 09:40:01 164160 ----a-w- c:\windows\system32\nvsvc32.exe

2012-05-15 09:40:01 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec

2012-05-04 19:33:07 477240 ----a-w- c:\windows\system32\drivers\sptd.sys

2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2008-06-10 19:26:21 62910 -c--a-w- c:\program files\Uninstall.exe

2007-11-15 07:20:14 774144 ----a-w- c:\program files\RngInterstitial.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: Maxtor_6Y080P0 rev.YAR41BW0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-17

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A2054B1]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a20c93c]; MOV EAX, [0x8a20cab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX,

[ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8AAF1AB8]

3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\00000074[0x8AB20968]

5 ACPI[0xB7E64620] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x8AAF3D98]

\Driver\atapi[0x8A9B2F38] -> IRP_MJ_CREATE -> 0x8A2054B1

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5;

REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A2052E2

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 17:51:09.28 ===============

attach.txt

dds.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Alright. got it done. but had some trouble with combofix (kept crashing) but it worked the third time.

Here is the dds and combofix log (in that order)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1

Run by Jim at 22:34:18 on 2012-07-25

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1406 [GMT -7:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

E:\Program Files\LeapFrog Connect\CommandService.exe

C:\Nexon\Mabinogi\npkcmsvc.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\nvsvc32.exe

E:\Program Files\LeapFrog Connect\Monitor.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Cyberlink\Shared files\RichVideo.exe

C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\taskmgr.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=108844&mntrId=1b0529e00000000000000016ec2fa0b3

uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local;<local>

uSearchAssistant = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Jobs Toolbar: {4abe316f-6a24-4e80-b8f3-3b69c1578ab8} - c:\program files\jobstoolbar\vmntemplateX.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: AlxHelper Class: {f443a627-5009-4323-9c1d-7fd598d0d712} - c:\program files\amazon browser bar\AmazonBrowserBar.3.0.dll

TB: Need2Find Bar: {4d1c4e89-a32a-416b-bcdb-33b3ef3617d3} - c:\program files\need2find\bar\1.bin\ND2FNBAR.DLL

TB: Jobs Toolbar: {4abe316f-6a24-4e80-b8f3-3b69c1578ab8} - c:\program files\jobstoolbar\vmntemplateX.dll

TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Amazon Browser Bar: {ea582743-9076-4178-9aa6-7393fdf4d5ce} - c:\program files\amazon browser bar\AmazonBrowserBar.3.0.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -check_deprecation

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Monitor] "e:\program files\leapfrog connect\Monitor.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [QuickTime Task] "e:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe

StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\wg111v~1.lnk - c:\program files\netgear\wg111v2 configuration utility\RtlWake.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: RaptisoftGameLoader - hxxp://www.gamehouse.com/realarcade-webgames/hamsterball/raptisoftgameloader.cab

DPF: {01111F00-3E00-11D2-8470-0060089874ED} - hxxp://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157962516983

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157962579358

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jim\application data\mozilla\firefox\profiles\1ig2pwy8.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/

FF - plugin: c:\documents and settings\all users.windows\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - plugin: e:\program files\canon\mycamera download plugin\NPCIG.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin2.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin3.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin4.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin5.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin6.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin7.dll

.

============= SERVICES / DRIVERS ===============

.

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-21 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-1-25 29712]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-21 243152]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2009-1-12 66048]

R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users.windows\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]

R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2011-3-9 238592]

R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2011-3-9 1060864]

R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2011-3-9 484352]

R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2011-9-15 25704]

R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2011-9-15 25704]

R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2011-9-15 25704]

R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2011-9-15 25704]

R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2011-9-15 25704]

S0 tpcdrdrv;tpcdrdrv;c:\windows\system32\drivers\tpcdrdrv.sys --> c:\windows\system32\drivers\tpcdrdrv.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-6-7 1262400]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-16 250056]

S3 Alpham;Ideazon Merc Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [2006-3-12 37248]

S3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [2011-9-15 16640]

S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2010-7-7 2944]

S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [2010-7-7 3168]

S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [2010-7-7 39552]

S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2010-7-7 60416]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-21 113120]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-1-12 167808]

S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2009-1-12 13532]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-6-16 11520]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== File Associations ===============

.

.scr=SageThumbsImage.scr

.

=============== Created Last 30 ================

.

2012-07-26 05:01:48 -------- d-sha-r- C:\cmdcons

2012-07-26 04:08:55 98816 ----a-w- c:\windows\sed.exe

2012-07-26 04:08:55 518144 ----a-w- c:\windows\SWREG.exe

2012-07-26 04:08:55 256000 ----a-w- c:\windows\PEV.exe

2012-07-26 04:08:55 208896 ----a-w- c:\windows\MBR.exe

2012-07-24 05:24:59 -------- d-----w- c:\program files\Oracle

2012-07-24 05:24:31 143872 ----a-w- c:\windows\system32javacpl.cpl

2012-07-21 09:20:34 19424 ----a-w- c:\program files\mozilla firefox\nsu95.tmp\xpcom.dll

2012-07-21 09:12:14 -------- d-----w- c:\program files\Amazon Browser Bar

2012-07-12 04:14:26 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-07-10 10:32:24 -------- d-----w- c:\program files\MonitorDriver

.

==================== Find3M ====================

.

2012-07-17 02:23:33 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin

2012-07-17 02:23:33 1 ----a-w- c:\windows\system32\nvdrssel.bin

2012-07-12 04:15:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-12 04:15:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-06 05:07:08 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-07-06 05:06:30 772544 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-07-06 05:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-07 21:55:26 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 10:18:00 883008 ----a-w- c:\windows\system32\nvgenco32.dll

2012-05-15 10:18:00 65536 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:18:00 6012928 ----a-w- c:\windows\system32\nvcuda.dll

2012-05-15 10:18:00 4373248 ----a-w- c:\windows\system32\nv4_disp.dll

2012-05-15 10:18:00 2530624 ----a-w- c:\windows\system32\nvcuvid.dll

2012-05-15 10:18:00 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-05-15 10:18:00 2359808 ----a-w- c:\windows\system32\nvapi.dll

2012-05-15 10:18:00 18771968 ----a-w- c:\windows\system32\nvoglnt.dll

2012-05-15 10:18:00 17543168 ----a-w- c:\windows\system32\nvcompiler.dll

2012-05-15 10:18:00 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2012-05-15 10:18:00 1000768 ----a-w- c:\windows\system32\nvdispco32.dll

2012-05-15 09:40:26 54272 ----a-w- c:\windows\system32\nvwddi.dll

2012-05-15 09:40:02 15504192 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 09:40:02 143680 ----a-w- c:\windows\system32\nvcolor.exe

2012-05-15 09:40:01 164160 ----a-w- c:\windows\system32\nvsvc32.exe

2012-05-15 09:40:01 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec

2012-05-04 19:33:07 477240 ----a-w- c:\windows\system32\drivers\sptd.sys

2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2008-06-10 19:26:21 62910 -c--a-w- c:\program files\Uninstall.exe

2007-11-15 07:20:14 774144 ----a-w- c:\program files\RngInterstitial.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: Maxtor_6Y080P0 rev.YAR41BW0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-17

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A1054B1]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a10c93c]; MOV EAX, [0x8a10cab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\Harddisk0\DR0[0x8AAEAAB8]

3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> \Device\00000076[0x8AA6F9E8]

5 ACPI[0xB7E64620] -> ntkrnlpa!IofCallDriver[0x804EF1B0] -> [0x8AAECD98]

\Driver\atapi[0x8A122760] -> IRP_MJ_CREATE -> 0x8A1054B1

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A1052E2

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 22:34:43.34 ===============

ComboFix 12-07-26.04 - Jim 07/25/2012 22:05:52.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1284 [GMT -7:00]

Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\All Users.WINDOWS\Application Data\QuestScan

c:\documents and settings\All Users.WINDOWS\Application Data\TEMP

c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe

c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe

c:\documents and settings\All Users.WINDOWS\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe

c:\documents and settings\Guest\Application Data\facemoods.com

c:\documents and settings\Jim\Application Data\alot

c:\documents and settings\Jim\Application Data\alot\BrowserSearch\BrowserSearch.xml

c:\documents and settings\Jim\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup

c:\documents and settings\Jim\Application Data\alot\Button_0\Button_0.xml

c:\documents and settings\Jim\Application Data\alot\Button_0\Button_0.xml.backup

c:\documents and settings\Jim\Application Data\alot\Button_1\Button_1.xml

c:\documents and settings\Jim\Application Data\alot\Button_1\Button_1.xml.backup

c:\documents and settings\Jim\Application Data\alot\Button_10\Button_10.xml

c:\documents and settings\Jim\Application Data\alot\Button_10\Button_10.xml.backup

c:\documents and settings\Jim\Application Data\alot\Button_2\Button_2.xml

c:\documents and settings\Jim\Application Data\alot\Button_2\Button_2.xml.backup

c:\documents and settings\Jim\Application Data\alot\Button_201\Button_201.xml

c:\documents and settings\Jim\Application Data\alot\Button_201\Button_201.xml.backup

c:\documents and settings\Jim\Application Data\alot\Button_3\Button_3.xml

c:\documents and settings\Jim\Application Data\alot\Button_3\Button_3.xml.backup

c:\documents and settings\Jim\Application Data\alot\Button_4\Button_4.xml

c:\documents and settings\Jim\Application Data\alot\Button_4\Button_4.xml.backup

c:\documents and settings\Jim\Application Data\alot\Button_5\Button_5.xml

c:\documents and settings\Jim\Application Data\alot\Button_5\Button_5.xml.backup

c:\documents and settings\Jim\Application Data\alot\Button_6\Button_6.xml

c:\documents and settings\Jim\Application Data\alot\Button_6\Button_6.xml.backup

c:\documents and settings\Jim\Application Data\alot\Button_7\Button_7.xml

c:\documents and settings\Jim\Application Data\alot\Button_7\Button_7.xml.backup

c:\documents and settings\Jim\Application Data\alot\Button_8\Button_8.xml

c:\documents and settings\Jim\Application Data\alot\Button_8\Button_8.xml.backup

c:\documents and settings\Jim\Application Data\alot\Button_9\Button_9.xml

c:\documents and settings\Jim\Application Data\alot\Button_9\Button_9.xml.backup

c:\documents and settings\Jim\Application Data\alot\configurator\configurator.xml

c:\documents and settings\Jim\Application Data\alot\configurator\configurator.xml.backup

c:\documents and settings\Jim\Application Data\alot\contextMenu\contextMenu.xml

c:\documents and settings\Jim\Application Data\alot\contextMenu\contextMenu.xml.backup

c:\documents and settings\Jim\Application Data\alot\ErrorSearch\ErrorSearch.xml

c:\documents and settings\Jim\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup

c:\documents and settings\Jim\Application Data\alot\postInstallLayout\postInstallLayout.xml

c:\documents and settings\Jim\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup

c:\documents and settings\Jim\Application Data\alot\products\products.xml

c:\documents and settings\Jim\Application Data\alot\products\products.xml.backup

c:\documents and settings\Jim\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html

c:\documents and settings\Jim\Application Data\alot\Resources\BrowserSearch\images\favicon.ico

c:\documents and settings\Jim\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp

c:\documents and settings\Jim\Application Data\alot\Resources\Button_0\images\alot_logo_button.png

c:\documents and settings\Jim\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp

c:\documents and settings\Jim\Application Data\alot\Resources\Button_1\images\alot_search_button.png

c:\documents and settings\Jim\Application Data\alot\Resources\Button_10\images\default_1999_print.coupons.com_button.bmp

c:\documents and settings\Jim\Application Data\alot\Resources\Button_10\images\default_1999_print.coupons.com_button.png

c:\documents and settings\Jim\Application Data\alot\Resources\Button_2\images\default_1795_default_1795_alot_configure.bmp

c:\documents and settings\Jim\Application Data\alot\Resources\Button_2\images\default_1795_default_1795_alot_configure.png

c:\documents and settings\Jim\Application Data\alot\Resources\Button_201\images\default_1589_alot_widget_games.bmp

c:\documents and settings\Jim\Application Data\alot\Resources\Button_201\images\default_1589_alot_widget_games.png

c:\documents and settings\Jim\Application Data\alot\Resources\Button_3\images\default_1379_alot_cas_playgames.bmp

c:\documents and settings\Jim\Application Data\alot\Resources\Button_3\images\default_1379_alot_cas_playgames.png

c:\documents and settings\Jim\Application Data\alot\Resources\Button_4\images\default_1699_toolbar_alot_icon_cafe.bmp

c:\documents and settings\Jim\Application Data\alot\Resources\Button_4\images\default_1699_toolbar_alot_icon_cafe.png

c:\documents and settings\Jim\Application Data\alot\Resources\Button_5\images\default_1103_alot_lottery_dollar.bmp

c:\documents and settings\Jim\Application Data\alot\Resources\Button_5\images\default_1103_alot_lottery_dollar.png

c:\documents and settings\Jim\Application Data\alot\Resources\Button_6\images\default_1588_solitaire.bmp

c:\documents and settings\Jim\Application Data\alot\Resources\Button_6\images\default_1588_solitaire.png

c:\documents and settings\Jim\Application Data\alot\Resources\Button_7\images\default_1024_alot_games_casual_crosswords.bmp

c:\documents and settings\Jim\Application Data\alot\Resources\Button_7\images\default_1024_alot_games_casual_crosswords.png

c:\documents and settings\Jim\Application Data\alot\Resources\Button_8\images\default_1613_alot_online_games_tetriz.bmp

c:\documents and settings\Jim\Application Data\alot\Resources\Button_8\images\default_1613_alot_online_games_tetriz.png

c:\documents and settings\Jim\Application Data\alot\Resources\Button_9\images\default_1041_default_1045_alot_mrkt_readersdigest.bmp

c:\documents and settings\Jim\Application Data\alot\Resources\Button_9\images\default_1041_default_1045_alot_mrkt_readersdigest.png

c:\documents and settings\Jim\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp

c:\documents and settings\Jim\Application Data\alot\Resources\contextMenu\images\alot_icon.png

c:\documents and settings\Jim\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp

c:\documents and settings\Jim\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png

c:\documents and settings\Jim\Application Data\alot\Resources\Shared\domains.dat

c:\documents and settings\Jim\Application Data\alot\Resources\Shared\images\alot_brand.png

c:\documents and settings\Jim\Application Data\alot\Resources\Shared\images\alot_splitter.png

c:\documents and settings\Jim\Application Data\alot\Resources\Shared\images\discover.png

c:\documents and settings\Jim\Application Data\alot\Resources\Shared\images\spinner.bmp

c:\documents and settings\Jim\Application Data\alot\Resources\Shared\images\widget_bottom.bmp

c:\documents and settings\Jim\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp

c:\documents and settings\Jim\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp

c:\documents and settings\Jim\Application Data\alot\Resources\Shared\images\widget_caption.bmp

c:\documents and settings\Jim\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp

c:\documents and settings\Jim\Application Data\alot\Resources\Shared\images\widget_error_close.bmp

c:\documents and settings\Jim\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp

c:\documents and settings\Jim\Application Data\alot\TimerManager\TimerManager.xml

c:\documents and settings\Jim\Application Data\alot\TimerManager\TimerManager.xml.backup

c:\documents and settings\Jim\Application Data\alot\toolbar.xml

c:\documents and settings\Jim\Application Data\alot\toolbar.xml.backup

c:\documents and settings\Jim\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml

c:\documents and settings\Jim\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup

c:\documents and settings\Jim\Application Data\alot\ToolbarSearch\ToolbarSearch.xml

c:\documents and settings\Jim\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup

c:\documents and settings\Jim\Application Data\alot\Updater\Updater.xml

c:\documents and settings\Jim\Application Data\alot\Updater\Updater.xml.backup

c:\documents and settings\Jim\Application Data\facemoods.com

c:\documents and settings\Jim\Application Data\facemoods.com\facemoods\us\20101003\kywrds.tat

c:\documents and settings\Jim\Application Data\facemoods.com\facemoods\us\20101003\kywrds.ttr

c:\documents and settings\Jim\Application Data\Jim3SQLite3.dll

c:\documents and settings\Jim\Application Data\Jimlog.dat

c:\documents and settings\Jim\Local Settings\Application Data\assembly\tmp

c:\documents and settings\Jim\My Documents\~WRL3973.tmp

c:\documents and settings\Jim\My Documents\ShopToWin

c:\documents and settings\Jim\WINDOWS

C:\install.exe

c:\program files\facemoods.com

c:\program files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll

c:\program files\facemoods.com\facemoods\1.4.17.6\facemoods.crx

c:\program files\facemoods.com\facemoods\1.4.17.6\facemoods.png

c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsApp.dll

c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsEng.dll

c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe

c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll

c:\program files\facemoods.com\facemoods\1.4.17.6\uninstall.exe

c:\program files\facemoods.com\sqlite3.dll

c:\program files\Need2Find

c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR

c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR

c:\program files\Need2Find\bar\1.bin\PARTNER.DAT

c:\program files\Need2Find\bar\Cache\files.ini

c:\program files\Need2Find\bar\History\search

c:\program files\Need2Find\bar\Settings\prevcfg.htm

c:\program files\QuestScan

c:\program files\QuestScan\uninstall.exe

c:\windows\system32\setb7.tmp

c:\windows\system32\tmp33.tmp

c:\windows\system32\windows

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MYWEBSEARCHSERVICE

.

.

((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))

.

.

2012-07-24 05:24 . 2012-07-24 05:24 -------- d-----w- c:\program files\Oracle

2012-07-24 05:24 . 2012-07-24 05:22 143872 ----a-w- c:\windows\system32javacpl.cpl

2012-07-21 09:54 . 2012-07-21 09:54 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-07-21 09:12 . 2012-07-21 09:12 -------- d-----w- c:\program files\Amazon Browser Bar

2012-07-15 07:40 . 2012-07-15 07:40 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Sun

2012-07-12 04:14 . 2012-07-12 04:14 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-07-10 10:32 . 2012-07-10 10:33 -------- d-----w- c:\program files\MonitorDriver

2012-07-10 10:32 . 2012-07-10 10:32 -------- d-----w- c:\documents and settings\Jim\Application Data\InstallShield

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-12 04:15 . 2012-04-16 09:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-12 04:15 . 2012-04-16 09:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-06 05:07 . 2007-04-19 16:16 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-07-06 05:06 . 2012-04-08 18:59 772544 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-07-06 05:06 . 2010-06-08 19:33 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-03 20:46 . 2009-03-15 18:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 13:19 . 2001-08-23 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2007-05-15 22:43 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2001-08-23 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2001-08-23 12:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 22:19 . 2007-06-21 20:12 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 22:19 . 2007-06-21 20:12 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 22:19 . 2006-09-11 08:15 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 22:19 . 2006-09-11 08:15 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19 . 2005-05-26 11:19 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 22:19 . 2007-06-21 20:12 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 22:19 . 2006-09-11 08:15 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2006-09-11 08:15 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2006-09-11 07:49 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2001-08-23 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 22:19 . 2007-06-21 20:12 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 22:19 . 2006-09-11 08:15 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2006-09-11 07:49 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:18 . 2007-06-22 15:59 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 22:18 . 2006-09-11 08:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 22:18 . 2005-05-26 11:19 214256 ----a-w- c:\windows\system32\muweb.dll

2012-05-31 13:22 . 2002-09-23 22:10 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08 . 2004-01-08 22:23 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 10:18 . 2011-11-24 22:05 883008 ----a-w- c:\windows\system32\nvgenco32.dll

2012-05-15 10:18 . 2011-11-24 22:05 65536 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:18 . 2011-11-24 22:05 17543168 ----a-w- c:\windows\system32\nvcompiler.dll

2012-05-15 10:18 . 2011-11-24 22:05 1000768 ----a-w- c:\windows\system32\nvdispco32.dll

2012-05-15 10:18 . 2009-08-17 07:57 2530624 ----a-w- c:\windows\system32\nvcuvid.dll

2012-05-15 10:18 . 2009-08-17 07:57 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-05-15 10:18 . 2008-05-03 05:46 6012928 ----a-w- c:\windows\system32\nvcuda.dll

2012-05-15 10:18 . 2008-03-16 00:46 18771968 ----a-w- c:\windows\system32\nvoglnt.dll

2012-05-15 10:18 . 2008-03-16 00:45 2359808 ----a-w- c:\windows\system32\nvapi.dll

2012-05-15 10:18 . 2004-08-04 07:56 4373248 ----a-w- c:\windows\system32\nv4_disp.dll

2012-05-15 10:18 . 2004-08-04 05:29 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2012-05-15 09:40 . 2009-08-17 10:04 54272 ----a-w- c:\windows\system32\nvwddi.dll

2012-05-15 09:40 . 2009-08-17 10:03 15504192 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 09:40 . 2009-08-17 10:03 143680 ----a-w- c:\windows\system32\nvcolor.exe

2012-05-15 09:40 . 2009-08-17 10:03 164160 ----a-w- c:\windows\system32\nvsvc32.exe

2012-05-15 09:40 . 2009-08-17 10:03 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-11 14:42 . 2001-08-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec

2012-05-04 19:33 . 2010-06-06 01:48 477240 ----a-w- c:\windows\system32\drivers\sptd.sys

2012-05-04 13:16 . 2001-08-23 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32 . 2001-08-17 13:48 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46 . 2006-09-11 07:49 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2008-06-10 19:26 . 2008-06-10 19:26 62910 -c--a-w- c:\program files\Uninstall.exe

2007-11-15 07:20 . 2007-11-15 07:20 774144 ----a-w- c:\program files\RngInterstitial.dll

2012-07-14 00:17 . 2012-07-21 09:54 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4abe316f-6a24-4e80-b8f3-3b69c1578ab8}]

2011-03-04 10:54 81920 ----a-w- c:\program files\jobstoolbar\vmntemplateX.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}]

2012-05-10 00:05 1607472 ----a-w- c:\program files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{4abe316f-6a24-4e80-b8f3-3b69c1578ab8}"= "c:\program files\jobstoolbar\vmntemplateX.dll" [2011-03-04 81920]

"{EA582743-9076-4178-9AA6-7393FDF4D5CE}"= "c:\program files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll" [2012-05-10 1607472]

.

[HKEY_CLASSES_ROOT\clsid\{4abe316f-6a24-4e80-b8f3-3b69c1578ab8}]

.

[HKEY_CLASSES_ROOT\clsid\{ea582743-9076-4178-9aa6-7393fdf4d5ce}]

[HKEY_CLASSES_ROOT\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-14 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-10-07 161336]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Monitor"="e:\program files\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]

"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]

"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]

"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]

WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2009-1-12 745472]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-15 21:00 12536 ----a-w- c:\windows\system32\avgrsstx.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^Startup^GameFly.lnk]

path=c:\documents and settings\Jim\Start Menu\Programs\Startup\GameFly.lnk

backup=c:\windows\pss\GameFly.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-02-29 15:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]

2012-07-12 12:44 9478320 ----a-w- c:\documents and settings\Jim\Application Data\Spotify\spotify.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-11-24 06:53 1242448 ----a-w- e:\program files\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

.

R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/21/2009 3:08 PM 216400]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/21/2009 3:08 PM 243152]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/15/2010 1:59 PM 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 1:59 PM 308136]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [1/12/2009 5:03 PM 66048]

R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [7/5/2012 6:41 PM 3048136]

R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [3/9/2011 11:07 AM 238592]

R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [3/9/2011 11:18 AM 1060864]

R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [3/9/2011 11:16 AM 484352]

R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [9/15/2011 7:18 PM 25704]

R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [9/15/2011 7:19 PM 25704]

R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [9/15/2011 7:19 PM 25704]

R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [9/15/2011 7:19 PM 25704]

R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [9/15/2011 7:19 PM 25704]

S0 tpcdrdrv;tpcdrdrv;c:\windows\system32\DRIVERS\tpcdrdrv.sys --> c:\windows\system32\DRIVERS\tpcdrdrv.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 7:34 AM 135664]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [6/7/2012 2:59 PM 1262400]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/16/2012 2:10 AM 250056]

S3 Alpham;Ideazon Merc Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [3/12/2006 1:11 PM 37248]

S3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [9/15/2011 2:05 PM 16640]

S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [7/7/2010 12:53 AM 2944]

S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [7/7/2010 12:54 AM 3168]

S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [7/7/2010 12:53 AM 39552]

S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [7/7/2010 12:53 AM 60416]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 7:34 AM 135664]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/21/2012 2:54 AM 113120]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [1/12/2009 5:03 PM 167808]

S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [1/12/2009 5:03 PM 13532]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/16/2012 3:39 AM 11520]

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 04:15]

.

2012-07-24 c:\windows\Tasks\AdobeAAMUpdater-1.0-DUFIS-D-Jim.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-05-05 13:09]

.

2012-07-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2012-07-24 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-14 17:03]

.

2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 14:34]

.

2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 14:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=108844&mntrId=1b0529e00000000000000016ec2fa0b3

uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local;<local>

uSearchAssistant = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

DPF: RaptisoftGameLoader - hxxp://www.gamehouse.com/realarcade-webgames/hamsterball/raptisoftgameloader.cab

FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\1ig2pwy8.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/

.

.

------- File Associations -------

.

.scr=SageThumbsImage.scr

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

HKCU-Run-AdobeBridge - (no file)

HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe

Notify-AtiExtEvent - (no file)

SafeBoot-AVG Anti-Spyware Driver

SafeBoot-AVG Anti-Spyware Guard

MSConfigStartUp-AdobeBridge - e:\program files\Adobe\Adobe Bridge CS5.1\Bridge.exe

HKLM_ActiveSetup-{1D8CE183-1EBB-7FCA-9EAC-FE677F0EAD9D} - c:\documents and settings\Jim\Application Data\bot1.exe

HKLM_ActiveSetup-{CAA91FDD-EDBE-588A-DB60-B4CBDFFFBE6D} - c:\documents and settings\Jim\Application Data\bot.exe

AddRemove-12345_is1 - e:\program files\WeGame\unins000.exe

AddRemove-15b35190-c6f9-11d9-9669-0800200c9a66_is1 - e:\program files\Turbine\DDO Unlimited\unins000.exe

AddRemove-Audacity 1.3 Beta (Unicode)_is1 - e:\program files\Audacity 1.3 Beta (Unicode)\unins000.exe

AddRemove-Baldur's Gate - c:\program files\Black Isle\Baldur's Gate\Uninst.isu

AddRemove-dimaondtools - e:\program files\Diamond Multimedia\Diamond Tools\uninstall.exe

AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.6\uninstall.exe

AddRemove-Free M4a to MP3 Converter_is1 - e:\program files\Free M4a to MP3 Converter\unins000.exe

AddRemove-iSkysoft DRM Removal_is1 - e:\program files\iSkysoft\DRM Removal\unins000.exe

AddRemove-KB913433 - c:\windows\system32\MacroMed\Flash\genuinst.exe

AddRemove-NSS - c:\program files\Norton Security Scan\Engine\3.0.0.103\InstWrap.exe

AddRemove-Punch! Home Design - Platinum - e:\progra~1\PUNCH!~1\UNWISE.EXE

AddRemove-RAR Password Cracker - h:\program files\RAR Password Cracker\uninstall.exe

AddRemove-Slingo Quest Egypt - c:\program files\Slingo Quest Egypt\Uninstall.exe

AddRemove-Slingo-Supreme - c:\program files\Slingo-Supreme\Uninstall.exe

AddRemove-Virtual DJ - Atomix Productions - e:\progra~1\VIRTUA~1\UNWISE.EXE

AddRemove-WinGimp-2.0_is1 - c:\program files\GIMP-2.0\setup\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-25 22:26

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: Maxtor_6Y080P0 rev.YAR41BW0 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-17

.

device: opened successfully

user: MBR read successfully

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A1052E2

user & kernel MBR OK

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,03,cc,57,59,1d,a3,38,48,aa,fd,13,\

.

[HKEY_USERS\S-1-5-21-57989841-2025429265-725345543-1003\Software\SecuROM\License information*]

"datasecu"=hex:94,c5,e7,2e,4a,b8,d8,b9,ed,8f,60,54,17,2a,56,04,e8,5c,78,84,f0,

49,54,43,a3,1d,7c,99,f2,95,50,71,a3,55,33,9b,f0,04,20,fa,22,a8,55,9a,7c,2d,\

"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:de,5e,c5,e5,35,85,69,83,85,07,c1,0b,47,0d,7d,d0,fb,59,e4,6b,99,

0f,f2,91,cc,2e,15,99,50,fa,26,22,28,18,c9,53,0a,e5,bd,3d,0e,66,6e,47,0d,c6,\

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHõwæ*]

"DisplayName"="?\11\09"

"DeviceDesc"="?\11\09"

"ProviderName"="???\11? H\11??"

"MFG"="???"

"ReinstallString"=".10.1000.5"

"DeviceInstanceIds"=multi:"d:\\raid\\ati\\sbdrv\\smbus\\smbusati.inf\00"

.

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:de,5e,c5,e5,35,85,69,83,85,07,c1,0b,47,0d,7d,d0,fb,59,e4,6b,99,

0f,f2,91,cc,2e,15,99,50,fa,26,22,28,18,c9,53,0a,e5,bd,3d,0e,66,6e,47,0d,c6,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3624)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~3\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\mshtml.dll

e:\program files\SageThumbs\32\SageThumbs.dll

e:\program files\SageThumbs\32\sqlite3.dll

e:\program files\SageThumbs\32\libgfl340.dll

e:\program files\SageThumbs\32\libgfle340.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\Google\Update\1.3.21.115\GoogleCrashHandler.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

e:\program files\LeapFrog Connect\CommandService.exe

c:\nexon\Mabinogi\npkcmsvc.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\windows\system32\nvsvc32.exe

c:\windows\SOUNDMAN.EXE

c:\program files\Cyberlink\Shared files\RichVideo.exe

c:\windows\system32\RunDLL32.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2012-07-25 22:32:43 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-26 05:32

.

Pre-Run: 21,609,213,952 bytes free

Post-Run: 26,667,184,128 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer

.

- - End Of File - - 6C3B540BFA916F8FAF7130BF97B6E05E

Link to post
Share on other sites

  • Staff

Hi,

Uninstall these two programs:

jobstoolbar

Amazon Browser Bar

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

here is the log

14:48:26.0265 4952 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

14:48:26.0734 4952 ============================================================

14:48:26.0734 4952 Current date / time: 2012/07/26 14:48:26.0734

14:48:26.0734 4952 SystemInfo:

14:48:26.0734 4952

14:48:26.0734 4952 OS Version: 5.1.2600 ServicePack: 3.0

14:48:26.0734 4952 Product type: Workstation

14:48:26.0734 4952 ComputerName: DUFIS-D

14:48:26.0734 4952 UserName: Jim

14:48:26.0734 4952 Windows directory: C:\WINDOWS

14:48:26.0734 4952 System windows directory: C:\WINDOWS

14:48:26.0734 4952 Processor architecture: Intel x86

14:48:26.0734 4952 Number of processors: 2

14:48:26.0734 4952 Page size: 0x1000

14:48:26.0734 4952 Boot type: Normal boot

14:48:26.0734 4952 ============================================================

14:48:30.0312 4952 Drive \Device\Harddisk0\DR0 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

14:48:30.0328 4952 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

14:48:30.0328 4952 ============================================================

14:48:30.0328 4952 \Device\Harddisk0\DR0:

14:48:30.0328 4952 MBR partitions:

14:48:30.0328 4952 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x98A7FAD

14:48:30.0328 4952 \Device\Harddisk1\DR1:

14:48:30.0328 4952 MBR partitions:

14:48:30.0328 4952 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542

14:48:30.0328 4952 ============================================================

14:48:30.0375 4952 C: <-> \Device\Harddisk0\DR0\Partition0

14:48:30.0390 4952 E: <-> \Device\Harddisk1\DR1\Partition0

14:48:30.0421 4952 ============================================================

14:48:30.0421 4952 Initialize success

14:48:30.0421 4952 ============================================================

14:48:37.0484 5724 ============================================================

14:48:37.0484 5724 Scan started

14:48:37.0484 5724 Mode: Manual;

14:48:37.0484 5724 ============================================================

14:48:37.0890 5724 Abiosdsk - ok

14:48:37.0906 5724 abp480n5 - ok

14:48:37.0937 5724 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

14:48:37.0953 5724 ACPI - ok

14:48:37.0968 5724 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

14:48:37.0968 5724 ACPIEC - ok

14:48:38.0062 5724 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

14:48:38.0062 5724 AdobeFlashPlayerUpdateSvc - ok

14:48:38.0093 5724 adpu160m - ok

14:48:38.0109 5724 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

14:48:38.0125 5724 aec - ok

14:48:38.0187 5724 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

14:48:38.0218 5724 AFD - ok

14:48:38.0218 5724 Aha154x - ok

14:48:38.0234 5724 aic78u2 - ok

14:48:38.0234 5724 aic78xx - ok

14:48:38.0437 5724 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

14:48:38.0562 5724 ALCXWDM - ok

14:48:38.0671 5724 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

14:48:38.0671 5724 Alerter - ok

14:48:38.0703 5724 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

14:48:38.0703 5724 ALG - ok

14:48:38.0718 5724 AliIde - ok

14:48:38.0750 5724 Alpham (5c6b6686f14b6e9549e320f59fec1469) C:\WINDOWS\system32\DRIVERS\Alpham.sys

14:48:38.0765 5724 Alpham - ok

14:48:38.0812 5724 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

14:48:38.0828 5724 AmdK8 - ok

14:48:38.0828 5724 amsint - ok

14:48:38.0921 5724 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

14:48:38.0937 5724 Apple Mobile Device - ok

14:48:38.0984 5724 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

14:48:39.0000 5724 AppMgmt - ok

14:48:39.0062 5724 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

14:48:39.0062 5724 Arp1394 - ok

14:48:39.0140 5724 AsAudioDevice_349 (85ece26f326c2d07ba77a60343468272) C:\WINDOWS\system32\drivers\AsAudioDevice_349.sys

14:48:39.0156 5724 AsAudioDevice_349 - ok

14:48:39.0156 5724 asc - ok

14:48:39.0156 5724 asc3350p - ok

14:48:39.0171 5724 asc3550 - ok

14:48:39.0250 5724 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

14:48:39.0296 5724 aspnet_state - ok

14:48:39.0328 5724 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

14:48:39.0328 5724 AsyncMac - ok

14:48:39.0343 5724 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

14:48:39.0343 5724 atapi - ok

14:48:39.0343 5724 Atdisk - ok

14:48:39.0406 5724 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys

14:48:39.0421 5724 atksgt - ok

14:48:39.0421 5724 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

14:48:39.0437 5724 Atmarpc - ok

14:48:39.0468 5724 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

14:48:39.0468 5724 AudioSrv - ok

14:48:39.0500 5724 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

14:48:39.0500 5724 audstub - ok

14:48:39.0593 5724 avg9emc (aa054cd537357f03d5ba6aba7562b35f) C:\Program Files\AVG\AVG9\avgemc.exe

14:48:39.0625 5724 avg9emc - ok

14:48:39.0656 5724 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files\AVG\AVG9\avgwdsvc.exe

14:48:39.0671 5724 avg9wd - ok

14:48:39.0812 5724 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys

14:48:39.0828 5724 AvgLdx86 - ok

14:48:39.0843 5724 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\System32\Drivers\avgmfx86.sys

14:48:39.0843 5724 AvgMfx86 - ok

14:48:39.0875 5724 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\System32\Drivers\avgtdix.sys

14:48:39.0890 5724 AvgTdiX - ok

14:48:39.0984 5724 BCM43XX (2ee34b694d1ce077678662d7884f6c79) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

14:48:40.0093 5724 BCM43XX - ok

14:48:40.0140 5724 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

14:48:40.0140 5724 Beep - ok

14:48:40.0203 5724 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

14:48:40.0250 5724 BITS - ok

14:48:40.0375 5724 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

14:48:40.0406 5724 Bonjour Service - ok

14:48:40.0437 5724 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys

14:48:40.0437 5724 brfilt - ok

14:48:40.0468 5724 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

14:48:40.0468 5724 Browser - ok

14:48:40.0484 5724 brparimg (e05d9eda91c1b2c4c4f6f5a6d5b14b58) C:\WINDOWS\system32\DRIVERS\BrParImg.sys

14:48:40.0484 5724 brparimg - ok

14:48:40.0515 5724 BrParWdm (108d5c678411ac5b53d51756177d50a4) C:\WINDOWS\system32\Drivers\BrParwdm.sys

14:48:40.0546 5724 BrParWdm - ok

14:48:40.0562 5724 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys

14:48:40.0562 5724 BrSerWDM - ok

14:48:40.0562 5724 catchme - ok

14:48:40.0625 5724 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

14:48:40.0625 5724 cbidf2k - ok

14:48:40.0625 5724 cd20xrnt - ok

14:48:40.0640 5724 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

14:48:40.0640 5724 Cdaudio - ok

14:48:40.0656 5724 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

14:48:40.0656 5724 Cdfs - ok

14:48:40.0687 5724 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

14:48:40.0703 5724 Cdrom - ok

14:48:40.0703 5724 Changer - ok

14:48:40.0734 5724 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

14:48:40.0734 5724 cisvc - ok

14:48:40.0750 5724 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

14:48:40.0750 5724 ClipSrv - ok

14:48:40.0828 5724 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:48:40.0953 5724 clr_optimization_v2.0.50727_32 - ok

14:48:41.0031 5724 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:48:41.0125 5724 clr_optimization_v4.0.30319_32 - ok

14:48:41.0140 5724 CmdIde - ok

14:48:41.0140 5724 COMSysApp - ok

14:48:41.0156 5724 Cpqarray - ok

14:48:41.0203 5724 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

14:48:41.0203 5724 CryptSvc - ok

14:48:41.0203 5724 dac2w2k - ok

14:48:41.0218 5724 dac960nt - ok

14:48:41.0265 5724 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

14:48:41.0281 5724 DcomLaunch - ok

14:48:41.0312 5724 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

14:48:41.0328 5724 Dhcp - ok

14:48:41.0375 5724 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

14:48:41.0375 5724 Disk - ok

14:48:41.0375 5724 dmadmin - ok

14:48:41.0468 5724 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

14:48:41.0531 5724 dmboot - ok

14:48:41.0546 5724 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

14:48:41.0562 5724 dmio - ok

14:48:41.0578 5724 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

14:48:41.0578 5724 dmload - ok

14:48:41.0609 5724 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

14:48:41.0609 5724 dmserver - ok

14:48:41.0625 5724 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

14:48:41.0625 5724 DMusic - ok

14:48:41.0656 5724 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

14:48:41.0656 5724 Dnscache - ok

14:48:41.0687 5724 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

14:48:41.0718 5724 Dot3svc - ok

14:48:41.0718 5724 dpti2o - ok

14:48:41.0734 5724 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

14:48:41.0734 5724 drmkaud - ok

14:48:41.0781 5724 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

14:48:41.0781 5724 EapHost - ok

14:48:41.0812 5724 EAPPkt (efacd8d57a42a93e244a0dbd357e8cb8) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys

14:48:41.0843 5724 EAPPkt - ok

14:48:41.0843 5724 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

14:48:41.0859 5724 ERSvc - ok

14:48:41.0890 5724 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

14:48:41.0906 5724 Eventlog - ok

14:48:41.0921 5724 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll

14:48:41.0953 5724 EventSystem - ok

14:48:42.0015 5724 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

14:48:42.0015 5724 Fastfat - ok

14:48:42.0046 5724 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

14:48:42.0062 5724 FastUserSwitchingCompatibility - ok

14:48:42.0078 5724 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

14:48:42.0093 5724 Fdc - ok

14:48:42.0093 5724 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

14:48:42.0109 5724 Fips - ok

14:48:42.0234 5724 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

14:48:42.0265 5724 FLEXnet Licensing Service - ok

14:48:42.0281 5724 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

14:48:42.0281 5724 Flpydisk - ok

14:48:42.0312 5724 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

14:48:42.0328 5724 FltMgr - ok

14:48:42.0437 5724 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

14:48:42.0453 5724 FontCache3.0.0.0 - ok

14:48:42.0468 5724 FreshIO - ok

14:48:42.0500 5724 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

14:48:42.0500 5724 Fs_Rec - ok

14:48:42.0515 5724 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

14:48:42.0531 5724 Ftdisk - ok

14:48:42.0546 5724 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

14:48:42.0562 5724 GEARAspiWDM - ok

14:48:42.0578 5724 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

14:48:42.0578 5724 Gpc - ok

14:48:42.0578 5724 GTNDIS5 - ok

14:48:42.0671 5724 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

14:48:42.0671 5724 gupdate - ok

14:48:42.0687 5724 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

14:48:42.0687 5724 gupdatem - ok

14:48:42.0718 5724 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

14:48:42.0734 5724 gusvc - ok

14:48:42.0796 5724 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys

14:48:42.0796 5724 hamachi - ok

14:48:42.0906 5724 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

14:48:42.0906 5724 helpsvc - ok

14:48:42.0937 5724 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

14:48:42.0953 5724 HidServ - ok

14:48:42.0953 5724 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

14:48:42.0953 5724 hidusb - ok

14:48:43.0031 5724 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

14:48:43.0046 5724 hkmsvc - ok

14:48:43.0046 5724 hpn - ok

14:48:43.0046 5724 hpt3xx - ok

14:48:43.0093 5724 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

14:48:43.0109 5724 HTTP - ok

14:48:43.0171 5724 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

14:48:43.0171 5724 HTTPFilter - ok

14:48:43.0171 5724 i2omgmt - ok

14:48:43.0171 5724 i2omp - ok

14:48:43.0203 5724 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

14:48:43.0218 5724 i8042prt - ok

14:48:43.0312 5724 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

14:48:43.0343 5724 IDriverT - ok

14:48:43.0500 5724 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

14:48:43.0531 5724 idsvc - ok

14:48:43.0562 5724 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

14:48:43.0578 5724 Imapi - ok

14:48:43.0609 5724 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

14:48:43.0625 5724 ImapiService - ok

14:48:43.0625 5724 ini910u - ok

14:48:43.0640 5724 IntelIde - ok

14:48:43.0687 5724 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

14:48:43.0703 5724 ip6fw - ok

14:48:43.0718 5724 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

14:48:43.0718 5724 IpFilterDriver - ok

14:48:43.0734 5724 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

14:48:43.0750 5724 IpInIp - ok

14:48:43.0781 5724 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

14:48:43.0796 5724 IpNat - ok

14:48:43.0906 5724 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe

14:48:43.0953 5724 iPod Service - ok

14:48:43.0953 5724 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

14:48:43.0968 5724 IPSec - ok

14:48:43.0984 5724 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

14:48:43.0984 5724 IRENUM - ok

14:48:44.0031 5724 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

14:48:44.0031 5724 isapnp - ok

14:48:44.0078 5724 ivusb (de96bbf842059a67d876b692076d8875) C:\WINDOWS\system32\DRIVERS\ivusb.sys

14:48:44.0078 5724 ivusb - ok

14:48:44.0156 5724 JavaQuickStarterService (4f2143570d2250ca4c4a4c98553c82cd) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

14:48:44.0156 5724 JavaQuickStarterService - ok

14:48:44.0187 5724 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

14:48:44.0187 5724 Kbdclass - ok

14:48:44.0203 5724 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

14:48:44.0203 5724 kbdhid - ok

14:48:44.0218 5724 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

14:48:44.0234 5724 kmixer - ok

14:48:44.0281 5724 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

14:48:44.0281 5724 KSecDD - ok

14:48:44.0328 5724 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

14:48:44.0343 5724 lanmanserver - ok

14:48:44.0375 5724 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

14:48:44.0421 5724 lanmanworkstation - ok

14:48:44.0421 5724 lbrtfdc - ok

14:48:44.0843 5724 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) E:\Program Files\LeapFrog Connect\CommandService.exe

14:48:45.0296 5724 LeapFrog Connect Device Service - ok

14:48:45.0328 5724 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys

14:48:45.0328 5724 lirsgt - ok

14:48:45.0343 5724 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

14:48:45.0343 5724 LmHosts - ok

14:48:45.0375 5724 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

14:48:45.0375 5724 Messenger - ok

14:48:45.0406 5724 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys

14:48:45.0406 5724 mf - ok

14:48:45.0437 5724 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

14:48:45.0453 5724 mnmdd - ok

14:48:45.0484 5724 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe

14:48:45.0484 5724 mnmsrvc - ok

14:48:45.0500 5724 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

14:48:45.0500 5724 Modem - ok

14:48:45.0562 5724 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys

14:48:45.0578 5724 motccgp - ok

14:48:45.0609 5724 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys

14:48:45.0609 5724 motccgpfl - ok

14:48:45.0640 5724 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys

14:48:45.0656 5724 motmodem - ok

14:48:45.0687 5724 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motport.sys

14:48:45.0703 5724 motport - ok

14:48:45.0703 5724 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

14:48:45.0703 5724 Mouclass - ok

14:48:45.0734 5724 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

14:48:45.0734 5724 mouhid - ok

14:48:45.0750 5724 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

14:48:45.0750 5724 MountMgr - ok

14:48:45.0843 5724 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

14:48:45.0859 5724 MozillaMaintenance - ok

14:48:45.0875 5724 mraid35x - ok

14:48:45.0890 5724 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

14:48:45.0906 5724 MRxDAV - ok

14:48:45.0968 5724 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

14:48:45.0984 5724 MRxSmb - ok

14:48:46.0031 5724 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe

14:48:46.0031 5724 MSDTC - ok

14:48:46.0062 5724 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

14:48:46.0062 5724 Msfs - ok

14:48:46.0062 5724 MSIServer - ok

14:48:46.0109 5724 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

14:48:46.0109 5724 MSKSSRV - ok

14:48:46.0140 5724 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

14:48:46.0140 5724 MSPCLOCK - ok

14:48:46.0156 5724 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

14:48:46.0156 5724 MSPQM - ok

14:48:46.0171 5724 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

14:48:46.0171 5724 mssmbios - ok

14:48:46.0187 5724 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

14:48:46.0187 5724 Mup - ok

14:48:46.0234 5724 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

14:48:46.0281 5724 napagent - ok

14:48:46.0281 5724 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

14:48:46.0296 5724 NDIS - ok

14:48:46.0312 5724 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

14:48:46.0328 5724 NdisTapi - ok

14:48:46.0343 5724 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

14:48:46.0343 5724 Ndisuio - ok

14:48:46.0359 5724 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

14:48:46.0375 5724 NdisWan - ok

14:48:46.0421 5724 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

14:48:46.0421 5724 NDProxy - ok

14:48:46.0468 5724 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

14:48:46.0484 5724 NetBIOS - ok

14:48:46.0500 5724 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

14:48:46.0515 5724 NetBT - ok

14:48:46.0562 5724 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

14:48:46.0578 5724 NetDDE - ok

14:48:46.0578 5724 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

14:48:46.0593 5724 NetDDEdsdm - ok

14:48:46.0625 5724 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

14:48:46.0640 5724 Netlogon - ok

14:48:46.0656 5724 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

14:48:46.0671 5724 Netman - ok

14:48:46.0781 5724 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:48:46.0796 5724 NetTcpPortSharing - ok

14:48:46.0843 5724 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

14:48:46.0859 5724 NIC1394 - ok

14:48:46.0906 5724 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

14:48:46.0906 5724 Nla - ok

14:48:46.0937 5724 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

14:48:46.0937 5724 Npfs - ok

14:48:47.0000 5724 npkcmsvc (b28873f1a04dffd29d03d6eb201f9e49) C:\Nexon\Mabinogi\npkcmsvc.exe

14:48:47.0015 5724 npkcmsvc - ok

14:48:47.0031 5724 npkcrypt - ok

14:48:47.0046 5724 npkcusb - ok

14:48:47.0109 5724 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

14:48:47.0125 5724 Ntfs - ok

14:48:47.0140 5724 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe

14:48:47.0156 5724 NtLmSsp - ok

14:48:47.0203 5724 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

14:48:47.0234 5724 NtmsSvc - ok

14:48:47.0265 5724 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

14:48:47.0265 5724 Null - ok

14:48:48.0062 5724 nv (7b5a17bd54bb9142843dbe99a1caaed8) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

14:48:48.0703 5724 nv - ok

14:48:48.0843 5724 NVSvc (5150b108ea88831e1c599603d8b89621) C:\WINDOWS\system32\nvsvc32.exe

14:48:48.0859 5724 NVSvc - ok

14:48:49.0015 5724 nvUpdatusService (83e8ab7bb3c8956c53fec071c94f0bbb) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

14:48:49.0062 5724 nvUpdatusService - ok

14:48:49.0156 5724 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

14:48:49.0156 5724 NwlnkFlt - ok

14:48:49.0187 5724 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

14:48:49.0187 5724 NwlnkFwd - ok

14:48:49.0250 5724 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

14:48:49.0250 5724 ohci1394 - ok

14:48:49.0281 5724 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys

14:48:49.0312 5724 PalmUSBD - ok

14:48:49.0328 5724 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

14:48:49.0328 5724 Parport - ok

14:48:49.0343 5724 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

14:48:49.0343 5724 PartMgr - ok

14:48:49.0390 5724 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

14:48:49.0390 5724 ParVdm - ok

14:48:49.0421 5724 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

14:48:49.0437 5724 PCI - ok

14:48:49.0437 5724 PCIDump - ok

14:48:49.0500 5724 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

14:48:49.0500 5724 PCIIde - ok

14:48:49.0531 5724 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

14:48:49.0531 5724 Pcmcia - ok

14:48:49.0531 5724 PDCOMP - ok

14:48:49.0546 5724 PDFRAME - ok

14:48:49.0546 5724 PDRELI - ok

14:48:49.0546 5724 PDRFRAME - ok

14:48:49.0562 5724 perc2 - ok

14:48:49.0562 5724 perc2hib - ok

14:48:49.0609 5724 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

14:48:49.0609 5724 PlugPlay - ok

14:48:49.0625 5724 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

14:48:49.0625 5724 PolicyAgent - ok

14:48:49.0640 5724 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

14:48:49.0656 5724 PptpMiniport - ok

14:48:49.0656 5724 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

14:48:49.0671 5724 Processor - ok

14:48:49.0671 5724 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

14:48:49.0671 5724 ProtectedStorage - ok

14:48:49.0687 5724 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

14:48:49.0687 5724 PSched - ok

14:48:49.0703 5724 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

14:48:49.0703 5724 Ptilink - ok

14:48:49.0734 5724 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

14:48:49.0734 5724 PxHelp20 - ok

14:48:49.0734 5724 ql1080 - ok

14:48:49.0734 5724 Ql10wnt - ok

14:48:49.0750 5724 ql12160 - ok

14:48:49.0750 5724 ql1240 - ok

14:48:49.0765 5724 ql1280 - ok

14:48:49.0781 5724 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

14:48:49.0781 5724 RasAcd - ok

14:48:49.0812 5724 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

14:48:49.0828 5724 RasAuto - ok

14:48:49.0828 5724 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

14:48:49.0843 5724 Rasl2tp - ok

14:48:49.0890 5724 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

14:48:49.0890 5724 RasMan - ok

14:48:49.0906 5724 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

14:48:49.0921 5724 RasPppoe - ok

14:48:49.0921 5724 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

14:48:49.0921 5724 Raspti - ok

14:48:49.0968 5724 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

14:48:49.0968 5724 Rdbss - ok

14:48:49.0984 5724 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

14:48:49.0984 5724 RDPCDD - ok

14:48:50.0015 5724 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

14:48:50.0031 5724 rdpdr - ok

14:48:50.0078 5724 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys

14:48:50.0093 5724 RDPWD - ok

14:48:50.0125 5724 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

14:48:50.0125 5724 RDSessMgr - ok

14:48:50.0187 5724 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

14:48:50.0187 5724 redbook - ok

14:48:50.0234 5724 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

14:48:50.0234 5724 RemoteAccess - ok

14:48:50.0281 5724 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

14:48:50.0281 5724 RemoteRegistry - ok

14:48:50.0390 5724 RichVideo (7728b6aedc83bc0defd0a53371d4613b) C:\Program Files\Cyberlink\Shared files\RichVideo.exe

14:48:50.0406 5724 RichVideo - ok

14:48:50.0453 5724 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe

14:48:50.0468 5724 RpcLocator - ok

14:48:50.0515 5724 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

14:48:50.0515 5724 RpcSs - ok

14:48:50.0562 5724 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe

14:48:50.0578 5724 RSVP - ok

14:48:50.0703 5724 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

14:48:50.0734 5724 RTL8023xp - ok

14:48:50.0781 5724 RTLWUSB (691db86b09e13ca5d3e8881141738cc5) C:\WINDOWS\system32\DRIVERS\wg111v2.sys

14:48:50.0828 5724 RTLWUSB - ok

14:48:50.0843 5724 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

14:48:50.0843 5724 SamSs - ok

14:48:50.0875 5724 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys

14:48:50.0875 5724 sbp2port - ok

14:48:50.0906 5724 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

14:48:50.0921 5724 SCardSvr - ok

14:48:50.0984 5724 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

14:48:51.0000 5724 Schedule - ok

14:48:51.0031 5724 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

14:48:51.0031 5724 Secdrv - ok

14:48:51.0046 5724 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

14:48:51.0046 5724 seclogon - ok

14:48:51.0093 5724 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

14:48:51.0093 5724 SENS - ok

14:48:51.0109 5724 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

14:48:51.0109 5724 serenum - ok

14:48:51.0125 5724 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

14:48:51.0125 5724 Serial - ok

14:48:51.0156 5724 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

14:48:51.0156 5724 Sfloppy - ok

14:48:51.0187 5724 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

14:48:51.0218 5724 SharedAccess - ok

14:48:51.0250 5724 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

14:48:51.0250 5724 ShellHWDetection - ok

14:48:51.0250 5724 Simbad - ok

14:48:51.0296 5724 SjyPkt (3d7ef286e806f9bd9339aa52e28dcd67) C:\WINDOWS\System32\Drivers\SjyPkt.sys

14:48:51.0312 5724 SjyPkt - ok

14:48:51.0687 5724 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

14:48:51.0812 5724 Skype C2C Service - ok

14:48:51.0953 5724 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe

14:48:51.0968 5724 SkypeUpdate - ok

14:48:52.0218 5724 Sparrow - ok

14:48:52.0234 5724 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

14:48:52.0234 5724 splitter - ok

14:48:52.0265 5724 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

14:48:52.0296 5724 Spooler - ok

14:48:52.0359 5724 sptd (0022cfff1a41e5ce3a764050a7ddf22a) C:\WINDOWS\System32\Drivers\sptd.sys

14:48:52.0375 5724 sptd - ok

14:48:52.0390 5724 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

14:48:52.0390 5724 sr - ok

14:48:52.0437 5724 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

14:48:52.0453 5724 srservice - ok

14:48:52.0500 5724 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

14:48:52.0515 5724 Srv - ok

14:48:52.0546 5724 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

14:48:52.0546 5724 SSDPSRV - ok

14:48:52.0593 5724 Steam Client Service - ok

14:48:52.0640 5724 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

14:48:52.0671 5724 stisvc - ok

14:48:52.0687 5724 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

14:48:52.0687 5724 swenum - ok

14:48:52.0796 5724 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

14:48:52.0828 5724 SwitchBoard - ok

14:48:52.0843 5724 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

14:48:52.0859 5724 swmidi - ok

14:48:52.0859 5724 SwPrv - ok

14:48:52.0875 5724 symc810 - ok

14:48:52.0875 5724 symc8xx - ok

14:48:52.0875 5724 sym_hi - ok

14:48:52.0890 5724 sym_u3 - ok

14:48:52.0921 5724 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

14:48:52.0921 5724 sysaudio - ok

14:48:52.0953 5724 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

14:48:52.0968 5724 SysmonLog - ok

14:48:53.0000 5724 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

14:48:53.0015 5724 TapiSrv - ok

14:48:53.0078 5724 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

14:48:53.0093 5724 Tcpip - ok

14:48:53.0125 5724 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

14:48:53.0125 5724 TDPIPE - ok

14:48:53.0140 5724 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

14:48:53.0140 5724 TDTCP - ok

14:48:53.0171 5724 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

14:48:53.0171 5724 TermDD - ok

14:48:53.0203 5724 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

14:48:53.0234 5724 TermService - ok

14:48:53.0281 5724 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

14:48:53.0281 5724 Themes - ok

14:48:53.0312 5724 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe

14:48:53.0328 5724 TlntSvr - ok

14:48:53.0328 5724 TosIde - ok

14:48:53.0343 5724 tpcdrdrv - ok

14:48:53.0390 5724 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

14:48:53.0406 5724 TrkWks - ok

14:48:53.0437 5724 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

14:48:53.0437 5724 Udfs - ok

14:48:53.0453 5724 ultra - ok

14:48:53.0531 5724 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

14:48:53.0562 5724 Update - ok

14:48:53.0578 5724 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

14:48:53.0593 5724 upnphost - ok

14:48:53.0625 5724 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

14:48:53.0640 5724 UPS - ok

14:48:53.0687 5724 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys

14:48:53.0703 5724 USBAAPL - ok

14:48:53.0734 5724 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

14:48:53.0734 5724 usbaudio - ok

14:48:53.0750 5724 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

14:48:53.0750 5724 usbccgp - ok

14:48:53.0765 5724 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

14:48:53.0781 5724 usbehci - ok

14:48:53.0781 5724 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

14:48:53.0796 5724 usbhub - ok

14:48:53.0812 5724 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

14:48:53.0812 5724 usbohci - ok

14:48:53.0828 5724 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

14:48:53.0828 5724 usbscan - ok

14:48:53.0843 5724 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

14:48:53.0843 5724 USBSTOR - ok

14:48:53.0875 5724 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

14:48:53.0875 5724 VgaSave - ok

14:48:53.0875 5724 ViaIde - ok

14:48:53.0890 5724 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

14:48:53.0890 5724 VolSnap - ok

14:48:53.0937 5724 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

14:48:53.0968 5724 VSS - ok

14:48:54.0015 5724 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

14:48:54.0031 5724 W32Time - ok

14:48:54.0062 5724 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

14:48:54.0062 5724 Wanarp - ok

14:48:54.0109 5724 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

14:48:54.0125 5724 WDC_SAM - ok

14:48:54.0234 5724 WDDMService (bf847a3972cc6b5ce26e0ea742dd52d9) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

14:48:54.0250 5724 WDDMService - ok

14:48:54.0296 5724 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

14:48:54.0343 5724 Wdf01000 - ok

14:48:54.0437 5724 WDFME (b5966f1dff6e20576f3c8c2d93d129fd) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

14:48:54.0609 5724 WDFME - ok

14:48:54.0734 5724 WDICA - ok

14:48:54.0765 5724 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

14:48:54.0765 5724 wdmaud - ok

14:48:54.0890 5724 WDSC (92f0088ca18bb08bb596ef2608256f8a) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

14:48:54.0953 5724 WDSC - ok

14:48:54.0984 5724 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

14:48:55.0000 5724 WebClient - ok

14:48:55.0015 5724 WINFLASH - ok

14:48:55.0093 5724 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

14:48:55.0109 5724 winmgmt - ok

14:48:55.0140 5724 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

14:48:55.0156 5724 WmdmPmSN - ok

14:48:55.0234 5724 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

14:48:55.0265 5724 Wmi - ok

14:48:55.0296 5724 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe

14:48:55.0312 5724 WmiApSrv - ok

14:48:55.0437 5724 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

14:48:55.0484 5724 WMPNetworkSvc - ok

14:48:55.0546 5724 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

14:48:55.0562 5724 WpdUsb - ok

14:48:55.0703 5724 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

14:48:55.0750 5724 WPFFontCache_v0400 - ok

14:48:55.0796 5724 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

14:48:55.0796 5724 WS2IFSL - ok

14:48:55.0843 5724 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys

14:48:55.0859 5724 WsAudio_DeviceS(1) - ok

14:48:55.0875 5724 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys

14:48:55.0875 5724 WsAudio_DeviceS(2) - ok

14:48:55.0890 5724 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys

14:48:55.0906 5724 WsAudio_DeviceS(3) - ok

14:48:55.0921 5724 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys

14:48:55.0921 5724 WsAudio_DeviceS(4) - ok

14:48:55.0953 5724 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys

14:48:55.0968 5724 WsAudio_DeviceS(5) - ok

14:48:56.0000 5724 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

14:48:56.0015 5724 wscsvc - ok

14:48:56.0046 5724 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

14:48:56.0046 5724 wuauserv - ok

14:48:56.0078 5724 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

14:48:56.0078 5724 WudfPf - ok

14:48:56.0109 5724 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

14:48:56.0125 5724 WudfRd - ok

14:48:56.0156 5724 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

14:48:56.0156 5724 WudfSvc - ok

14:48:56.0218 5724 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

14:48:56.0234 5724 WZCSVC - ok

14:48:56.0265 5724 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

14:48:56.0281 5724 xmlprov - ok

14:48:56.0296 5724 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

14:48:56.0312 5724 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

14:48:56.0312 5724 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

14:48:56.0328 5724 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1

14:48:59.0640 5724 \Device\Harddisk1\DR1 - ok

14:48:59.0640 5724 Boot (0x1200) (008fdcbe0d81be7095aa970d8aed2d0b) \Device\Harddisk0\DR0\Partition0

14:48:59.0640 5724 \Device\Harddisk0\DR0\Partition0 - ok

14:48:59.0640 5724 Boot (0x1200) (bf1b769e2afc4dc10a89f1ecd4f5379d) \Device\Harddisk1\DR1\Partition0

14:48:59.0656 5724 \Device\Harddisk1\DR1\Partition0 - ok

14:48:59.0656 5724 ============================================================

14:48:59.0656 5724 Scan finished

14:48:59.0656 5724 ============================================================

14:48:59.0656 4848 Detected object count: 1

14:48:59.0656 4848 Actual detected object count: 1

14:49:12.0859 4848 \Device\Harddisk0\DR0\# - copied to quarantine

14:49:12.0859 4848 \Device\Harddisk0\DR0 - copied to quarantine

14:49:12.0906 4848 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

14:49:12.0906 4848 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

14:49:12.0906 4848 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

14:49:12.0921 4848 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

14:49:12.0921 4848 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

14:49:12.0937 4848 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

14:49:13.0031 4848 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

14:49:13.0031 4848 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

14:49:13.0031 4848 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

14:49:13.0031 4848 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

14:49:13.0031 4848 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

14:49:13.0031 4848 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

14:49:13.0031 4848 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

14:49:13.0046 4848 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

14:49:13.0078 4848 \Device\Harddisk0\DR0 - ok

14:49:14.0140 4848 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

14:49:17.0968 5720 Deinitialize success

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Looks like the infections were hit hard. :)

To be sure, please grab fresh copies of ComboFix and TDSSKiller, run them, and post their logs.

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Alright. did what you said. found some threats with the online scanner. but on the performance side, everything has been running smoothly and the symptoms (Google redirecting and the disembodied ads) have disappeared. Thanks for all the help, couldnt have done this without it :).

Here are4 the logs in order

(Combo, TDSS, ESET, Security Check)

ComboFix 12-07-30.01 - Jim 07/30/2012 15:01:27.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1036 [GMT -7:00]

Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))

.

.

2012-07-26 21:49 . 2012-07-26 21:49 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-24 05:24 . 2012-07-24 05:24 -------- d-----w- c:\program files\Oracle

2012-07-24 05:24 . 2012-07-24 05:22 143872 ----a-w- c:\windows\system32javacpl.cpl

2012-07-21 09:54 . 2012-07-21 09:54 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-07-15 07:40 . 2012-07-15 07:40 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Sun

2012-07-10 10:32 . 2012-07-10 10:33 -------- d-----w- c:\program files\MonitorDriver

2012-07-10 10:32 . 2012-07-10 10:32 -------- d-----w- c:\documents and settings\Jim\Application Data\InstallShield

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-26 22:14 . 2012-04-16 09:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-26 22:14 . 2012-04-16 09:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-06 05:07 . 2007-04-19 16:16 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-07-06 05:06 . 2012-04-08 18:59 772544 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-07-06 05:06 . 2010-06-08 19:33 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-03 20:46 . 2009-03-15 18:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 13:19 . 2001-08-23 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2007-05-15 22:43 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2001-08-23 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2001-08-23 12:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 22:19 . 2007-06-21 20:12 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 22:19 . 2007-06-21 20:12 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 22:19 . 2006-09-11 08:15 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 22:19 . 2006-09-11 08:15 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 22:19 . 2005-05-26 11:19 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 22:19 . 2007-06-21 20:12 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 22:19 . 2006-09-11 08:15 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2006-09-11 08:15 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2006-09-11 07:49 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2001-08-23 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 22:19 . 2007-06-21 20:12 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 22:19 . 2006-09-11 08:15 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2006-09-11 07:49 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:18 . 2007-06-22 15:59 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 22:18 . 2006-09-11 08:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 22:18 . 2005-05-26 11:19 214256 ----a-w- c:\windows\system32\muweb.dll

2012-05-31 13:22 . 2002-09-23 22:10 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08 . 2004-01-08 22:23 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 10:18 . 2011-11-24 22:05 883008 ----a-w- c:\windows\system32\nvgenco32.dll

2012-05-15 10:18 . 2011-11-24 22:05 65536 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:18 . 2011-11-24 22:05 17543168 ----a-w- c:\windows\system32\nvcompiler.dll

2012-05-15 10:18 . 2011-11-24 22:05 1000768 ----a-w- c:\windows\system32\nvdispco32.dll

2012-05-15 10:18 . 2009-08-17 07:57 2530624 ----a-w- c:\windows\system32\nvcuvid.dll

2012-05-15 10:18 . 2009-08-17 07:57 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-05-15 10:18 . 2008-05-03 05:46 6012928 ----a-w- c:\windows\system32\nvcuda.dll

2012-05-15 10:18 . 2008-03-16 00:46 18771968 ----a-w- c:\windows\system32\nvoglnt.dll

2012-05-15 10:18 . 2008-03-16 00:45 2359808 ----a-w- c:\windows\system32\nvapi.dll

2012-05-15 10:18 . 2004-08-04 07:56 4373248 ----a-w- c:\windows\system32\nv4_disp.dll

2012-05-15 10:18 . 2004-08-04 05:29 14014656 ----a-w- c:\windows\system32\drivers\nv4_mini.sys

2012-05-15 09:40 . 2009-08-17 10:04 54272 ----a-w- c:\windows\system32\nvwddi.dll

2012-05-15 09:40 . 2009-08-17 10:03 15504192 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 09:40 . 2009-08-17 10:03 143680 ----a-w- c:\windows\system32\nvcolor.exe

2012-05-15 09:40 . 2009-08-17 10:03 164160 ----a-w- c:\windows\system32\nvsvc32.exe

2012-05-15 09:40 . 2009-08-17 10:03 108352 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-11 14:42 . 2001-08-23 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec

2012-05-04 19:33 . 2010-06-06 01:48 477240 ----a-w- c:\windows\system32\drivers\sptd.sys

2012-05-04 13:16 . 2001-08-23 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32 . 2001-08-17 13:48 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46 . 2006-09-11 07:49 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2008-06-10 19:26 . 2008-06-10 19:26 62910 -c--a-w- c:\program files\Uninstall.exe

2007-11-15 07:20 . 2007-11-15 07:20 774144 ----a-w- c:\program files\RngInterstitial.dll

2012-07-14 00:17 . 2012-07-21 09:54 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-26_05.24.46 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-07-28 00:39 . 2012-07-28 00:39 16384 c:\windows\Temp\Perflib_Perfdata_718.dat

+ 2012-07-26 22:14 . 2012-07-26 22:14 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe

+ 2012-07-26 21:14 . 2012-07-26 21:14 686792 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe

+ 2012-07-26 21:14 . 2012-07-26 21:14 466632 c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.dll

+ 2012-04-16 09:10 . 2012-07-26 22:14 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

- 2012-04-16 09:10 . 2012-07-12 04:15 250056 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

+ 2012-07-26 22:14 . 2012-07-26 22:14 9465032 c:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-14 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-10-07 161336]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Monitor"="e:\program files\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]

"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]

"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]

"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 3986944]

WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2009-1-12 745472]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-15 21:00 12536 ----a-w- c:\windows\system32\avgrsstx.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^Startup^GameFly.lnk]

path=c:\documents and settings\Jim\Start Menu\Programs\Startup\GameFly.lnk

backup=c:\windows\pss\GameFly.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-02-29 15:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]

2012-07-12 12:44 9478320 ----a-w- c:\documents and settings\Jim\Application Data\Spotify\spotify.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-11-24 06:53 1242448 ----a-w- e:\program files\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=

.

R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/21/2009 3:08 PM 216400]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/21/2009 3:08 PM 243152]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/15/2010 1:59 PM 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 1:59 PM 308136]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [1/12/2009 5:03 PM 66048]

R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [3/9/2011 11:07 AM 238592]

R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [3/9/2011 11:18 AM 1060864]

R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [3/9/2011 11:16 AM 484352]

R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [9/15/2011 7:18 PM 25704]

R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [9/15/2011 7:19 PM 25704]

R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [9/15/2011 7:19 PM 25704]

R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [9/15/2011 7:19 PM 25704]

R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [9/15/2011 7:19 PM 25704]

S0 tpcdrdrv;tpcdrdrv;c:\windows\system32\DRIVERS\tpcdrdrv.sys --> c:\windows\system32\DRIVERS\tpcdrdrv.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 7:34 AM 135664]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [6/7/2012 2:59 PM 1262400]

S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [7/5/2012 6:41 PM 3048136]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/16/2012 2:10 AM 250056]

S3 Alpham;Ideazon Merc Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [3/12/2006 1:11 PM 37248]

S3 AsAudioDevice_349;AsAudioDevice_349;c:\windows\system32\drivers\AsAudioDevice_349.sys [9/15/2011 2:05 PM 16640]

S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [7/7/2010 12:53 AM 2944]

S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [7/7/2010 12:54 AM 3168]

S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [7/7/2010 12:53 AM 39552]

S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [7/7/2010 12:53 AM 60416]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 7:34 AM 135664]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 12:25 AM 25112]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/21/2012 2:54 AM 113120]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [1/12/2009 5:03 PM 167808]

S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [1/12/2009 5:03 PM 13532]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [6/16/2012 3:39 AM 11520]

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 22:14]

.

2012-07-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-DUFIS-D-Jim.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-05-05 13:09]

.

2012-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2012-07-30 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-14 17:03]

.

2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 14:34]

.

2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 14:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=108844&mntrId=1b0529e00000000000000016ec2fa0b3

uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local;<local>

uSearchAssistant = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

DPF: RaptisoftGameLoader - hxxp://www.gamehouse.com/realarcade-webgames/hamsterball/raptisoftgameloader.cab

FF - ProfilePath - c:\documents and settings\Jim\Application Data\Mozilla\Firefox\Profiles\1ig2pwy8.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/

.

.

------- File Associations -------

.

.scr=SageThumbsImage.scr

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{F443A627-5009-4323-9C1D-7FD598D0D712} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-30 15:12

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,03,cc,57,59,1d,a3,38,48,aa,fd,13,\

.

[HKEY_USERS\S-1-5-21-57989841-2025429265-725345543-1003\Software\SecuROM\License information*]

"datasecu"=hex:94,c5,e7,2e,4a,b8,d8,b9,ed,8f,60,54,17,2a,56,04,e8,5c,78,84,f0,

49,54,43,a3,1d,7c,99,f2,95,50,71,a3,55,33,9b,f0,04,20,fa,22,a8,55,9a,7c,2d,\

"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:de,5e,c5,e5,35,85,69,83,85,07,c1,0b,47,0d,7d,d0,fb,59,e4,6b,99,

0f,f2,91,cc,2e,15,99,50,fa,26,22,28,18,c9,53,0a,e5,bd,3d,0e,66,6e,47,0d,c6,\

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHõwæ*]

"DisplayName"="?\11\09"

"DeviceDesc"="?\11\09"

"ProviderName"="???\11? H\11??"

"MFG"="???"

"ReinstallString"=".10.1000.5"

"DeviceInstanceIds"=multi:"d:\\raid\\ati\\sbdrv\\smbus\\smbusati.inf\00"

.

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:de,5e,c5,e5,35,85,69,83,85,07,c1,0b,47,0d,7d,d0,fb,59,e4,6b,99,

0f,f2,91,cc,2e,15,99,50,fa,26,22,28,18,c9,53,0a,e5,bd,3d,0e,66,6e,47,0d,c6,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(12024)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~3\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\mshtml.dll

e:\program files\SageThumbs\32\SageThumbs.dll

e:\program files\SageThumbs\32\sqlite3.dll

e:\program files\SageThumbs\32\libgfl340.dll

e:\program files\SageThumbs\32\libgfle340.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2012-07-30 15:15:30

ComboFix-quarantined-files.txt 2012-07-30 22:15

ComboFix2.txt 2012-07-26 05:32

.

Pre-Run: 26,640,621,568 bytes free

Post-Run: 26,619,232,256 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer

.

- - End Of File - - FA54A8D3FE01A305981BE7C23C794EB3

15:17:24.0984 12708 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

15:17:26.0156 12708 ============================================================

15:17:26.0156 12708 Current date / time: 2012/07/30 15:17:26.0156

15:17:26.0156 12708 SystemInfo:

15:17:26.0156 12708

15:17:26.0156 12708 OS Version: 5.1.2600 ServicePack: 3.0

15:17:26.0156 12708 Product type: Workstation

15:17:26.0156 12708 ComputerName: DUFIS-D

15:17:26.0156 12708 UserName: Jim

15:17:26.0156 12708 Windows directory: C:\WINDOWS

15:17:26.0156 12708 System windows directory: C:\WINDOWS

15:17:26.0156 12708 Processor architecture: Intel x86

15:17:26.0156 12708 Number of processors: 2

15:17:26.0156 12708 Page size: 0x1000

15:17:26.0156 12708 Boot type: Normal boot

15:17:26.0156 12708 ============================================================

15:17:28.0281 12708 Drive \Device\Harddisk0\DR0 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

15:17:28.0296 12708 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

15:17:28.0500 12708 ============================================================

15:17:28.0500 12708 \Device\Harddisk0\DR0:

15:17:28.0500 12708 MBR partitions:

15:17:28.0500 12708 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x98A7FAD

15:17:28.0500 12708 \Device\Harddisk1\DR1:

15:17:28.0500 12708 MBR partitions:

15:17:28.0500 12708 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542

15:17:28.0500 12708 ============================================================

15:17:28.0531 12708 C: <-> \Device\Harddisk0\DR0\Partition0

15:17:28.0562 12708 E: <-> \Device\Harddisk1\DR1\Partition0

15:17:28.0562 12708 ============================================================

15:17:28.0562 12708 Initialize success

15:17:28.0562 12708 ============================================================

15:17:33.0296 8008 ============================================================

15:17:33.0296 8008 Scan started

15:17:33.0296 8008 Mode: Manual;

15:17:33.0296 8008 ============================================================

15:17:35.0281 8008 Abiosdsk - ok

15:17:35.0281 8008 abp480n5 - ok

15:17:35.0328 8008 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:17:35.0328 8008 ACPI - ok

15:17:35.0375 8008 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

15:17:35.0375 8008 ACPIEC - ok

15:17:35.0437 8008 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

15:17:35.0437 8008 AdobeFlashPlayerUpdateSvc - ok

15:17:35.0453 8008 adpu160m - ok

15:17:35.0468 8008 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

15:17:35.0468 8008 aec - ok

15:17:35.0500 8008 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

15:17:35.0500 8008 AFD - ok

15:17:35.0515 8008 Aha154x - ok

15:17:35.0515 8008 aic78u2 - ok

15:17:35.0515 8008 aic78xx - ok

15:17:35.0734 8008 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

15:17:35.0765 8008 ALCXWDM - ok

15:17:35.0859 8008 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

15:17:35.0859 8008 Alerter - ok

15:17:35.0890 8008 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

15:17:35.0890 8008 ALG - ok

15:17:35.0890 8008 AliIde - ok

15:17:35.0921 8008 Alpham (5c6b6686f14b6e9549e320f59fec1469) C:\WINDOWS\system32\DRIVERS\Alpham.sys

15:17:35.0921 8008 Alpham - ok

15:17:35.0937 8008 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

15:17:35.0937 8008 AmdK8 - ok

15:17:35.0953 8008 amsint - ok

15:17:36.0046 8008 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

15:17:36.0046 8008 Apple Mobile Device - ok

15:17:36.0093 8008 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

15:17:36.0093 8008 AppMgmt - ok

15:17:36.0125 8008 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

15:17:36.0125 8008 Arp1394 - ok

15:17:36.0171 8008 AsAudioDevice_349 (85ece26f326c2d07ba77a60343468272) C:\WINDOWS\system32\drivers\AsAudioDevice_349.sys

15:17:36.0171 8008 AsAudioDevice_349 - ok

15:17:36.0171 8008 asc - ok

15:17:36.0187 8008 asc3350p - ok

15:17:36.0187 8008 asc3550 - ok

15:17:36.0296 8008 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

15:17:36.0296 8008 aspnet_state - ok

15:17:36.0312 8008 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:17:36.0312 8008 AsyncMac - ok

15:17:36.0328 8008 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

15:17:36.0328 8008 atapi - ok

15:17:36.0343 8008 Atdisk - ok

15:17:36.0390 8008 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys

15:17:36.0390 8008 atksgt - ok

15:17:36.0406 8008 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:17:36.0406 8008 Atmarpc - ok

15:17:36.0437 8008 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

15:17:36.0437 8008 AudioSrv - ok

15:17:36.0453 8008 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

15:17:36.0453 8008 audstub - ok

15:17:36.0609 8008 avg9emc (aa054cd537357f03d5ba6aba7562b35f) C:\Program Files\AVG\AVG9\avgemc.exe

15:17:36.0609 8008 avg9emc - ok

15:17:36.0640 8008 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files\AVG\AVG9\avgwdsvc.exe

15:17:36.0640 8008 avg9wd - ok

15:17:36.0796 8008 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys

15:17:36.0796 8008 AvgLdx86 - ok

15:17:36.0812 8008 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\System32\Drivers\avgmfx86.sys

15:17:36.0812 8008 AvgMfx86 - ok

15:17:36.0859 8008 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\System32\Drivers\avgtdix.sys

15:17:36.0859 8008 AvgTdiX - ok

15:17:36.0937 8008 BCM43XX (2ee34b694d1ce077678662d7884f6c79) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

15:17:36.0953 8008 BCM43XX - ok

15:17:37.0015 8008 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

15:17:37.0015 8008 Beep - ok

15:17:37.0046 8008 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

15:17:37.0062 8008 BITS - ok

15:17:37.0187 8008 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

15:17:37.0187 8008 Bonjour Service - ok

15:17:37.0218 8008 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys

15:17:37.0218 8008 brfilt - ok

15:17:37.0250 8008 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

15:17:37.0250 8008 Browser - ok

15:17:37.0265 8008 brparimg (e05d9eda91c1b2c4c4f6f5a6d5b14b58) C:\WINDOWS\system32\DRIVERS\BrParImg.sys

15:17:37.0265 8008 brparimg - ok

15:17:37.0281 8008 BrParWdm (108d5c678411ac5b53d51756177d50a4) C:\WINDOWS\system32\Drivers\BrParwdm.sys

15:17:37.0281 8008 BrParWdm - ok

15:17:37.0296 8008 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys

15:17:37.0296 8008 BrSerWDM - ok

15:17:37.0406 8008 catchme - ok

15:17:37.0437 8008 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

15:17:37.0437 8008 cbidf2k - ok

15:17:37.0453 8008 cd20xrnt - ok

15:17:37.0453 8008 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

15:17:37.0453 8008 Cdaudio - ok

15:17:37.0484 8008 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

15:17:37.0500 8008 Cdfs - ok

15:17:37.0531 8008 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:17:37.0531 8008 Cdrom - ok

15:17:37.0531 8008 Changer - ok

15:17:37.0546 8008 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

15:17:37.0546 8008 cisvc - ok

15:17:37.0578 8008 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

15:17:37.0578 8008 ClipSrv - ok

15:17:37.0656 8008 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:17:37.0671 8008 clr_optimization_v2.0.50727_32 - ok

15:17:37.0781 8008 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:17:37.0781 8008 clr_optimization_v4.0.30319_32 - ok

15:17:37.0781 8008 CmdIde - ok

15:17:37.0796 8008 COMSysApp - ok

15:17:37.0796 8008 Cpqarray - ok

15:17:37.0843 8008 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

15:17:37.0843 8008 CryptSvc - ok

15:17:37.0843 8008 dac2w2k - ok

15:17:37.0843 8008 dac960nt - ok

15:17:37.0890 8008 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

15:17:37.0906 8008 DcomLaunch - ok

15:17:37.0921 8008 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

15:17:37.0921 8008 Dhcp - ok

15:17:37.0937 8008 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

15:17:37.0937 8008 Disk - ok

15:17:37.0937 8008 dmadmin - ok

15:17:37.0984 8008 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

15:17:37.0984 8008 dmboot - ok

15:17:38.0000 8008 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

15:17:38.0000 8008 dmio - ok

15:17:38.0031 8008 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

15:17:38.0031 8008 dmload - ok

15:17:38.0062 8008 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

15:17:38.0062 8008 dmserver - ok

15:17:38.0078 8008 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

15:17:38.0078 8008 DMusic - ok

15:17:38.0109 8008 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

15:17:38.0109 8008 Dnscache - ok

15:17:38.0140 8008 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

15:17:38.0156 8008 Dot3svc - ok

15:17:38.0156 8008 dpti2o - ok

15:17:38.0187 8008 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

15:17:38.0187 8008 drmkaud - ok

15:17:38.0218 8008 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

15:17:38.0218 8008 EapHost - ok

15:17:38.0250 8008 EAPPkt (efacd8d57a42a93e244a0dbd357e8cb8) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys

15:17:38.0250 8008 EAPPkt - ok

15:17:38.0250 8008 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

15:17:38.0250 8008 ERSvc - ok

15:17:38.0265 8008 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

15:17:38.0265 8008 Eventlog - ok

15:17:38.0296 8008 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll

15:17:38.0296 8008 EventSystem - ok

15:17:38.0312 8008 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

15:17:38.0312 8008 Fastfat - ok

15:17:38.0343 8008 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

15:17:38.0359 8008 FastUserSwitchingCompatibility - ok

15:17:38.0359 8008 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

15:17:38.0359 8008 Fdc - ok

15:17:38.0375 8008 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

15:17:38.0375 8008 Fips - ok

15:17:38.0484 8008 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

15:17:38.0484 8008 FLEXnet Licensing Service - ok

15:17:38.0531 8008 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

15:17:38.0531 8008 Flpydisk - ok

15:17:38.0562 8008 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

15:17:38.0562 8008 FltMgr - ok

15:17:38.0656 8008 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

15:17:38.0656 8008 FontCache3.0.0.0 - ok

15:17:38.0687 8008 FreshIO - ok

15:17:38.0734 8008 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:17:38.0734 8008 Fs_Rec - ok

15:17:38.0734 8008 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:17:38.0734 8008 Ftdisk - ok

15:17:38.0765 8008 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

15:17:38.0765 8008 GEARAspiWDM - ok

15:17:38.0765 8008 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:17:38.0781 8008 Gpc - ok

15:17:38.0781 8008 GTNDIS5 - ok

15:17:38.0859 8008 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

15:17:38.0859 8008 gupdate - ok

15:17:38.0859 8008 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe

15:17:38.0859 8008 gupdatem - ok

15:17:38.0921 8008 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

15:17:38.0921 8008 gusvc - ok

15:17:38.0968 8008 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys

15:17:38.0968 8008 hamachi - ok

15:17:39.0031 8008 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

15:17:39.0031 8008 helpsvc - ok

15:17:39.0062 8008 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

15:17:39.0062 8008 HidServ - ok

15:17:39.0078 8008 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:17:39.0078 8008 hidusb - ok

15:17:39.0109 8008 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

15:17:39.0109 8008 hkmsvc - ok

15:17:39.0109 8008 hpn - ok

15:17:39.0125 8008 hpt3xx - ok

15:17:39.0171 8008 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

15:17:39.0171 8008 HTTP - ok

15:17:39.0203 8008 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

15:17:39.0203 8008 HTTPFilter - ok

15:17:39.0203 8008 i2omgmt - ok

15:17:39.0218 8008 i2omp - ok

15:17:39.0250 8008 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:17:39.0250 8008 i8042prt - ok

15:17:39.0359 8008 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

15:17:39.0359 8008 IDriverT - ok

15:17:39.0484 8008 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:17:39.0484 8008 idsvc - ok

15:17:39.0531 8008 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

15:17:39.0531 8008 Imapi - ok

15:17:39.0593 8008 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

15:17:39.0593 8008 ImapiService - ok

15:17:39.0609 8008 ini910u - ok

15:17:39.0609 8008 IntelIde - ok

15:17:39.0640 8008 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

15:17:39.0640 8008 ip6fw - ok

15:17:39.0671 8008 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:17:39.0671 8008 IpFilterDriver - ok

15:17:39.0687 8008 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:17:39.0687 8008 IpInIp - ok

15:17:39.0718 8008 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:17:39.0718 8008 IpNat - ok

15:17:39.0828 8008 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe

15:17:39.0843 8008 iPod Service - ok

15:17:39.0859 8008 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:17:39.0859 8008 IPSec - ok

15:17:39.0875 8008 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

15:17:39.0875 8008 IRENUM - ok

15:17:39.0906 8008 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:17:39.0906 8008 isapnp - ok

15:17:39.0937 8008 ivusb (de96bbf842059a67d876b692076d8875) C:\WINDOWS\system32\DRIVERS\ivusb.sys

15:17:39.0937 8008 ivusb - ok

15:17:40.0015 8008 JavaQuickStarterService (4f2143570d2250ca4c4a4c98553c82cd) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

15:17:40.0015 8008 JavaQuickStarterService - ok

15:17:40.0015 8008 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:17:40.0015 8008 Kbdclass - ok

15:17:40.0031 8008 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

15:17:40.0031 8008 kbdhid - ok

15:17:40.0046 8008 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

15:17:40.0046 8008 kmixer - ok

15:17:40.0078 8008 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

15:17:40.0078 8008 KSecDD - ok

15:17:40.0125 8008 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

15:17:40.0125 8008 lanmanserver - ok

15:17:40.0156 8008 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

15:17:40.0156 8008 lanmanworkstation - ok

15:17:40.0156 8008 lbrtfdc - ok

15:17:40.0531 8008 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) E:\Program Files\LeapFrog Connect\CommandService.exe

15:17:40.0578 8008 LeapFrog Connect Device Service - ok

15:17:40.0609 8008 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys

15:17:40.0609 8008 lirsgt - ok

15:17:40.0609 8008 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

15:17:40.0625 8008 LmHosts - ok

15:17:40.0640 8008 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

15:17:40.0640 8008 Messenger - ok

15:17:40.0671 8008 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys

15:17:40.0671 8008 mf - ok

15:17:40.0718 8008 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

15:17:40.0718 8008 mnmdd - ok

15:17:40.0765 8008 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe

15:17:40.0765 8008 mnmsrvc - ok

15:17:40.0781 8008 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

15:17:40.0781 8008 Modem - ok

15:17:40.0812 8008 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys

15:17:40.0812 8008 motccgp - ok

15:17:40.0875 8008 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys

15:17:40.0875 8008 motccgpfl - ok

15:17:40.0921 8008 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys

15:17:40.0921 8008 motmodem - ok

15:17:40.0953 8008 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motport.sys

15:17:40.0953 8008 motport - ok

15:17:40.0984 8008 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:17:40.0984 8008 Mouclass - ok

15:17:41.0031 8008 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:17:41.0031 8008 mouhid - ok

15:17:41.0046 8008 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

15:17:41.0046 8008 MountMgr - ok

15:17:41.0156 8008 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

15:17:41.0156 8008 MozillaMaintenance - ok

15:17:41.0156 8008 mraid35x - ok

15:17:41.0187 8008 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:17:41.0187 8008 MRxDAV - ok

15:17:41.0218 8008 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:17:41.0234 8008 MRxSmb - ok

15:17:41.0265 8008 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe

15:17:41.0265 8008 MSDTC - ok

15:17:41.0296 8008 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

15:17:41.0296 8008 Msfs - ok

15:17:41.0296 8008 MSIServer - ok

15:17:41.0328 8008 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:17:41.0328 8008 MSKSSRV - ok

15:17:41.0343 8008 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:17:41.0343 8008 MSPCLOCK - ok

15:17:41.0343 8008 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

15:17:41.0359 8008 MSPQM - ok

15:17:41.0375 8008 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:17:41.0375 8008 mssmbios - ok

15:17:41.0421 8008 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

15:17:41.0421 8008 Mup - ok

15:17:41.0468 8008 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

15:17:41.0468 8008 napagent - ok

15:17:41.0484 8008 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

15:17:41.0484 8008 NDIS - ok

15:17:41.0515 8008 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:17:41.0515 8008 NdisTapi - ok

15:17:41.0515 8008 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:17:41.0515 8008 Ndisuio - ok

15:17:41.0531 8008 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:17:41.0531 8008 NdisWan - ok

15:17:41.0562 8008 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

15:17:41.0562 8008 NDProxy - ok

15:17:41.0578 8008 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

15:17:41.0578 8008 NetBIOS - ok

15:17:41.0593 8008 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

15:17:41.0593 8008 NetBT - ok

15:17:41.0625 8008 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

15:17:41.0625 8008 NetDDE - ok

15:17:41.0625 8008 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

15:17:41.0625 8008 NetDDEdsdm - ok

15:17:41.0656 8008 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:17:41.0656 8008 Netlogon - ok

15:17:41.0687 8008 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

15:17:41.0687 8008 Netman - ok

15:17:41.0796 8008 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:17:41.0796 8008 NetTcpPortSharing - ok

15:17:41.0828 8008 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

15:17:41.0828 8008 NIC1394 - ok

15:17:41.0859 8008 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

15:17:41.0875 8008 Nla - ok

15:17:41.0890 8008 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

15:17:41.0890 8008 Npfs - ok

15:17:41.0953 8008 npkcmsvc (b28873f1a04dffd29d03d6eb201f9e49) C:\Nexon\Mabinogi\npkcmsvc.exe

15:17:41.0953 8008 npkcmsvc - ok

15:17:41.0968 8008 npkcrypt - ok

15:17:41.0968 8008 npkcusb - ok

15:17:42.0031 8008 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

15:17:42.0031 8008 Ntfs - ok

15:17:42.0046 8008 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe

15:17:42.0046 8008 NtLmSsp - ok

15:17:42.0078 8008 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

15:17:42.0078 8008 NtmsSvc - ok

15:17:42.0125 8008 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

15:17:42.0125 8008 Null - ok

15:17:42.0687 8008 nv (7b5a17bd54bb9142843dbe99a1caaed8) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

15:17:42.0796 8008 nv - ok

15:17:42.0937 8008 NVSvc (5150b108ea88831e1c599603d8b89621) C:\WINDOWS\system32\nvsvc32.exe

15:17:42.0937 8008 NVSvc - ok

15:17:43.0046 8008 nvUpdatusService (83e8ab7bb3c8956c53fec071c94f0bbb) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

15:17:43.0062 8008 nvUpdatusService - ok

15:17:43.0140 8008 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:17:43.0140 8008 NwlnkFlt - ok

15:17:43.0156 8008 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:17:43.0156 8008 NwlnkFwd - ok

15:17:43.0187 8008 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

15:17:43.0187 8008 ohci1394 - ok

15:17:43.0218 8008 PalmUSBD (240c0d4049a833b16b63b636acf01672) C:\WINDOWS\system32\drivers\PalmUSBD.sys

15:17:43.0218 8008 PalmUSBD - ok

15:17:43.0250 8008 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

15:17:43.0250 8008 Parport - ok

15:17:43.0265 8008 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

15:17:43.0265 8008 PartMgr - ok

15:17:43.0312 8008 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

15:17:43.0312 8008 ParVdm - ok

15:17:43.0328 8008 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

15:17:43.0328 8008 PCI - ok

15:17:43.0328 8008 PCIDump - ok

15:17:43.0375 8008 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

15:17:43.0375 8008 PCIIde - ok

15:17:43.0406 8008 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

15:17:43.0406 8008 Pcmcia - ok

15:17:43.0406 8008 PDCOMP - ok

15:17:43.0421 8008 PDFRAME - ok

15:17:43.0421 8008 PDRELI - ok

15:17:43.0437 8008 PDRFRAME - ok

15:17:43.0437 8008 perc2 - ok

15:17:43.0437 8008 perc2hib - ok

15:17:43.0500 8008 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

15:17:43.0500 8008 PlugPlay - ok

15:17:43.0515 8008 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:17:43.0515 8008 PolicyAgent - ok

15:17:43.0531 8008 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:17:43.0531 8008 PptpMiniport - ok

15:17:43.0546 8008 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

15:17:43.0546 8008 Processor - ok

15:17:43.0546 8008 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:17:43.0546 8008 ProtectedStorage - ok

15:17:43.0562 8008 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

15:17:43.0562 8008 PSched - ok

15:17:43.0593 8008 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:17:43.0593 8008 Ptilink - ok

15:17:43.0625 8008 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

15:17:43.0625 8008 PxHelp20 - ok

15:17:43.0640 8008 ql1080 - ok

15:17:43.0640 8008 Ql10wnt - ok

15:17:43.0640 8008 ql12160 - ok

15:17:43.0656 8008 ql1240 - ok

15:17:43.0656 8008 ql1280 - ok

15:17:43.0703 8008 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:17:43.0703 8008 RasAcd - ok

15:17:43.0750 8008 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

15:17:43.0750 8008 RasAuto - ok

15:17:43.0750 8008 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:17:43.0750 8008 Rasl2tp - ok

15:17:43.0812 8008 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

15:17:43.0812 8008 RasMan - ok

15:17:43.0812 8008 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:17:43.0812 8008 RasPppoe - ok

15:17:43.0828 8008 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

15:17:43.0828 8008 Raspti - ok

15:17:43.0843 8008 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:17:43.0859 8008 Rdbss - ok

15:17:43.0859 8008 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:17:43.0859 8008 RDPCDD - ok

15:17:43.0875 8008 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

15:17:43.0875 8008 rdpdr - ok

15:17:43.0921 8008 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys

15:17:43.0921 8008 RDPWD - ok

15:17:43.0953 8008 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

15:17:43.0953 8008 RDSessMgr - ok

15:17:43.0984 8008 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

15:17:43.0984 8008 redbook - ok

15:17:44.0015 8008 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

15:17:44.0015 8008 RemoteAccess - ok

15:17:44.0046 8008 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

15:17:44.0046 8008 RemoteRegistry - ok

15:17:44.0140 8008 RichVideo (7728b6aedc83bc0defd0a53371d4613b) C:\Program Files\Cyberlink\Shared files\RichVideo.exe

15:17:44.0156 8008 RichVideo - ok

15:17:44.0203 8008 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe

15:17:44.0203 8008 RpcLocator - ok

15:17:44.0250 8008 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll

15:17:44.0250 8008 RpcSs - ok

15:17:44.0312 8008 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe

15:17:44.0312 8008 RSVP - ok

15:17:44.0359 8008 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

15:17:44.0359 8008 RTL8023xp - ok

15:17:44.0406 8008 RTLWUSB (691db86b09e13ca5d3e8881141738cc5) C:\WINDOWS\system32\DRIVERS\wg111v2.sys

15:17:44.0406 8008 RTLWUSB - ok

15:17:44.0421 8008 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:17:44.0421 8008 SamSs - ok

15:17:44.0453 8008 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys

15:17:44.0453 8008 sbp2port - ok

15:17:44.0484 8008 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

15:17:44.0484 8008 SCardSvr - ok

15:17:44.0515 8008 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

15:17:44.0515 8008 Schedule - ok

15:17:44.0531 8008 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:17:44.0531 8008 Secdrv - ok

15:17:44.0546 8008 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

15:17:44.0546 8008 seclogon - ok

15:17:44.0578 8008 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

15:17:44.0578 8008 SENS - ok

15:17:44.0593 8008 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

15:17:44.0593 8008 serenum - ok

15:17:44.0593 8008 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

15:17:44.0593 8008 Serial - ok

15:17:44.0656 8008 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

15:17:44.0656 8008 Sfloppy - ok

15:17:44.0687 8008 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

15:17:44.0687 8008 SharedAccess - ok

15:17:44.0750 8008 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

15:17:44.0750 8008 ShellHWDetection - ok

15:17:44.0765 8008 Simbad - ok

15:17:44.0796 8008 SjyPkt (3d7ef286e806f9bd9339aa52e28dcd67) C:\WINDOWS\System32\Drivers\SjyPkt.sys

15:17:44.0796 8008 SjyPkt - ok

15:17:45.0093 8008 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

15:17:45.0109 8008 Skype C2C Service - ok

15:17:45.0234 8008 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe

15:17:45.0234 8008 SkypeUpdate - ok

15:17:45.0343 8008 Sparrow - ok

15:17:45.0359 8008 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

15:17:45.0359 8008 splitter - ok

15:17:45.0390 8008 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

15:17:45.0390 8008 Spooler - ok

15:17:45.0437 8008 sptd (0022cfff1a41e5ce3a764050a7ddf22a) C:\WINDOWS\System32\Drivers\sptd.sys

15:17:45.0453 8008 sptd - ok

15:17:45.0453 8008 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

15:17:45.0453 8008 sr - ok

15:17:45.0484 8008 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

15:17:45.0484 8008 srservice - ok

15:17:45.0531 8008 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

15:17:45.0531 8008 Srv - ok

15:17:45.0562 8008 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

15:17:45.0562 8008 SSDPSRV - ok

15:17:45.0609 8008 Steam Client Service - ok

15:17:45.0640 8008 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

15:17:45.0640 8008 stisvc - ok

15:17:45.0656 8008 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

15:17:45.0656 8008 swenum - ok

15:17:45.0718 8008 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

15:17:45.0734 8008 SwitchBoard - ok

15:17:45.0750 8008 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

15:17:45.0750 8008 swmidi - ok

15:17:45.0750 8008 SwPrv - ok

15:17:45.0765 8008 symc810 - ok

15:17:45.0765 8008 symc8xx - ok

15:17:45.0765 8008 sym_hi - ok

15:17:45.0781 8008 sym_u3 - ok

15:17:45.0843 8008 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

15:17:45.0843 8008 sysaudio - ok

15:17:45.0875 8008 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

15:17:45.0875 8008 SysmonLog - ok

15:17:45.0906 8008 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

15:17:45.0906 8008 TapiSrv - ok

15:17:45.0953 8008 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:17:45.0953 8008 Tcpip - ok

15:17:46.0000 8008 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

15:17:46.0000 8008 TDPIPE - ok

15:17:46.0000 8008 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

15:17:46.0000 8008 TDTCP - ok

15:17:46.0031 8008 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

15:17:46.0031 8008 TermDD - ok

15:17:46.0062 8008 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

15:17:46.0062 8008 TermService - ok

15:17:46.0093 8008 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

15:17:46.0093 8008 Themes - ok

15:17:46.0125 8008 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe

15:17:46.0140 8008 TlntSvr - ok

15:17:46.0140 8008 TosIde - ok

15:17:46.0140 8008 tpcdrdrv - ok

15:17:46.0171 8008 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

15:17:46.0171 8008 TrkWks - ok

15:17:46.0187 8008 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

15:17:46.0187 8008 Udfs - ok

15:17:46.0187 8008 ultra - ok

15:17:46.0218 8008 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

15:17:46.0218 8008 Update - ok

15:17:46.0250 8008 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

15:17:46.0250 8008 upnphost - ok

15:17:46.0281 8008 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

15:17:46.0281 8008 UPS - ok

15:17:46.0312 8008 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys

15:17:46.0328 8008 USBAAPL - ok

15:17:46.0328 8008 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

15:17:46.0328 8008 usbaudio - ok

15:17:46.0343 8008 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

15:17:46.0343 8008 usbccgp - ok

15:17:46.0359 8008 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

15:17:46.0359 8008 usbehci - ok

15:17:46.0359 8008 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:17:46.0359 8008 usbhub - ok

15:17:46.0375 8008 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

15:17:46.0375 8008 usbohci - ok

15:17:46.0390 8008 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

15:17:46.0390 8008 usbscan - ok

15:17:46.0406 8008 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:17:46.0406 8008 USBSTOR - ok

15:17:46.0421 8008 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

15:17:46.0421 8008 VgaSave - ok

15:17:46.0421 8008 ViaIde - ok

15:17:46.0437 8008 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

15:17:46.0437 8008 VolSnap - ok

15:17:46.0468 8008 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

15:17:46.0484 8008 VSS - ok

15:17:46.0500 8008 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

15:17:46.0500 8008 W32Time - ok

15:17:46.0515 8008 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:17:46.0515 8008 Wanarp - ok

15:17:46.0562 8008 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

15:17:46.0562 8008 WDC_SAM - ok

15:17:46.0656 8008 WDDMService (bf847a3972cc6b5ce26e0ea742dd52d9) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

15:17:46.0656 8008 WDDMService - ok

15:17:46.0718 8008 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

15:17:46.0718 8008 Wdf01000 - ok

15:17:46.0812 8008 WDFME (b5966f1dff6e20576f3c8c2d93d129fd) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

15:17:46.0828 8008 WDFME - ok

15:17:46.0937 8008 WDICA - ok

15:17:46.0953 8008 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

15:17:46.0953 8008 wdmaud - ok

15:17:47.0000 8008 WDSC (92f0088ca18bb08bb596ef2608256f8a) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

15:17:47.0000 8008 WDSC - ok

15:17:47.0015 8008 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

15:17:47.0015 8008 WebClient - ok

15:17:47.0031 8008 WINFLASH - ok

15:17:47.0093 8008 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

15:17:47.0093 8008 winmgmt - ok

15:17:47.0140 8008 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

15:17:47.0140 8008 WmdmPmSN - ok

15:17:47.0203 8008 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

15:17:47.0203 8008 Wmi - ok

15:17:47.0234 8008 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe

15:17:47.0234 8008 WmiApSrv - ok

15:17:47.0343 8008 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

15:17:47.0359 8008 WMPNetworkSvc - ok

15:17:47.0406 8008 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

15:17:47.0406 8008 WpdUsb - ok

15:17:47.0531 8008 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

15:17:47.0546 8008 WPFFontCache_v0400 - ok

15:17:47.0578 8008 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

15:17:47.0578 8008 WS2IFSL - ok

15:17:47.0609 8008 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys

15:17:47.0609 8008 WsAudio_DeviceS(1) - ok

15:17:47.0625 8008 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys

15:17:47.0625 8008 WsAudio_DeviceS(2) - ok

15:17:47.0625 8008 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys

15:17:47.0625 8008 WsAudio_DeviceS(3) - ok

15:17:47.0640 8008 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys

15:17:47.0656 8008 WsAudio_DeviceS(4) - ok

15:17:47.0687 8008 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys

15:17:47.0687 8008 WsAudio_DeviceS(5) - ok

15:17:47.0734 8008 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

15:17:47.0734 8008 wscsvc - ok

15:17:47.0734 8008 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

15:17:47.0750 8008 wuauserv - ok

15:17:47.0765 8008 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

15:17:47.0765 8008 WudfPf - ok

15:17:47.0796 8008 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

15:17:47.0796 8008 WudfRd - ok

15:17:47.0812 8008 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

15:17:47.0812 8008 WudfSvc - ok

15:17:47.0875 8008 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

15:17:47.0875 8008 WZCSVC - ok

15:17:47.0921 8008 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

15:17:47.0921 8008 xmlprov - ok

15:17:47.0953 8008 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

15:17:48.0296 8008 \Device\Harddisk0\DR0 - ok

15:17:48.0328 8008 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1

15:17:51.0656 8008 \Device\Harddisk1\DR1 - ok

15:17:51.0656 8008 Boot (0x1200) (008fdcbe0d81be7095aa970d8aed2d0b) \Device\Harddisk0\DR0\Partition0

15:17:51.0656 8008 \Device\Harddisk0\DR0\Partition0 - ok

15:17:51.0656 8008 Boot (0x1200) (bf1b769e2afc4dc10a89f1ecd4f5379d) \Device\Harddisk1\DR1\Partition0

15:17:51.0656 8008 \Device\Harddisk1\DR1\Partition0 - ok

15:17:51.0671 8008 ============================================================

15:17:51.0671 8008 Scan finished

15:17:51.0671 8008 ============================================================

15:17:51.0671 7896 Detected object count: 0

15:17:51.0671 7896 Actual detected object count: 0

15:17:57.0484 6664 Deinitialize success

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=5d73789d4f46c748a4fbebaf3c228684

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-31 01:35:12

# local_time=2012-07-30 06:35:12 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777175 100 0 75448845 75448845 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=304728

# found=21

# cleaned=20

# scan_time=11186

C:\Documents and Settings\Jim\My Documents\Downloads\cnet2_rpc412_zip.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Jim\My Documents\Downloads\HotAndMean-Lizz_Tayler,_Missy_Martinez_&_Dani_Daniels_(What_It's_Like_To_Be_A_Lesbian).exe Win32/Adware.1ClickDownload.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\1ClickDownload\uninstall.exe Win32/Adware.1ClickDownload application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Netscape\Netscape Browser\chrome\m3ntstbr.jar Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{A3EE3C0C-BD20-4C89-8C87-AC00B2960B06}\RP2139\A0579819.exe probably a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{A3EE3C0C-BD20-4C89-8C87-AC00B2960B06}\RP2155\A0586104.exe Win32/Adware.1ClickDownload application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{A3EE3C0C-BD20-4C89-8C87-AC00B2960B06}\RP2155\A0586105.dll a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{A3EE3C0C-BD20-4C89-8C87-AC00B2960B06}\RP2155\A0586106.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{A3EE3C0C-BD20-4C89-8C87-AC00B2960B06}\RP2155\A0586107.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\26.07.2012_14.48.26\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\26.07.2012_14.48.26\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\26.07.2012_14.48.26\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\26.07.2012_14.48.26\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.NH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\26.07.2012_14.48.26\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\26.07.2012_14.48.26\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\26.07.2012_14.48.26\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

${Memory} Win32/Toolbar.Babylon application 00000000000000000000000000000000 I

Results of screen317's Security Check version 0.99.43

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AVG Anti-Virus Free

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

JavaFX 2.1.1

Java™ 6 Update 26

Java™ 7 Update 5

Java™ SE Runtime Environment 6 Update 1

Java™ 6 Update 2

Java™ 6 Update 3

Java™ 6 Update 5

Java™ SE Development Kit 7

Adobe Flash Player 11.3.300.268

Adobe Reader X (10.1.3)

Mozilla Firefox (14.0.1)

````````Process Check: objlist.exe by Laurent````````

AVG avgwdsvc.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 18% Defragment your hard drive soon!

````````````````````End of Log``````````````````````

Link to post
Share on other sites

  • Staff

Hi,

Looks like the infection is gone. :)

Still some things to do left.

Before we proceed, know that you antivirus (AVG 9.0) is incredibly outdated. I highly recommend uninstalling it and installing either AVG 2012 (link below), or another free antivirus (links below).

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

1ClickDownloader

ALOT Toolbar

Amazon Browser Bar

AVG Free 9.0

Babylon toolbar on IE

Google Toolbar for Internet Explorer

iLivid

Java 6 Update 2

Java 6 Update 26

Java 6 Update 3

Java 6 Update 5

Java 7 Update 5

Java SE Development Kit 7

Java SE Runtime Environment 6 Update 1

JavaFX 2.1.1

Jobs Toolbar

king.com (remove only)

Need2Find Bar

Netscape Browser (remove only)

RAR Password Cracker 4.12

Yontoo Layers Client 1.10.01

Restart your computer.

Get the latest version of Java.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

Microsoft Security Essentials (what I use)

AntiVir

avast!

AVG

Reboot.

Defragmenting is a must. It's one of the large reasons for system slowdowns. I use Defraggler to defragment. It is free to download and you can use it forever. I recommend installing it and defragmenting as soon as possible.

Reboot after.

Let me know what issues remain.

Link to post
Share on other sites

  • Staff

Hi,

What do they say when you try to remove them?

Please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

Link to post
Share on other sites

# AdwCleaner v1.800 - Logfile created 08/02/2012 at 15:01:23

# Updated 01/08/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Jim - DUFIS-D

# Running from : C:\Documents and Settings\Jim\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\Jim\Local Settings\Application Data\AVG Secure Search

Folder Found : C:\Documents and Settings\Jim\Local Settings\Application Data\Babylon

Folder Found : C:\Documents and Settings\Jim\Local Settings\Application Data\Conduit

Folder Found : C:\Documents and Settings\Jim\Local Settings\Application Data\Ilivid Player

Folder Found : C:\Documents and Settings\Jim\Local Settings\Application Data\MyPlayCity

Folder Found : C:\DOCUME~1\Jim\LOCALS~1\Temp\avg@toolbar

Folder Found : C:\Documents and Settings\Jim\Application Data\AVG Secure Search

Folder Found : C:\Documents and Settings\Jim\Application Data\Babylon

Folder Found : C:\Documents and Settings\Jim\Application Data\Bandoo

Folder Found : C:\Documents and Settings\Jim\Application Data\OpenCandy

Folder Found : C:\Documents and Settings\Jim\Application Data\searchquband

Folder Found : C:\Documents and Settings\Jim\Application Data\Searchqutoolbar

Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search

Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon

Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess

Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia

Folder Found : C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Ilivid

Folder Found : C:\Program Files\AVG Secure Search

Folder Found : C:\Program Files\Conduit

Folder Found : C:\Program Files\Windows iLivid Toolbar

Folder Found : C:\Program Files\Common Files\AVG Secure Search

File Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla Firefox\.autoreg

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Found : C:\Program Files\Uninstall.exe

***** [Registry] *****

[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2086743

[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2418376

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\DataMngr_Toolbar

Key Found : HKCU\Software\facemoods.com

Key Found : HKCU\Software\IGearSettings

Key Found : HKCU\Software\ilivid

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Bandoo

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\PriceGong

Key Found : HKCU\Software\MyPlayCity

Key Found : HKCU\Software\Need2Find

Key Found : HKCU\Software\searchqutoolbar

Key Found : HKCU\Software\Softonic

Key Found : HKCU\Software\SweetIm

Key Found : HKCU\Toolbar

Key Found : HKLM\SOFTWARE\AskBarDis

Key Found : HKLM\SOFTWARE\AVG Secure Search

Key Found : HKLM\SOFTWARE\Babylon

Key Found : HKLM\SOFTWARE\bandoo

Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Found : HKLM\SOFTWARE\Classes\b

Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore

Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1

Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr

Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1

Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr

Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1

Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr

Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1

Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1

Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc

Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1

Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl

Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1

Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore

Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1

Key Found : HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin

Key Found : HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin.1

Key Found : HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin

Key Found : HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin.1

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\S

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard

Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\SOFTWARE\Conduit

Key Found : HKLM\SOFTWARE\DT Soft

Key Found : HKLM\SOFTWARE\facemoods.com

Key Found : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif

Key Found : HKLM\SOFTWARE\Iminent

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\pricegong

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\Need2FindBar Uninstall

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKLM\SOFTWARE\MyPlayCity

Key Found : HKLM\SOFTWARE\Need2Find

Key Found : HKLM\SOFTWARE\SweetIM

Key Found : HKLM\SOFTWARE\Wise Solutions

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Found : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}

Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4D1C4E8B-A32A-416B-BCDB-33B3EF3617D3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{630D6140-04C5-4DB0-B27A-020D766FF09B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}

Key Found : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}

Key Found : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}

Key Found : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}

Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}

Key Found : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}

Key Found : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}

Key Found : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}

Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}

Key Found : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}

Key Found : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}

Key Found : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}

Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Found : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}

Key Found : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}

Key Found : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}

Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}

Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}

Key Found : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

Key Found : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}

Key Found : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}

Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA7406}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA7406}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?babsrc=HP_ss&affID=108844&mntrId=1b0529e00000000000000016ec2fa0b3

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={803F610C-07B4-45CB-AD26-F14CA3E7AB23}&mid=a086091b27f80fb33ccdd16c91ea11e6-06ce4fc639803a2e3563922518183d8e94088cb9〈=en&ds=AVG&pr=fr&d=2012-08-01 16:50:34&v=11.0.0.10&sap=nt

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default

File : C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1ig2pwy8.default\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users.WINDOWS\\Application [...]

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B7e5c4451-10d5-4563-90db-3dac62dc6f36%[...]

-\\ Google Chrome v [unable to get version]

File : C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found : "description": "The fastest way to search the web.",

Found : "explicit_host": [ "hxxp://igor.facemoods.com/*", "hxxp://reports.facemoods.com/*" ],

Found : "css": [ "style/facemoods_chrome_1.0.1.css" ],

Found : "name": "Facemoods",

Found : "permissions": [ "tabs", "hxxp://igor.facemoods.com/", "hxxp://reports.facemoods.com/[...]

Found : "update_url": "hxxp://facemoods.com/public/download/chrome/update.xml",

Found : "homepage": "hxxp://search.babylon.com/?babsrc=HP_ss&affID=108844&mntrId=1b0529e00000000000000016[...]

*************************

AdwCleaner[R1].txt - [22105 octets] - [02/08/2012 15:01:23]

########## EOF - C:\AdwCleaner[R1].txt - [22234 octets] ##########

Link to post
Share on other sites

  • Staff

Hi,

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

Link to post
Share on other sites

# AdwCleaner v1.800 - Logfile created 08/06/2012 at 10:48:20

# Updated 01/08/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Jim - DUFIS-D

# Running from : C:\Documents and Settings\Jim\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : vToolbarUpdater11.2.0

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Jim\Local Settings\Application Data\AVG Secure Search

Folder Deleted : C:\Documents and Settings\Jim\Local Settings\Application Data\Babylon

Folder Deleted : C:\Documents and Settings\Jim\Local Settings\Application Data\BitTorrentBar

Folder Deleted : C:\Documents and Settings\Jim\Local Settings\Application Data\Conduit

Folder Deleted : C:\Documents and Settings\Jim\Local Settings\Application Data\Ilivid Player

Folder Deleted : C:\Documents and Settings\Jim\Local Settings\Application Data\MyPlayCity

Folder Deleted : C:\DOCUME~1\Jim\LOCALS~1\Temp\avg@toolbar

Folder Deleted : C:\DOCUME~1\Jim\LOCALS~1\Temp\CT2790392

Folder Deleted : C:\Documents and Settings\Jim\Application Data\AVG Secure Search

Folder Deleted : C:\Documents and Settings\Jim\Application Data\Babylon

Folder Deleted : C:\Documents and Settings\Jim\Application Data\Bandoo

Folder Deleted : C:\Documents and Settings\Jim\Application Data\OpenCandy

Folder Deleted : C:\Documents and Settings\Jim\Application Data\searchquband

Folder Deleted : C:\Documents and Settings\Jim\Application Data\Searchqutoolbar

Folder Deleted : C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1ig2pwy8.default\CT2790392

Folder Deleted : C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1ig2pwy8.default\Smartbar

Folder Deleted : C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1ig2pwy8.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search

Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon

Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess

Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia

Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Ilivid

Folder Deleted : C:\Program Files\AVG Secure Search

Folder Deleted : C:\Program Files\BitTorrentBar

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\Windows iLivid Toolbar

Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

File Deleted : C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1ig2pwy8.default\searchplugins\Conduit.xml

File Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Mozilla Firefox\.autoreg

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Deleted : C:\Program Files\Uninstall.exe

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2086743

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2418376

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\BitTorrentBar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\facemoods.com

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\ilivid

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\Bandoo

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\PriceGong

Key Deleted : HKCU\Software\MyPlayCity

Key Deleted : HKCU\Software\Need2Find

Key Deleted : HKCU\Software\searchqutoolbar

Key Deleted : HKCU\Software\Smartbar

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\SweetIm

Key Deleted : HKCU\Toolbar

Key Deleted : HKLM\SOFTWARE\AskBarDis

Key Deleted : HKLM\SOFTWARE\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\bandoo

Key Deleted : HKLM\SOFTWARE\BitTorrentBar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\b

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl

Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1

Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin

Key Deleted : HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin.1

Key Deleted : HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin

Key Deleted : HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin.1

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard

Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\DT Soft

Key Deleted : HKLM\SOFTWARE\facemoods.com

Key Deleted : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif

Key Deleted : HKLM\SOFTWARE\Iminent

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\pricegong

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\Need2FindBar Uninstall

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\MyPlayCity

Key Deleted : HKLM\SOFTWARE\Need2Find

Key Deleted : HKLM\SOFTWARE\SweetIM

Key Deleted : HKLM\SOFTWARE\Wise Solutions

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4D1C4E8B-A32A-416B-BCDB-33B3EF3617D3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{630D6140-04C5-4DB0-B27A-020D766FF09B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F78B32D6-D6D8-4137-A18F-91EBE1A4AEDB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32804100-B238-45F4-B15E-C5A2F2F7400B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DA3D4F6-E52F-4A0A-895B-094EFD53EC13}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2FBFA93D-1AC1-4580-9DC7-A287283AE885}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA7406}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA7406}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{32804100-B238-45F4-B15E-C5A2F2F7400B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4D1C4E89-A32A-416B-BCDB-33B3EF3617D3}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392 --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={803F610C-07B4-45CB-AD26-F14CA3E7AB23}&mid=a086091b27f80fb33ccdd16c91ea11e6-06ce4fc639803a2e3563922518183d8e94088cb9〈=en&ds=AVG&pr=fr&d=2012-08-01 16:50:34&v=11.1.0.12&sap=nt --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default

File : C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1ig2pwy8.default\prefs.js

Deleted : user_pref("CT2790392.1000234.TWC_TMP_city", "LANCASTER");

Deleted : user_pref("CT2790392.1000234.TWC_TMP_country", "US");

Deleted : user_pref("CT2790392.1000234.TWC_locId", "ASXX0964");

Deleted : user_pref("CT2790392.1000234.TWC_location", "Lancaster, Australia");

Deleted : user_pref("CT2790392.1000234.TWC_region", "US");

Deleted : user_pref("CT2790392.1000234.TWC_temp_dis", "f");

Deleted : user_pref("CT2790392.1000234.TWC_wind_dis", "mph");

Deleted : user_pref("CT2790392.1000234.weatherData", "{\"icon\":\"44.png\",\"temperature\":\"59°F\",\"temperat[...]

Deleted : user_pref("CT2790392.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT2790392.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Deleted : user_pref("CT2790392.FirstTime", "true");

Deleted : user_pref("CT2790392.FirstTimeFF3", "true");

Deleted : user_pref("CT2790392.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT279[...]

Deleted : user_pref("CT2790392.UserID", "UN58445079210294646");

Deleted : user_pref("CT2790392.addressBarTakeOverEnabledInHidden", "true");

Deleted : user_pref("CT2790392.autoDisableScopes", -1);

Deleted : user_pref("CT2790392.browser.search.defaultthis.engineName", true);

Deleted : user_pref("CT2790392.cbcountry_001", "US");

Deleted : user_pref("CT2790392.cbfirsttime", "Thu Aug 02 2012 22:53:00 GMT-0700 (Pacific Daylight Time)");

Deleted : user_pref("CT2790392.embeddedsData", "[{\"appId\":\"129298377186388102\",\"apiPermissions\":{\"cross[...]

Deleted : user_pref("CT2790392.enableAlerts", "always");

Deleted : user_pref("CT2790392.enableSearchFromAddressBar", "true");

Deleted : user_pref("CT2790392.firstTimeDialogOpened", "true");

Deleted : user_pref("CT2790392.fixPageNotFoundError", "true");

Deleted : user_pref("CT2790392.fixPageNotFoundErrorInHidden", "true");

Deleted : user_pref("CT2790392.fixUrls", true);

Deleted : user_pref("CT2790392.installId", "fft929.tmp.exe");

Deleted : user_pref("CT2790392.installType", "XPE");

Deleted : user_pref("CT2790392.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT2790392.isNewTabEnabled", true);

Deleted : user_pref("CT2790392.isPerformedSmartBarTransition", "true");

Deleted : user_pref("CT2790392.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Deleted : user_pref("CT2790392.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Deleted : user_pref("CT2790392.keyword", true);

Deleted : user_pref("CT2790392.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.youtube.com%[...]

Deleted : user_pref("CT2790392.openThankYouPage", "true");

Deleted : user_pref("CT2790392.openUninstallPage", "FALSE");

Deleted : user_pref("CT2790392.scriptSource", "hxxp://127.0.0.1:10000/gui/");

Deleted : user_pref("CT2790392.search.searchAppId", "129298377186388102");

Deleted : user_pref("CT2790392.search.searchCount", "0");

Deleted : user_pref("CT2790392.searchInNewTabEnabledInHidden", "true");

Deleted : user_pref("CT2790392.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT2790392.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Deleted : user_pref("CT2790392.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]

Deleted : user_pref("CT2790392.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Deleted : user_pref("CT2790392.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT2790392.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT2790392.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Deleted : user_pref("CT2790392.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]

Deleted : user_pref("CT2790392.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1343973176525");

Deleted : user_pref("CT2790392.serviceLayer_services_appTracking_lastUpdate", "1343973179225");

Deleted : user_pref("CT2790392.serviceLayer_services_appsMetadata_lastUpdate", "1343973176203");

Deleted : user_pref("CT2790392.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1343973177382");

Deleted : user_pref("CT2790392.serviceLayer_services_login_10.10.20.14_lastUpdate", "1343973179074");

Deleted : user_pref("CT2790392.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1343973177697");

Deleted : user_pref("CT2790392.serviceLayer_services_searchAPI_lastUpdate", "1343973174750");

Deleted : user_pref("CT2790392.serviceLayer_services_serviceMap_lastUpdate", "1343973174096");

Deleted : user_pref("CT2790392.serviceLayer_services_toolbarContextMenu_lastUpdate", "1343973177447");

Deleted : user_pref("CT2790392.serviceLayer_services_toolbarSettings_lastUpdate", "1343973175020");

Deleted : user_pref("CT2790392.serviceLayer_services_translation_lastUpdate", "1343973176398");

Deleted : user_pref("CT2790392.settingsINI", true);

Deleted : user_pref("CT2790392.shouldFirstTimeDialog", "false");

Deleted : user_pref("CT2790392.smartbar.CTID", "CT2790392");

Deleted : user_pref("CT2790392.smartbar.Uninstall", "0");

Deleted : user_pref("CT2790392.smartbar.homepage", true);

Deleted : user_pref("CT2790392.smartbar.toolbarName", "BitTorrentBar ");

Deleted : user_pref("CT2790392.startPage", "TRUE");

Deleted : user_pref("CT2790392.toolbarBornServerTime", "3-8-2012");

Deleted : user_pref("CT2790392.toolbarCurrentServerTime", "3-8-2012");

Deleted : user_pref("CT2790392.toolbarDisabled", "true");

Deleted : user_pref("CT2790392.url_history0001", "hxxps://www.google.com:::clickhandler:::1343973525662,,,hxxp[...]

Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=1[...]

Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");

Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");

Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://isearch.avg.com/search?cid=%7B7e5c4451-10[...]

Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2790392");

Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users.WINDOWS\\Application [...]

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com?cid=%7B7e5c4451-10d5-4563-90db-3dac62d[...]

Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B7e5c4451-10d5-4563-90db-3dac62dc6f36%[...]

-\\ Google Chrome v [unable to get version]

File : C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted : "description": "The fastest way to search the web.",

Deleted : "explicit_host": [ "hxxp://igor.facemoods.com/*", "hxxp://reports.facemoods.com/*" ],

Deleted : "css": [ "style/facemoods_chrome_1.0.1.css" ],

Deleted : "name": "Facemoods",

Deleted : "permissions": [ "tabs", "hxxp://igor.facemoods.com/", "hxxp://reports.facemoods.com/[...]

Deleted : "update_url": "hxxp://facemoods.com/public/download/chrome/update.xml",

Deleted : "urls_to_restore_on_startup": [ "hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=48" ]

Deleted : "homepage": "hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=48",

*************************

AdwCleaner[R1].txt - [22236 octets] - [02/08/2012 15:01:23]

AdwCleaner[s1].txt - [31391 octets] - [06/08/2012 10:48:20]

########## EOF - C:\AdwCleaner[s1].txt - [31520 octets] ##########

Link to post
Share on other sites

  • Staff

Great!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.