Jump to content

Malwarebytes

Laptop crashes when trying to run scan

- - - - -
Started by Quinny, Jun 26 2012 05:19 PM


36 replies to this topic

#1
Quinny
Posted 26 June 2012 - 05:19 PM

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 104 posts
  • Gender:Male
  • Location:South Wales UK
  • Interests:Photography and nature,music and movies.
Merged post


Hi,I've tried to run a scan with malwarebytes,Avast and eset online scan and they all freeze and crash the laptop when they get to this file c:\boot\bcd.log1.
I then have to hold down the power button to shutdown,the same thing happens in safemode aswell.
Thanks in advance for any help. :(

My os is Windows Vista home premium 64bit.

#2
Maurice Naggar
Posted 28 June 2012 - 11:12 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,229 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
Hello,

You need to temporarily turn OFF your Avast before starting the online scan :excl:

Do the ESET online first, and post result for review:
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.
Using Internet Explorer browser only, go to ESET Online Scanner website:
http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;

  • Approve the install of the required ActiveX Control, then follow on-screen instructions;

  • Enable (check) the Remove found threats option, and run the scan.

  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.
    Look at contents of this file using Notepad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here
    http://go.eset.com/u...ine-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)

    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break Posted ImagePosted Image

Re-enable the antivirus program.

Reply with copy of the Eset scan log
~Maurice Naggar

I close my threads if there is 5 days without a response.

#3
Quinny
Posted 28 June 2012 - 01:30 PM

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 104 posts
  • Gender:Male
  • Location:South Wales UK
  • Interests:Photography and nature,music and movies.
Thanks for your reply.I tried to run eset online scan again,but like i said in my first post it freezes and crashes the laptop.
This time it got to11% and 18 files and froze at the file c:\boot\bootstat.dat i did try a second time and it froze at the same place
and crashed the laptop.

#4
Maurice Naggar
Posted 28 June 2012 - 02:05 PM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,229 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
Let's forget the ESET online. Do as much as you can of the following.

Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT by doing a Right-Click on it & select Run As Admisnistrator

4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
Show all files:
  • Click the Start button, and then click Computer.
  • On the Organize menu, click Folder and Search Options.
  • Click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders.
  • Click Apply > OK.
Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4
Turn OFF your AVAST so that it does not interfere.

Please follow my guidance. Ask if you have questions.

I am going to ask you to read very carefully. I am asking you to download to unique folder !!

Step 1. Close and save any open documents, and exit programs that you started.

Step 2. Download TDSSKiller.exe and SAVE it to a special folder
http://support.kaspe.&#46;&#46;/tdsskiller.exe
and be sure to SAVE it in this folder --> C:\Program Files\Malwarebytes' Anti-Malware\Chameleon


Step 3. Install the Chameleon driver by doing the following:
Press the Windows key + R and in the Run box, copy and paste the following command then press Enter. Copy All of the line from beginning to end {from the double-quote ...all the way to the last o ......ALL

"C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o

A black DOS prompt will appear with a prompt to press any key to continue, please do.

Step 4
Please read carefully and follow these steps.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.


  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image


  • If a suspicious file is detected, the default action will be Skip, click on Continue.


  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image


  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please Copy & Paste that log in reply.


Step 5
Re-enable your AVAST.

Download Security Check by screen317 and save it to your Desktop: here or here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
Posted Image If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

I also need for you to Copy & Paste the Checkup.txt log for review.
~Maurice Naggar

I close my threads if there is 5 days without a response.

#5
Quinny
Posted 28 June 2012 - 03:16 PM

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 104 posts
  • Gender:Male
  • Location:South Wales UK
  • Interests:Photography and nature,music and movies.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Wools at 2012-06-28 21:00:16
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 72 GB (32%) free of 224 GB
Total RAM: 4093 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:00:34, on 28/06/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
C:\Users\Wools\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Wools.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17162
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
R3 - URLSearchHook: AF-HSS Toolbar - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll
R3 - URLSearchHook: (no name) - {90eee664-34b1-422a-a782-779af65cdf6d} - (no file)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: (no name) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02464DDC-3187-11D8-8004-0020ED227566} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - (no file)
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: AF-HSS Toolbar - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll
O3 - Toolbar: AF-HSS Toolbar - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - !{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\WI9130~1\Datamngr\datamngr.dll C:\PROGRA~2\WI9130~1\Datamngr\IEBHO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BecHelperService - Unknown owner - C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12219 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FreeFileViewerUpdateChecker.job
C:\Windows\tasks\GlaryInitialize.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3560542134-3112040110-2959616142-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3560542134-3112040110-2959616142-1000UA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Wools\AppData\Roaming\Mozilla\Firefox\Profiles\m54eyri2.default
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
"fe_9.0@nokia.com"=C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
"{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53]
"Description"=RealPlayer™ LiveConnect-Enabled Plug-In
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53]
"Description"=RealNetworks™ RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53]
"Description"=RealPlayer™ HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53]
"Description"=RealPlayer Download Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
nppl3260.dll
nppl3260.xpt
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpplugin.dll
QuickTimePlugin.class
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
babylon.xml
bing.xml
eBay.xml
google.xml
Search_Results.xml
twitter.xml
wikipedia.xml
yahoo.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02464DDC-3187-11D8-8004-0020ED227566}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-05-30 425680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-10-18 3908192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-03-16 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-03-16 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0381dbd-e018-4e07-ae40-d96ab15083f0}]
AF-HSS Toolbar - C:\Program Files (x86)\AF-HSS\tbAF-H.dll [2010-10-18 3908192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{f0381dbd-e018-4e07-ae40-d96ab15083f0} - AF-HSS Toolbar - C:\Program Files (x86)\AF-HSS\tbAF-H.dll [2010-10-18 3908192]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-10-18 3908192]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]
!{99079a25-328f-4bd4-be04-00955acaa0a7}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]
"Conime"=C:\Windows\system32\conime.exe [2009-04-11 69120]
C:\Users\Wools\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\WI9130~1\Datamngr\datamngr.dll C:\PROGRA~2\WI9130~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutorun"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"BindDirectlyToPropertySetStorage"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.SCLS"=SCLS.dll
"VIDC.FFDS"=ff_vfw.dll
"vidc.yv12"=DivX.dll
"msacm.siren"=sirenacm.dll
"vidc.DIVX"=DivX.dll
======File associations======
.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-06-28 21:00:16 ----D---- C:\rsit
2012-06-28 21:00:16 ----D---- C:\Program Files (x86)\trend micro
2012-06-28 20:42:54 ----D---- C:\Windows\ERDNT
2012-06-28 20:41:06 ----D---- C:\Program Files (x86)\ERUNT
2012-06-28 18:34:24 ----D---- C:\Users\Wools\AppData\Roaming\Windows Live Writer
2012-06-27 20:20:29 ----D---- C:\Users\Wools\AppData\Roaming\dvdcss
2012-06-24 08:54:43 ----A---- C:\Windows\SysWOW64\wups.dll
2012-06-24 08:54:43 ----A---- C:\Windows\SysWOW64\wudriver.dll
2012-06-24 08:54:43 ----A---- C:\Windows\SysWOW64\wuapi.dll
2012-06-24 08:54:30 ----A---- C:\Windows\SysWOW64\wuwebv.dll
2012-06-24 08:54:30 ----A---- C:\Windows\SysWOW64\wuapp.exe
2012-06-23 15:52:12 ----D---- C:\Program Files (x86)\ESET
2012-06-22 18:22:26 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-22 17:47:35 ----D---- C:\Users\Wools\AppData\Roaming\Malwarebytes
2012-06-22 17:47:26 ----D---- C:\ProgramData\Malwarebytes
2012-06-22 17:47:25 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-22 15:51:19 ----SD---- C:\Windows\SysWOW64\Microsoft
2012-06-20 14:54:35 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-20 09:13:03 ----D---- C:\ProgramData\Mozilla
2012-06-16 19:50:27 ----D---- C:\Program Files (x86)\iTunes
2012-06-13 22:06:02 ----A---- C:\Windows\SysWOW64\url.dll
2012-06-13 22:06:02 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 22:06:01 ----A---- C:\Windows\SysWOW64\urlmon.dll
2012-06-13 22:06:01 ----A---- C:\Windows\SysWOW64\iertutil.dll
2012-06-13 22:06:00 ----A---- C:\Windows\SysWOW64\ieui.dll
2012-06-13 22:05:59 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2012-06-13 22:05:58 ----A---- C:\Windows\SysWOW64\wininet.dll
2012-06-13 22:05:57 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 22:05:57 ----A---- C:\Windows\SysWOW64\jscript9.dll
2012-06-13 22:05:57 ----A---- C:\Windows\SysWOW64\jscript.dll
2012-06-13 22:05:56 ----A---- C:\Windows\SysWOW64\mshtml.dll
2012-06-13 22:05:53 ----A---- C:\Windows\SysWOW64\ieframe.dll
2012-06-13 21:13:28 ----A---- C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 21:13:28 ----A---- C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 21:13:28 ----A---- C:\Windows\SysWOW64\crypt32.dll
2012-06-10 19:25:33 ----D---- C:\Program Files (x86)\Dropbox
2012-05-30 19:35:02 ----D---- C:\Program Files (x86)\Common Files\xing shared
======List of files/folders modified in the last 1 month======
2012-06-28 21:00:20 ----D---- C:\Windows\Temp
2012-06-28 21:00:16 ----RD---- C:\Program Files (x86)
2012-06-28 20:42:54 ----D---- C:\Windows
2012-06-28 20:16:03 ----D---- C:\Windows\System32
2012-06-28 20:16:03 ----D---- C:\Windows\inf
2012-06-28 20:07:04 ----RD---- C:\Program Files
2012-06-28 20:00:16 ----D---- C:\Windows\Prefetch
2012-06-28 19:59:30 ----D---- C:\ProgramData\Kodak
2012-06-28 18:02:18 ----D---- C:\Program Files (x86)\Vuze
2012-06-28 17:37:32 ----D---- C:\Users\Wools\AppData\Roaming\Dropbox
2012-06-27 20:46:46 ----D---- C:\Users\Wools\AppData\Roaming\Azureus
2012-06-27 20:44:04 ----D---- C:\Windows\Debug
2012-06-27 20:20:46 ----D---- C:\Users\Wools\AppData\Roaming\vlc
2012-06-26 18:24:40 ----D---- C:\Windows\rescache
2012-06-26 18:13:39 ----SHD---- C:\System Volume Information
2012-06-26 07:18:16 ----D---- C:\Windows\SysWOW64\en-US
2012-06-26 07:18:15 ----D---- C:\Windows\SysWOW64
2012-06-25 22:25:22 ----D---- C:\Windows\winsxs
2012-06-23 16:12:39 ----D---- C:\Program Files (x86)\Windows Searchqu Toolbar
2012-06-23 15:36:30 ----D---- C:\ProgramData\Norton
2012-06-23 15:27:12 ----SHD---- C:\Windows\Installer
2012-06-23 15:27:12 ----SD---- C:\Users\Wools\AppData\Roaming\Microsoft
2012-06-22 18:22:24 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-06-22 17:47:26 ----HD---- C:\ProgramData
2012-06-22 15:53:02 ----D---- C:\Windows\Tasks
2012-06-22 15:16:24 ----D---- C:\Users\Wools\AppData\Roaming\Skype
2012-06-22 15:16:17 ----D---- C:\Windows\ModemLogs
2012-06-22 15:16:16 ----D---- C:\Windows\Logs
2012-06-16 19:50:28 ----D---- C:\Program Files (x86)\Common Files\Apple
2012-06-14 19:36:01 ----D---- C:\Windows\Microsoft.NET
2012-06-14 19:11:46 ----RSD---- C:\Windows\assembly
2012-06-13 22:45:14 ----D---- C:\Windows\SysWOW64\migration
2012-06-13 22:45:14 ----D---- C:\Program Files (x86)\Internet Explorer
2012-05-30 19:35:12 ----D---- C:\Program Files (x86)\Real
2012-05-30 19:35:02 ----D---- C:\Program Files (x86)\Common Files
2012-05-30 19:34:47 ----A---- C:\Windows\SysWOW64\rmoc3260.dll
2012-05-30 19:34:26 ----A---- C:\Windows\SysWOW64\pndx5032.dll
2012-05-30 19:34:26 ----A---- C:\Windows\SysWOW64\pndx5016.dll
2012-05-30 19:34:22 ----A---- C:\Windows\SysWOW64\pncrt.dll
2012-05-30 19:34:11 ----A---- C:\Windows\SysWOW64\msvcr71.dll
2012-05-30 19:34:11 ----A---- C:\Windows\SysWOW64\msvcp71.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys []
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys []
R1 archlp;archlp; C:\Windows\system32\drivers\archlp.sys []
R1 aswRdr;aswRdr; C:\Windows\SysWOW64\drivers\aswRdr.sys []
R1 aswSnx;aswSnx; C:\Windows\SysWOW64\drivers\aswSnx.sys []
R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdpx64.sys []
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2010-12-01 125512]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV6.SYS []
R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL6.SYS []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
R3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETw3v64.sys []
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-06-12 1729152]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS []
R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys []
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []
S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys []
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 pwdrvio;pwdrvio; \??\C:\Windows\system32\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys []
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys []
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys []
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys []
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys []
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8; C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-05-24 55184]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]
R2 BecHelperService;BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-11-22 358936]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service; C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 McciCMService;McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [2011-03-23 319488]
R2 TVersityMediaServer;TVersity Media Server; C:\ProgramData\TVersity\Media Server\MediaServer.exe [2011-07-29 1249064]
R2 VideoAcceleratorService;VideoAcceleratorService; C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe [2012-03-20 313624]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 257224]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-02-17 867080]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-06-07 936848]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.09 2012-06-28 21:00:37
======Uninstall list======
-->C:\Program Files (x86)\MAGIX\Speed2_burnR_mxcdr\unwise.exe
3Connect-->"C:\Program Files (x86)\InstallShield Installation Information\{A899DA1F-D626-401C-8651-F2921E3B4CB3}\setup.exe" -runfromtemp -l0x0009 -removeonly /z"Uninstall"
Acer Crystal Eye webcam-->C:\Program Files (x86)\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly -u
Acoustica Effects Pack-->C:\PROGRA~2\ACOUST~2\UNWISE.EXE C:\PROGRA~2\ACOUST~2\INSTALL.LOG
Acronis Disk Director Suite-->MsiExec.exe /X{2300EE96-0A41-4FAB-BD03-989EC44577A0}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{FE23D063-934D-4829-A0D8-00634CE79B4A}
Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe -maintain activex
Adobe Photoshop Elements 8.0-->msiexec /i {17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}
Adobe Reader X (10.1.3)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
AF-HSS Toolbar-->C:\PROGRA~2\AF-HSS\UNWISE.EXE /U C:\PROGRA~2\AF-HSS\INSTALL.LOG
aioscnnr-->MsiExec.exe /X{376348C2-E372-48BC-A138-E896757BD86A}
aioscnnr-->MsiExec.exe /X{EF53BFAB-4C10-40DB-A82D-9B07111715C6}
AnyDVD-->"C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files (x86)\SlySoft\AnyDVD"
Apple Application Support-->MsiExec.exe /I{122ADF8C-DDA1-480C-9936-C88F2825B265}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
ArcSoft TotalMedia Theatre 3-->C:\Program Files (x86)\InstallShield Installation Information\{B5F47039-9B19-4AC3-9A4A-E1CA3068E59F}\setup.exe
ArcSoft TotalMedia Theatre 3-->C:\Program Files (x86)\InstallShield Installation Information\{B5F47039-9B19-4AC3-9A4A-E1CA3068E59F}\setup.exe -runfromtemp -l0x0409
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
AviSynth 2.5-->"C:\Program Files (x86)\AviSynth 2.5\Uninstall.exe"
C4USelfUpdater-->MsiExec.exe /I{48B41C3A-9A92-4B81-B653-C97FEB85C910}
Catalyst Control Center - Branding-->MsiExec.exe /I{01C08A7D-4CCD-41F8-B020-4B4BB8C08C68}
center-->MsiExec.exe /I{56BA241F-580C-43D2-8403-947241AAE633}
Conduit Engine-->C:\PROGRA~2\CONDUI~1\ConduitEngineUninstall.exe
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall
Driver Genius Professional Edition-->"C:\Program Files (x86)\Driver-Soft\DriverGenius\unins000.exe"
DVD Shrink 3.2-->"C:\Program Files (x86)\DVD Shrink\unins000.exe"
ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"
essentials-->MsiExec.exe /I{BE94C681-68E2-4561-8ABC-8D2E799168B4}
ffdshow v1.1.4225 [2012-01-05]-->"C:\Program Files (x86)\ffdshow\unins000.exe"
File Type Assistant-->"C:\Program Files (x86)\File Type Assistant\unins000.exe"
Firebird SQL Server - MAGIX Edition-->MsiExec.exe /X{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}
Free File Viewer 2011-->"C:\Program Files (x86)\FreeFileViewer\unins000.exe"
Free Mp3 Wma Converter V 2.2-->"C:\Program Files (x86)\Free mp3 Wma Converter\unins001.exe"
Glary Utilities Pro 2.31.0.1098-->"C:\Program Files (x86)\Glary Utilities\unins000.exe"
Gygan-->"C:\Program Files (x86)\Gygan BETA\unins000.exe"
Haali Media Splitter-->"C:\Program Files (x86)\Haali\MatroskaSplitter\uninstall.exe"
HandBrake 0.9.6-->C:\Program Files (x86)\Handbrake\uninst.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
ImgBurn-->"C:\Program Files (x86)\ImgBurn\uninstall.exe"
ImTOO DVD Ripper Ultimate-->C:\Program Files (x86)\ImTOO\DVD Ripper ultimate 5\Uninstall.exe
Java™ 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022F0}
Java™ 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
KODAK AiO Software-->C:\ProgramData\Kodak\Installer\Setup.exe /Web /x "{E0F274B7-592B-4669-8FB8-8D9825A09858}" CompanyName="Eastman Kodak Company" /code "1033"
Logitech Harmony Remote Software 7-->C:\Program Files (x86)\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x0009 -removeonly
MAGIX 3D Maker (embedded MSI)-->MsiExec.exe /X{5BE364B5-D787-414A-B948-DD972510E679}
MAGIX Screenshare-->MsiExec.exe /X{66854780-6E02-4125-9920-1C5414CC5983}
MAGIX Speed 2 (MSI)-->MsiExec.exe /X{5061491D-F30D-4A33-8D9F-721D9201D15D}
MAGIX Video Pro X2 Download Version-->"C:\Program Files (x86)\MAGIX\Video_Pro_X2\Video_Pro_X2_en-GB_setup.exe"
MAGIX Video Pro X2 Download Version-->MsiExec.exe /I{0AC4E3A1-1152-4674-8C64-E4B969421633}
Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Messenger Companion-->MsiExec.exe /I{50816F92-1652-4A7C-B9BC-48F682742C4B}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft_VC100_CRT_SP1_x86-->MsiExec.exe /I{E3B64CC5-C011-40C0-92BC-7316CD5E5688}
Mozilla Firefox 13.0.1 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSU Screen Capture Lossless Codec v1.2 (Remove Only)-->RunDLL32.exe advpack.dll,LaunchINFSection SCLS.INF, DefaultUnInstall
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{4AA68A73-DB9C-439D-9481-981C82BD008B}
Nokia Lifeblog 2.5-->MsiExec.exe /I{E94603CA-2996-4154-8EE2-A5FCD4BFB500}
Nokia Suite-->C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}\Installer.exe
Nokia Suite-->MsiExec.exe /X{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}
ocr-->MsiExec.exe /I{BFBCF96F-7361-486A-965C-54B17AC35421}
OpenOffice.org 3.3-->MsiExec.exe /I{82AF3E91-57E1-4754-84D0-40A46E2479AB}
PC Connectivity Solution-->MsiExec.exe /I{A2AA4204-C05A-4013-888A-AD153139297F}
PreReq-->MsiExec.exe /I{DA5BDB2A-12F0-4343-8351-21AAEB293990}
QuickTime-->MsiExec.exe /I{0E64B098-8018-4256-BA23-C316A43AD9B0}
RealNetworks - Microsoft Visual C++ 2005 Runtime-->MsiExec.exe /I{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}
RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
RealPlayer-->c:\program files (x86)\real\realplayer\Update\r1puninst.exe RealNetworks|RealPlayer|15.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
Remote Control USB Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
Safari-->MsiExec.exe /I{C779648B-410E-4BBA-B75B-5815BCEFE71D}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {480E8A87-3B8C-3ECE-8CEA-6B2349AE1C1F} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {897A5D64-963A-3C11-A176-F6766BD09D16} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client
Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
Skype™ 5.8-->MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}
TVersity Codec Pack 1.7-->C:\Program Files (x86)\TVersity Codec Pack\uninst.exe
TVersity Media Server 1.9.7-->C:\ProgramData\TVersity\Media Server\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}
Visual Studio 2008 x64 Redistributables-->MsiExec.exe /I{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}
VLC media player 2.0.1-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger Companion Core-->MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}
Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe
Xiph.Org Open Codecs 0.85.17777-->C:\Program Files (x86)\Xiph.Org\Open Codecs\uninst.exe
ZTE_1.2059.0.8-->C:\Program Files (x86)\ZTE_1.2059.0.8\ZTE_1.2059.0.8Uninstall.exe
======Security center information======
AS: Windows Defender
======System event log======
Computer Name: Wools-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001F3C2B07EB. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 136197
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20120107105528.000000-000
Event Type: Warning
User:
Computer Name: Wools-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001F3C2B07EB. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 136196
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20120107105528.000000-000
Event Type: Warning
User:
Computer Name: Wools-PC
Event Code: 225
Message: The application \Device\HarddiskVolume2\Windows\explorer.exe with process id 1568 stopped the removal or ejection for the device USB\VID_0420&PID_1307\110074973765.
Record Number: 136156
Source Name: Microsoft-Windows-Kernel-PnP
Time Written: 20120106161608.686886-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Wools-PC
Event Code: 4
Message: Broadcom NetLink ™ Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.
Record Number: 135976
Source Name: b57nd60a
Time Written: 20120106100847.513334-000
Event Type: Warning
User:
Computer Name: Wools-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.
Record Number: 135966
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20120105132447.166876-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: Wools-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
3 user registry handles leaked from \Registry\User\S-1-5-21-3560542134-3112040110-2959616142-1000:
Process 3496 (\Device\HarddiskVolume2\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000
Process 3580 (\Device\HarddiskVolume2\PROGRA~2\SPEEDB~1\VideoAcceleratorEngine.exe) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000
Process 3580 (\Device\HarddiskVolume2\PROGRA~2\SPEEDB~1\VideoAcceleratorEngine.exe) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000
Record Number: 95900
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110831225133.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Wools-PC
Event Code: 1036
Message: InitializePrintProvider failed for provider win32spl.dll. This can occur because of system instability or a lack of system resources.
Record Number: 95877
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20110831221702.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Wools-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
16 user registry handles leaked from \Registry\User\S-1-5-21-3560542134-3112040110-2959616142-1000:
Process 3600 (\Device\HarddiskVolume2\PROGRA~2\SPEEDB~1\VideoAcceleratorEngine.exe) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000
Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000
Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000
Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000
Process 3508 (\Device\HarddiskVolume2\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000
Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\My
Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\CA
Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Policies\Microsoft\SystemCertificates
Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Policies\Microsoft\SystemCertificates
Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Policies\Microsoft\SystemCertificates
Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\Root
Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 3600 (\Device\HarddiskVolume2\PROGRA~2\SPEEDB~1\VideoAcceleratorEngine.exe) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000
Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\trust
Record Number: 95864
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110831191651.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Wools-PC
Event Code: 1036
Message: InitializePrintProvider failed for provider win32spl.dll. This can occur because of system instability or a lack of system resources.
Record Number: 95837
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20110831183028.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Wools-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
18 user registry handles leaked from \Registry\User\S-1-5-21-3560542134-3112040110-2959616142-1000:
Process 3616 (\Device\HarddiskVolume2\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000
Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000
Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000
Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000
Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000
Process 9156 (\Device\HarddiskVolume2\PROGRA~2\SPEEDB~1\VideoAcceleratorEngine.exe) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000
Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\My
Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\CA
Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Policies\Microsoft\SystemCertificates
Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Policies\Microsoft\SystemCertificates
Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Policies\Microsoft\SystemCertificates
Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Policies\Microsoft\SystemCertificates
Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\Root
Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 9156 (\Device\HarddiskVolume2\PROGRA~2\SPEEDB~1\VideoAcceleratorEngine.exe) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000
Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\trust
Record Number: 95827
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110831104303.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
=====Security event log=====
Computer Name: Wools-PC
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x3c84c
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 20573
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110809124955.804222-000
Event Type: Audit Success
User:
Computer Name: Wools-PC
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 20572
Source Name: Microsoft-Windows-Eventlog
Time Written: 20110809124955.320622-000
Event Type: Audit Success
User:
Computer Name: Wools-PC
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 20571
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110809124952.840222-000
Event Type: Audit Success
User:
Computer Name: Wools-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: WOOLS-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 5
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x2ec
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 20570
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110809124952.840222-000
Event Type: Audit Success
User:
Computer Name: Wools-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.
Subject:
Security ID: S-1-5-18
Account Name: WOOLS-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: localhost
Additional Information: localhost
Process Information:
Process ID: 0x2ec
Process Name: C:\Windows\System32\services.exe
Network Information:
Network Address: -
Port: -
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 20569
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110809124952.840222-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\PC Connectivity Solution\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\winseqfe\release\Windows6.0\lh_sp2rtm\6002.18005.090410-1830\amd64fre\symbols.pri\TraceFormat
"DFSTRACINGON"=FALSE
"asl.log"=Destination=file
"KDS_LANGUAGE"=13
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------

#6
Quinny
Posted 28 June 2012 - 03:55 PM

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 104 posts
  • Gender:Male
  • Location:South Wales UK
  • Interests:Photography and nature,music and movies.
When i hit enter after pasting this command "C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o
i get this alert Posted Image

#7
Quinny
Posted 28 June 2012 - 03:59 PM

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 104 posts
  • Gender:Male
  • Location:South Wales UK
  • Interests:Photography and nature,music and movies.
Please note malwarebytes is not in program files but is in program files (86).But i did alter command to (86)
but the same alert came up.

#8
Maurice Naggar
Posted 28 June 2012 - 09:36 PM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,229 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
My bad on the location of MalwareBytes MBAM :(

Please follow my guidance. Ask if you have questions.

I am going to ask you to read very carefully. I am asking you to download to unique folder !!

Step 1. Close and save any open documents, and exit programs that you started.

Step 2. Download TDSSKiller.exe and SAVE it to a special folder
>> download from here<<

and be sure to SAVE it in this folder --> C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon :excl:


Step 3. Install the Chameleon driver by doing the following:
Press the Windows key + R and in the Run box, copy and paste the following command then press Enter. Copy All of the line from beginning to end {from the double-quote ...all the way to the last o ......ALL

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o

A black DOS prompt will appear with a prompt to press any key to continue, please do.

Step 4
Please read carefully and follow these steps.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.


  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image


  • If a suspicious file is detected, the default action will be Skip, click on Continue.


  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image


  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please Copy & Paste that log in reply.


Step 5
Re-enable your AVAST.

Download Security Check by screen317 and save it to your Desktop: here or here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
Posted Image If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

I also need for you to Copy & Paste the Checkup.txt log for review.
~Maurice Naggar

I close my threads if there is 5 days without a response.

#9
Quinny
Posted 29 June 2012 - 03:43 AM

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 104 posts
  • Gender:Male
  • Location:South Wales UK
  • Interests:Photography and nature,music and movies.
From your new instructions i managed to get the dos screen to show,i then clicked any key and it said "done" then prompted me to press any key again then the dos screen disappeared.
So i opened up chameleon and ran TDSSKiller.exe from there(hope thats right)
TDSSKiller reports "no threats found".Here's the logfile.
09:28:56.0309 4960 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
09:28:56.0590 4960 ============================================================
09:28:56.0590 4960 Current date / time: 2012/06/29 09:28:56.0590
09:28:56.0605 4960 SystemInfo:
09:28:56.0605 4960
09:28:56.0605 4960 OS Version: 6.0.6002 ServicePack: 2.0
09:28:56.0605 4960 Product type: Workstation
09:28:56.0605 4960 ComputerName: WOOLS-PC
09:28:56.0605 4960 UserName: Wools
09:28:56.0605 4960 Windows directory: C:\Windows
09:28:56.0605 4960 System windows directory: C:\Windows
09:28:56.0605 4960 Running under WOW64
09:28:56.0605 4960 Processor architecture: Intel x64
09:28:56.0605 4960 Number of processors: 2
09:28:56.0605 4960 Page size: 0x1000
09:28:56.0605 4960 Boot type: Normal boot
09:28:56.0605 4960 ============================================================
09:28:57.0167 4960 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:28:57.0167 4960 ============================================================
09:28:57.0167 4960 \Device\Harddisk0\DR0:
09:28:57.0167 4960 MBR partitions:
09:28:57.0167 4960 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x157B000, BlocksNum 0x1B5C4000
09:28:57.0167 4960 ============================================================
09:28:57.0198 4960 C: <-> \Device\Harddisk0\DR0\Partition0
09:28:57.0198 4960 ============================================================
09:28:57.0198 4960 Initialize success
09:28:57.0198 4960 ============================================================
09:29:27.0197 4564 ============================================================
09:29:27.0197 4564 Scan started
09:29:27.0197 4564 Mode: Manual;
09:29:27.0197 4564 ============================================================
09:29:27.0665 4564 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
09:29:27.0680 4564 ACPI - ok
09:29:27.0946 4564 AcronisOSSReinstallSvc (e2769e2699af88ca3c57289a8a32ed19) C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
09:29:27.0961 4564 AcronisOSSReinstallSvc - ok
09:29:28.0039 4564 AdobeActiveFileMonitor8.0 (34400005de52842c4d6d4ee978b4d7ce) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
09:29:28.0039 4564 AdobeActiveFileMonitor8.0 - ok
09:29:28.0133 4564 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:29:28.0133 4564 AdobeARMservice - ok
09:29:28.0304 4564 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:29:28.0320 4564 AdobeFlashPlayerUpdateSvc - ok
09:29:28.0460 4564 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
09:29:28.0476 4564 adp94xx - ok
09:29:28.0538 4564 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
09:29:28.0554 4564 adpahci - ok
09:29:28.0585 4564 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
09:29:28.0601 4564 adpu160m - ok
09:29:28.0648 4564 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
09:29:28.0663 4564 adpu320 - ok
09:29:28.0710 4564 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
09:29:28.0710 4564 AeLookupSvc - ok
09:29:28.0772 4564 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
09:29:28.0804 4564 AFD - ok
09:29:28.0835 4564 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
09:29:28.0835 4564 agp440 - ok
09:29:28.0866 4564 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
09:29:28.0866 4564 aic78xx - ok
09:29:28.0897 4564 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
09:29:28.0897 4564 ALG - ok
09:29:28.0913 4564 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
09:29:28.0913 4564 aliide - ok
09:29:28.0944 4564 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
09:29:28.0944 4564 amdide - ok
09:29:28.0960 4564 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
09:29:28.0960 4564 AmdK8 - ok
09:29:29.0006 4564 AnyDVD (821e7e501226ee344fdb0f40ee46109d) C:\Windows\system32\Drivers\AnyDVD.sys
09:29:29.0022 4564 AnyDVD - ok
09:29:29.0053 4564 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
09:29:29.0069 4564 Appinfo - ok
09:29:29.0194 4564 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:29:29.0194 4564 Apple Mobile Device - ok
09:29:29.0225 4564 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
09:29:29.0225 4564 arc - ok
09:29:29.0272 4564 archlp (f97c3aaf0699e0b85df1a02de8aae333) C:\Windows\system32\drivers\archlp.sys
09:29:29.0287 4564 archlp - ok
09:29:29.0318 4564 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
09:29:29.0334 4564 arcsas - ok
09:29:29.0381 4564 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
09:29:29.0381 4564 aswFsBlk - ok
09:29:29.0459 4564 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
09:29:29.0459 4564 aswMonFlt - ok
09:29:29.0506 4564 aswRdr (ee1e8fea9d6dfe066aba3a8ea455a1f2) C:\Windows\system32\drivers\aswRdr.sys
09:29:29.0506 4564 aswRdr - ok
09:29:29.0615 4564 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
09:29:29.0630 4564 aswSnx - ok
09:29:29.0677 4564 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
09:29:29.0693 4564 aswSP - ok
09:29:29.0708 4564 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
09:29:29.0708 4564 aswTdi - ok
09:29:29.0740 4564 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
09:29:29.0755 4564 AsyncMac - ok
09:29:29.0771 4564 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
09:29:29.0771 4564 atapi - ok
09:29:29.0896 4564 Ati External Event Utility (4c972c5bf89ce87cdc06edbf655e11b1) C:\Windows\system32\Ati2evxx.exe
09:29:29.0927 4564 Ati External Event Utility - ok
09:29:30.0426 4564 atikmdag (418dc1a36586eed9af4bc60e3c6f2ea7) C:\Windows\system32\DRIVERS\atikmdag.sys
09:29:30.0520 4564 atikmdag - ok
09:29:30.0676 4564 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
09:29:30.0722 4564 AudioEndpointBuilder - ok
09:29:30.0722 4564 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
09:29:30.0738 4564 AudioSrv - ok
09:29:30.0816 4564 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:29:30.0832 4564 avast! Antivirus - ok
09:29:30.0894 4564 b57nd60a (1777e5ac9fc74f7991b2aba25ea34759) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:29:30.0910 4564 b57nd60a - ok
09:29:31.0175 4564 BecHelperService (553e94ae71d233c14a8c8b4af9286ed0) C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
09:29:31.0190 4564 BecHelperService - ok
09:29:31.0346 4564 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
09:29:31.0362 4564 BFE - ok
09:29:31.0518 4564 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
09:29:31.0549 4564 BITS - ok
09:29:31.0612 4564 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
09:29:31.0612 4564 blbdrive - ok
09:29:31.0721 4564 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
09:29:31.0736 4564 Bonjour Service - ok
09:29:31.0783 4564 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
09:29:31.0799 4564 bowser - ok
09:29:31.0814 4564 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
09:29:31.0830 4564 BrFiltLo - ok
09:29:31.0846 4564 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
09:29:31.0846 4564 BrFiltUp - ok
09:29:31.0877 4564 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
09:29:31.0892 4564 Browser - ok
09:29:31.0924 4564 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
09:29:31.0939 4564 Brserid - ok
09:29:31.0955 4564 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
09:29:31.0970 4564 BrSerWdm - ok
09:29:31.0986 4564 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
09:29:31.0986 4564 BrUsbMdm - ok
09:29:32.0002 4564 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
09:29:32.0002 4564 BrUsbSer - ok
09:29:32.0033 4564 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
09:29:32.0048 4564 BTHMODEM - ok
09:29:32.0064 4564 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
09:29:32.0080 4564 cdfs - ok
09:29:32.0111 4564 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
09:29:32.0111 4564 cdrom - ok
09:29:32.0142 4564 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
09:29:32.0142 4564 CertPropSvc - ok
09:29:32.0158 4564 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
09:29:32.0173 4564 circlass - ok
09:29:32.0251 4564 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
09:29:32.0267 4564 CLFS - ok
09:29:32.0329 4564 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:29:32.0329 4564 clr_optimization_v2.0.50727_32 - ok
09:29:32.0376 4564 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:29:32.0392 4564 clr_optimization_v2.0.50727_64 - ok
09:29:32.0454 4564 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:29:32.0470 4564 clr_optimization_v4.0.30319_32 - ok
09:29:32.0516 4564 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:29:32.0516 4564 clr_optimization_v4.0.30319_64 - ok
09:29:32.0548 4564 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
09:29:32.0548 4564 CmBatt - ok
09:29:32.0579 4564 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
09:29:32.0579 4564 cmdide - ok
09:29:32.0610 4564 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
09:29:32.0610 4564 Compbatt - ok
09:29:32.0626 4564 COMSysApp - ok
09:29:32.0626 4564 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
09:29:32.0626 4564 crcdisk - ok
09:29:32.0719 4564 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
09:29:32.0719 4564 CryptSvc - ok
09:29:32.0844 4564 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
09:29:32.0860 4564 DcomLaunch - ok
09:29:32.0922 4564 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
09:29:32.0938 4564 DfsC - ok
09:29:33.0390 4564 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
09:29:33.0499 4564 DFSR - ok
09:29:33.0640 4564 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
09:29:33.0671 4564 Dhcp - ok
09:29:33.0718 4564 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
09:29:33.0718 4564 disk - ok
09:29:33.0764 4564 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
09:29:33.0780 4564 Dnscache - ok
09:29:33.0827 4564 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
09:29:33.0842 4564 dot3svc - ok
09:29:33.0889 4564 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
09:29:33.0905 4564 DPS - ok
09:29:33.0936 4564 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
09:29:33.0936 4564 drmkaud - ok
09:29:34.0076 4564 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
09:29:34.0108 4564 DXGKrnl - ok
09:29:34.0139 4564 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
09:29:34.0154 4564 E1G60 - ok
09:29:34.0201 4564 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
09:29:34.0201 4564 EapHost - ok
09:29:34.0232 4564 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
09:29:34.0248 4564 Ecache - ok
09:29:34.0357 4564 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
09:29:34.0404 4564 ehRecvr - ok
09:29:34.0435 4564 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
09:29:34.0451 4564 ehSched - ok
09:29:34.0498 4564 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
09:29:34.0498 4564 ehstart - ok
09:29:34.0529 4564 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
09:29:34.0529 4564 ElbyCDIO - ok
09:29:34.0576 4564 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
09:29:34.0638 4564 elxstor - ok
09:29:34.0716 4564 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
09:29:34.0732 4564 EMDMgmt - ok
09:29:34.0778 4564 ErrDev (c2d322c84530db37d3e8e1c7e011bf16) C:\Windows\system32\drivers\errdev.sys
09:29:34.0778 4564 ErrDev - ok
09:29:34.0841 4564 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
09:29:34.0841 4564 EventSystem - ok
09:29:34.0872 4564 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
09:29:34.0888 4564 exfat - ok
09:29:34.0950 4564 Fabs - ok
09:29:34.0997 4564 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
09:29:34.0997 4564 fastfat - ok
09:29:35.0028 4564 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
09:29:35.0028 4564 fdc - ok
09:29:35.0044 4564 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
09:29:35.0044 4564 fdPHost - ok
09:29:35.0059 4564 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
09:29:35.0059 4564 FDResPub - ok
09:29:35.0075 4564 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
09:29:35.0075 4564 FileInfo - ok
09:29:35.0106 4564 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
09:29:35.0106 4564 Filetrace - ok
09:29:35.0340 4564 FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
09:29:35.0371 4564 FirebirdServerMAGIXInstance - ok
09:29:35.0512 4564 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:29:35.0527 4564 FLEXnet Licensing Service - ok
09:29:35.0636 4564 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
09:29:35.0652 4564 flpydisk - ok
09:29:35.0683 4564 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
09:29:35.0699 4564 FltMgr - ok
09:29:35.0839 4564 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
09:29:35.0886 4564 FontCache - ok
09:29:35.0964 4564 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:29:35.0964 4564 FontCache3.0.0.0 - ok
09:29:36.0026 4564 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
09:29:36.0042 4564 fssfltr - ok
09:29:36.0229 4564 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
09:29:36.0245 4564 fsssvc - ok
09:29:36.0354 4564 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
09:29:36.0354 4564 Fs_Rec - ok
09:29:36.0401 4564 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
09:29:36.0401 4564 gagp30kx - ok
09:29:36.0448 4564 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:29:36.0448 4564 GEARAspiWDM - ok
09:29:36.0541 4564 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
09:29:36.0557 4564 gpsvc - ok
09:29:36.0604 4564 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
09:29:36.0619 4564 HdAudAddService - ok
09:29:36.0697 4564 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:29:36.0728 4564 HDAudBus - ok
09:29:36.0744 4564 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
09:29:36.0760 4564 HidBth - ok
09:29:36.0775 4564 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
09:29:36.0775 4564 HidIr - ok
09:29:36.0838 4564 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
09:29:36.0838 4564 hidserv - ok
09:29:36.0853 4564 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
09:29:36.0853 4564 HidUsb - ok
09:29:36.0900 4564 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
09:29:36.0900 4564 hkmsvc - ok
09:29:36.0916 4564 HpCISSs (a27e8af2caac5e2693e6d4e2fce9b54f) C:\Windows\system32\drivers\hpcisss.sys
09:29:36.0931 4564 HpCISSs - ok
09:29:36.0978 4564 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
09:29:36.0994 4564 HSFHWAZL - ok
09:29:37.0134 4564 HSF_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
09:29:37.0165 4564 HSF_DPV - ok
09:29:37.0337 4564 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
09:29:37.0352 4564 HTTP - ok
09:29:37.0384 4564 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
09:29:37.0384 4564 i2omp - ok
09:29:37.0399 4564 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
09:29:37.0415 4564 i8042prt - ok
09:29:37.0493 4564 IAANTMON (681ef6e0cc7bbaa0c09acabeb91f669e) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
09:29:37.0524 4564 IAANTMON - ok
09:29:37.0571 4564 iaStor (16a4671255cfb842225f0fdb6dbdb414) C:\Windows\system32\DRIVERS\iaStor.sys
09:29:37.0586 4564 iaStor - ok
09:29:37.0618 4564 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
09:29:37.0633 4564 iaStorV - ok
09:29:37.0789 4564 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:29:37.0789 4564 idsvc - ok
09:29:37.0836 4564 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
09:29:37.0836 4564 iirsp - ok
09:29:37.0914 4564 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
09:29:37.0945 4564 IKEEXT - ok
09:29:38.0117 4564 IntcAzAudAddService (f1a17d24959b942ca290ee976a0e2175) C:\Windows\system32\drivers\RTKVHD64.sys
09:29:38.0164 4564 IntcAzAudAddService - ok
09:29:38.0179 4564 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
09:29:38.0179 4564 intelide - ok
09:29:38.0195 4564 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
09:29:38.0210 4564 intelppm - ok
09:29:38.0226 4564 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
09:29:38.0242 4564 IPBusEnum - ok
09:29:38.0273 4564 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:29:38.0273 4564 IpFilterDriver - ok
09:29:38.0335 4564 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
09:29:38.0351 4564 iphlpsvc - ok
09:29:38.0366 4564 IpInIp - ok
09:29:38.0382 4564 IPMIDRV (e41dd7038db14ae9d35b47b10bdce58a) C:\Windows\system32\drivers\ipmidrv.sys
09:29:38.0398 4564 IPMIDRV - ok
09:29:38.0429 4564 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
09:29:38.0444 4564 IPNAT - ok
09:29:38.0647 4564 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
09:29:38.0663 4564 iPod Service - ok
09:29:38.0678 4564 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
09:29:38.0678 4564 IRENUM - ok
09:29:38.0694 4564 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
09:29:38.0710 4564 isapnp - ok
09:29:38.0741 4564 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
09:29:38.0741 4564 iScsiPrt - ok
09:29:38.0772 4564 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
09:29:38.0772 4564 iteatapi - ok
09:29:38.0803 4564 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
09:29:38.0803 4564 iteraid - ok
09:29:38.0819 4564 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
09:29:38.0819 4564 kbdclass - ok
09:29:38.0850 4564 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
09:29:38.0850 4564 kbdhid - ok
09:29:38.0866 4564 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
09:29:38.0881 4564 KeyIso - ok
09:29:39.0022 4564 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
09:29:39.0022 4564 Kodak AiO Network Discovery Service - ok
09:29:39.0115 4564 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
09:29:39.0146 4564 KSecDD - ok
09:29:39.0162 4564 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
09:29:39.0162 4564 ksthunk - ok
09:29:39.0224 4564 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
09:29:39.0256 4564 KtmRm - ok
09:29:39.0302 4564 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
09:29:39.0334 4564 LanmanServer - ok
09:29:39.0380 4564 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
09:29:39.0396 4564 LanmanWorkstation - ok
09:29:39.0427 4564 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
09:29:39.0427 4564 lltdio - ok
09:29:39.0521 4564 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
09:29:39.0536 4564 lltdsvc - ok
09:29:39.0583 4564 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
09:29:39.0583 4564 lmhosts - ok
09:29:39.0614 4564 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
09:29:39.0630 4564 LSI_FC - ok
09:29:39.0677 4564 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
09:29:39.0677 4564 LSI_SAS - ok
09:29:39.0724 4564 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
09:29:39.0739 4564 LSI_SCSI - ok
09:29:39.0770 4564 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
09:29:39.0786 4564 luafv - ok
09:29:39.0817 4564 massfilter (23488767cb18fc3ff39e3af1db3fb02c) C:\Windows\system32\drivers\massfilter.sys
09:29:39.0817 4564 massfilter - ok
09:29:39.0880 4564 mbamchameleon (08aa34bc5f95f4fdd58dd7528a9c63cc) C:\Windows\system32\drivers\mbamchameleon.sys
09:29:39.0880 4564 mbamchameleon - ok
09:29:39.0942 4564 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
09:29:39.0942 4564 MBAMProtector - ok
09:29:40.0082 4564 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:29:40.0082 4564 MBAMService - ok
09:29:40.0176 4564 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
09:29:40.0176 4564 McciCMService - ok
09:29:40.0207 4564 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
09:29:40.0223 4564 Mcx2Svc - ok
09:29:40.0270 4564 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
09:29:40.0270 4564 megasas - ok
09:29:40.0332 4564 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
09:29:40.0348 4564 MegaSR - ok
09:29:40.0394 4564 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
09:29:40.0410 4564 MMCSS - ok
09:29:40.0426 4564 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
09:29:40.0426 4564 Modem - ok
09:29:40.0457 4564 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
09:29:40.0457 4564 monitor - ok
09:29:40.0472 4564 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
09:29:40.0472 4564 mouclass - ok
09:29:40.0488 4564 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
09:29:40.0488 4564 mouhid - ok
09:29:40.0519 4564 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
09:29:40.0519 4564 MountMgr - ok
09:29:40.0582 4564 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:29:40.0582 4564 MozillaMaintenance - ok
09:29:40.0628 4564 mpio (cbb01a298cb24d250017cea54884bba8) C:\Windows\system32\drivers\mpio.sys
09:29:40.0628 4564 mpio - ok
09:29:40.0660 4564 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
09:29:40.0675 4564 mpsdrv - ok
09:29:40.0769 4564 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
09:29:40.0800 4564 MpsSvc - ok
09:29:40.0816 4564 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
09:29:40.0816 4564 Mraid35x - ok
09:29:40.0847 4564 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
09:29:40.0878 4564 MRxDAV - ok
09:29:40.0956 4564 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:29:40.0956 4564 mrxsmb - ok
09:29:41.0034 4564 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:29:41.0034 4564 mrxsmb10 - ok
09:29:41.0065 4564 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:29:41.0081 4564 mrxsmb20 - ok
09:29:41.0096 4564 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
09:29:41.0096 4564 msahci - ok
09:29:41.0128 4564 msdsm (0db324146494d45417905b7009858937) C:\Windows\system32\drivers\msdsm.sys
09:29:41.0143 4564 msdsm - ok
09:29:41.0190 4564 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
09:29:41.0206 4564 MSDTC - ok
09:29:41.0252 4564 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
09:29:41.0252 4564 Msfs - ok
09:29:41.0268 4564 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
09:29:41.0268 4564 msisadrv - ok
09:29:41.0315 4564 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
09:29:41.0330 4564 MSiSCSI - ok
09:29:41.0330 4564 msiserver - ok
09:29:41.0362 4564 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
09:29:41.0362 4564 MSKSSRV - ok
09:29:41.0393 4564 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
09:29:41.0393 4564 MSPCLOCK - ok
09:29:41.0408 4564 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
09:29:41.0424 4564 MSPQM - ok
09:29:41.0486 4564 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
09:29:41.0502 4564 MsRPC - ok
09:29:41.0518 4564 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
09:29:41.0518 4564 mssmbios - ok
09:29:41.0533 4564 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
09:29:41.0549 4564 MSTEE - ok
09:29:41.0564 4564 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
09:29:41.0564 4564 Mup - ok
09:29:41.0611 4564 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
09:29:41.0642 4564 napagent - ok
09:29:41.0689 4564 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
09:29:41.0705 4564 NativeWifiP - ok
09:29:41.0814 4564 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
09:29:41.0830 4564 NDIS - ok
09:29:41.0861 4564 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
09:29:41.0861 4564 NdisTapi - ok
09:29:41.0892 4564 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
09:29:41.0892 4564 Ndisuio - ok
09:29:41.0923 4564 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
09:29:41.0954 4564 NdisWan - ok
09:29:41.0970 4564 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
09:29:41.0970 4564 NDProxy - ok
09:29:42.0001 4564 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
09:29:42.0001 4564 NetBIOS - ok
09:29:42.0048 4564 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
09:29:42.0064 4564 netbt - ok
09:29:42.0095 4564 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
09:29:42.0095 4564 Netlogon - ok
09:29:42.0173 4564 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
09:29:42.0188 4564 Netman - ok
09:29:42.0251 4564 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
09:29:42.0266 4564 netprofm - ok
09:29:42.0344 4564 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:29:42.0360 4564 NetTcpPortSharing - ok
09:29:42.0750 4564 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
09:29:42.0844 4564 NETw3v64 - ok
09:29:43.0000 4564 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
09:29:43.0000 4564 nfrd960 - ok
09:29:43.0062 4564 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
09:29:43.0078 4564 NlaSvc - ok
09:29:43.0140 4564 nmwcd (5fe6f8c05f0769bbb74afac11453b182) C:\Windows\system32\drivers\ccdcmbx64.sys
09:29:43.0140 4564 nmwcd - ok
09:29:43.0171 4564 nmwcdc (73c929945c0850b8d1fe2fea05fdf05d) C:\Windows\system32\drivers\ccdcmbox64.sys
09:29:43.0171 4564 nmwcdc - ok
09:29:43.0202 4564 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
09:29:43.0202 4564 Npfs - ok
09:29:43.0234 4564 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
09:29:43.0234 4564 nsi - ok
09:29:43.0280 4564 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
09:29:43.0296 4564 nsiproxy - ok
09:29:43.0483 4564 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
09:29:43.0530 4564 Ntfs - ok
09:29:43.0655 4564 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
09:29:43.0655 4564 Null - ok
09:29:43.0702 4564 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
09:29:43.0702 4564 nvraid - ok
09:29:43.0733 4564 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
09:29:43.0733 4564 nvstor - ok
09:29:43.0764 4564 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
09:29:43.0780 4564 nv_agp - ok
09:29:43.0795 4564 NwlnkFlt - ok
09:29:43.0795 4564 NwlnkFwd - ok
09:29:43.0842 4564 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
09:29:43.0842 4564 ohci1394 - ok
09:29:43.0998 4564 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
09:29:44.0029 4564 p2pimsvc - ok
09:29:44.0045 4564 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
09:29:44.0060 4564 p2psvc - ok
09:29:44.0092 4564 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
09:29:44.0107 4564 Parport - ok
09:29:44.0170 4564 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
09:29:44.0185 4564 partmgr - ok
09:29:44.0201 4564 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
09:29:44.0216 4564 PcaSvc - ok
09:29:44.0263 4564 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
09:29:44.0263 4564 pccsmcfd - ok
09:29:44.0310 4564 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
09:29:44.0310 4564 pci - ok
09:29:44.0341 4564 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
09:29:44.0341 4564 pciide - ok
09:29:44.0388 4564 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
09:29:44.0404 4564 pcmcia - ok
09:29:44.0497 4564 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
09:29:44.0528 4564 PEAUTH - ok
09:29:44.0638 4564 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
09:29:44.0653 4564 PerfHost - ok
09:29:44.0856 4564 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
09:29:44.0918 4564 pla - ok
09:29:44.0981 4564 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
09:29:44.0996 4564 PlugPlay - ok
09:29:45.0121 4564 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
09:29:45.0137 4564 PNRPAutoReg - ok
09:29:45.0168 4564 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
09:29:45.0184 4564 PNRPsvc - ok
09:29:45.0262 4564 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
09:29:45.0277 4564 PolicyAgent - ok
09:29:45.0355 4564 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
09:29:45.0371 4564 PptpMiniport - ok
09:29:45.0402 4564 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
09:29:45.0402 4564 Processor - ok
09:29:45.0480 4564 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
09:29:45.0496 4564 ProfSvc - ok
09:29:45.0527 4564 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
09:29:45.0527 4564 ProtectedStorage - ok
09:29:45.0558 4564 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
09:29:45.0574 4564 PSched - ok
09:29:45.0589 4564 pwdrvio (41ad0fcf47275a9bc70fa1b56bfd3e23) C:\Windows\system32\pwdrvio.sys
09:29:45.0605 4564 pwdrvio - ok
09:29:45.0652 4564 pwdspio (19cf17076f2524af6746b528584aa3c9) C:\Windows\system32\pwdspio.sys
09:29:45.0652 4564 pwdspio - ok
09:29:45.0698 4564 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
09:29:45.0698 4564 PxHlpa64 - ok
09:29:45.0854 4564 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
09:29:45.0886 4564 ql2300 - ok
09:29:45.0948 4564 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
09:29:45.0995 4564 ql40xx - ok
09:29:46.0042 4564 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
09:29:46.0073 4564 QWAVE - ok
09:29:46.0088 4564 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
09:29:46.0104 4564 QWAVEdrv - ok
09:29:46.0120 4564 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
09:29:46.0120 4564 RasAcd - ok
09:29:46.0135 4564 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
09:29:46.0151 4564 RasAuto - ok
09:29:46.0182 4564 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:29:46.0198 4564 Rasl2tp - ok
09:29:46.0260 4564 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
09:29:46.0276 4564 RasMan - ok
09:29:46.0291 4564 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
09:29:46.0291 4564 RasPppoe - ok
09:29:46.0307 4564 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
09:29:46.0322 4564 RasSstp - ok
09:29:46.0354 4564 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
09:29:46.0369 4564 rdbss - ok
09:29:46.0400 4564 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:29:46.0400 4564 RDPCDD - ok
09:29:46.0478 4564 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\drivers\rdpdr.sys
09:29:46.0494 4564 rdpdr - ok
09:29:46.0510 4564 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
09:29:46.0510 4564 RDPENCDD - ok
09:29:46.0603 4564 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
09:29:46.0619 4564 RDPWD - ok
09:29:46.0650 4564 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
09:29:46.0666 4564 RemoteAccess - ok
09:29:46.0697 4564 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
09:29:46.0712 4564 RemoteRegistry - ok
09:29:46.0759 4564 rismxdp (2a43f9e6dbde12bc0c104785c3b3f5df) C:\Windows\system32\DRIVERS\rixdpx64.sys
09:29:46.0759 4564 rismxdp - ok
09:29:46.0775 4564 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
09:29:46.0790 4564 RpcLocator - ok
09:29:46.0884 4564 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
09:29:46.0900 4564 RpcSs - ok
09:29:46.0946 4564 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
09:29:46.0962 4564 rspndr - ok
09:29:46.0993 4564 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
09:29:46.0993 4564 SamSs - ok
09:29:47.0040 4564 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
09:29:47.0040 4564 sbp2port - ok
09:29:47.0087 4564 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
09:29:47.0102 4564 SCardSvr - ok
09:29:47.0243 4564 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
09:29:47.0274 4564 Schedule - ok
09:29:47.0321 4564 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
09:29:47.0321 4564 SCPolicySvc - ok
09:29:47.0352 4564 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
09:29:47.0368 4564 sdbus - ok
09:29:47.0399 4564 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
09:29:47.0414 4564 SDRSVC - ok
09:29:47.0446 4564 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:29:47.0446 4564 secdrv - ok
09:29:47.0461 4564 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
09:29:47.0492 4564 seclogon - ok
09:29:47.0524 4564 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
09:29:47.0524 4564 SENS - ok
09:29:47.0555 4564 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
09:29:47.0570 4564 Serenum - ok
09:29:47.0586 4564 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
09:29:47.0602 4564 Serial - ok
09:29:47.0633 4564 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
09:29:47.0633 4564 sermouse - ok
09:29:47.0820 4564 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
09:29:47.0836 4564 ServiceLayer - ok
09:29:47.0882 4564 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
09:29:47.0898 4564 SessionEnv - ok
09:29:47.0914 4564 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
09:29:47.0914 4564 sffdisk - ok
09:29:47.0945 4564 sffp_mmc (dbbd3fd8af718966af768a754e07e8c0) C:\Windows\system32\drivers\sffp_mmc.sys
09:29:47.0945 4564 sffp_mmc - ok
09:29:47.0976 4564 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:29:47.0976 4564 sffp_sd - ok
09:29:47.0992 4564 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
09:29:47.0992 4564 sfloppy - ok
09:29:48.0085 4564 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
09:29:48.0116 4564 SharedAccess - ok
09:29:48.0226 4564 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
09:29:48.0241 4564 ShellHWDetection - ok
09:29:48.0288 4564 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
09:29:48.0304 4564 SiSRaid2 - ok
09:29:48.0319 4564 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
09:29:48.0350 4564 SiSRaid4 - ok
09:29:48.0444 4564 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
09:29:48.0460 4564 SkypeUpdate - ok
09:29:48.0803 4564 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
09:29:48.0881 4564 slsvc - ok
09:29:49.0084 4564 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
09:29:49.0099 4564 SLUINotify - ok
09:29:49.0162 4564 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
09:29:49.0177 4564 Smb - ok
09:29:49.0240 4564 snapman (b84440e7554fc85e900eef0a7aaba228) C:\Windows\system32\DRIVERS\snapman.sys
09:29:49.0255 4564 snapman - ok
09:29:49.0271 4564 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
09:29:49.0286 4564 SNMPTRAP - ok
09:29:49.0505 4564 SNP2UVC (ac4ef2990921fed4189d1ffdef7feaf1) C:\Windows\system32\DRIVERS\snp2uvc.sys
09:29:49.0552 4564 SNP2UVC - ok
09:29:49.0708 4564 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
09:29:49.0723 4564 spldr - ok
09:29:49.0770 4564 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
09:29:49.0786 4564 Spooler - ok
09:29:49.0879 4564 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
09:29:49.0895 4564 srv - ok
09:29:49.0942 4564 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
09:29:49.0973 4564 srv2 - ok
09:29:50.0020 4564 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
09:29:50.0035 4564 srvnet - ok
09:29:50.0113 4564 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
09:29:50.0129 4564 SSDPSRV - ok
09:29:50.0160 4564 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
09:29:50.0176 4564 SstpSvc - ok
09:29:50.0269 4564 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
09:29:50.0300 4564 stisvc - ok
09:29:50.0316 4564 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
09:29:50.0332 4564 swenum - ok
09:29:50.0394 4564 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
09:29:50.0425 4564 swprv - ok
09:29:50.0456 4564 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
09:29:50.0456 4564 Symc8xx - ok
09:29:50.0488 4564 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
09:29:50.0488 4564 Sym_hi - ok
09:29:50.0503 4564 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
09:29:50.0519 4564 Sym_u3 - ok
09:29:50.0628 4564 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
09:29:50.0675 4564 SysMain - ok
09:29:50.0690 4564 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
09:29:50.0706 4564 TabletInputService - ok
09:29:50.0753 4564 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
09:29:50.0753 4564 taphss - ok
09:29:50.0800 4564 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
09:29:50.0831 4564 TapiSrv - ok
09:29:50.0878 4564 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
09:29:50.0893 4564 TBS - ok
09:29:51.0096 4564 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
09:29:51.0158 4564 Tcpip - ok
09:29:51.0190 4564 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
09:29:51.0205 4564 Tcpip6 - ok
09:29:51.0252 4564 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
09:29:51.0252 4564 tcpipreg - ok
09:29:51.0283 4564 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
09:29:51.0283 4564 TDPIPE - ok
09:29:51.0314 4564 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
09:29:51.0314 4564 TDTCP - ok
09:29:51.0361 4564 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
09:29:51.0377 4564 tdx - ok
09:29:51.0392 4564 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
09:29:51.0392 4564 TermDD - ok
09:29:51.0470 4564 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
09:29:51.0502 4564 TermService - ok
09:29:51.0580 4564 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
09:29:51.0595 4564 Themes - ok
09:29:51.0642 4564 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
09:29:51.0642 4564 THREADORDER - ok
09:29:51.0689 4564 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
09:29:51.0704 4564 TrkWks - ok
09:29:51.0767 4564 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
09:29:51.0767 4564 TrustedInstaller - ok
09:29:51.0798 4564 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:29:51.0798 4564 tssecsrv - ok
09:29:51.0845 4564 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
09:29:51.0845 4564 tunmp - ok
09:29:51.0876 4564 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
09:29:51.0876 4564 tunnel - ok
09:29:52.0094 4564 TVersityMediaServer (06bccb3bf0d06adccc4ebc8ef682dd59) C:\ProgramData\TVersity\Media Server\MediaServer.exe
09:29:52.0110 4564 TVersityMediaServer - ok
09:29:52.0141 4564 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
09:29:52.0141 4564 uagp35 - ok
09:29:52.0204 4564 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
09:29:52.0219 4564 udfs - ok
09:29:52.0266 4564 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
09:29:52.0282 4564 UI0Detect - ok
09:29:52.0313 4564 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
09:29:52.0328 4564 uliagpkx - ok
09:29:52.0375 4564 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
09:29:52.0391 4564 uliahci - ok
09:29:52.0422 4564 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
09:29:52.0438 4564 UlSata - ok
09:29:52.0469 4564 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
09:29:52.0500 4564 ulsata2 - ok
09:29:52.0516 4564 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
09:29:52.0531 4564 umbus - ok
09:29:52.0578 4564 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
09:29:52.0609 4564 upnphost - ok
09:29:52.0640 4564 upperdev (34afb83c7bba370e404e52cc2290350c) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
09:29:52.0640 4564 upperdev - ok
09:29:52.0718 4564 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
09:29:52.0718 4564 USBAAPL64 - ok
09:29:52.0765 4564 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
09:29:52.0781 4564 usbccgp - ok
09:29:52.0812 4564 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
09:29:52.0828 4564 usbcir - ok
09:29:52.0859 4564 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
09:29:52.0859 4564 usbehci - ok
09:29:52.0906 4564 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
09:29:52.0937 4564 usbhub - ok
09:29:52.0952 4564 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
09:29:52.0952 4564 usbohci - ok
09:29:52.0984 4564 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
09:29:52.0999 4564 usbprint - ok
09:29:53.0030 4564 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
09:29:53.0030 4564 usbscan - ok
09:29:53.0062 4564 usbser (f7386007fb19e7685fc7b298560aa81f) C:\Windows\system32\drivers\usbser.sys
09:29:53.0062 4564 usbser - ok
09:29:53.0093 4564 UsbserFilt (aa75e1efbee7186b4cbaaacf1f15e6ca) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
09:29:53.0108 4564 UsbserFilt - ok
09:29:53.0140 4564 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:29:53.0155 4564 USBSTOR - ok
09:29:53.0171 4564 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
09:29:53.0171 4564 usbuhci - ok
09:29:53.0233 4564 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
09:29:53.0249 4564 usbvideo - ok
09:29:53.0296 4564 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
09:29:53.0311 4564 UxSms - ok
09:29:53.0389 4564 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
09:29:53.0420 4564 vds - ok
09:29:53.0436 4564 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
09:29:53.0436 4564 vga - ok
09:29:53.0467 4564 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
09:29:53.0467 4564 VgaSave - ok
09:29:53.0498 4564 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
09:29:53.0498 4564 viaide - ok
09:29:53.0561 4564 VideoAcceleratorService - ok
09:29:53.0576 4564 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
09:29:53.0576 4564 volmgr - ok
09:29:53.0639 4564 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
09:29:53.0670 4564 volmgrx - ok
09:29:53.0717 4564 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
09:29:53.0717 4564 volsnap - ok
09:29:53.0764 4564 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
09:29:53.0764 4564 vsmraid - ok
09:29:53.0951 4564 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
09:29:53.0998 4564 VSS - ok
09:29:54.0060 4564 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
09:29:54.0107 4564 W32Time - ok
09:29:54.0169 4564 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
09:29:54.0169 4564 WacomPen - ok
09:29:54.0200 4564 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
09:29:54.0216 4564 Wanarp - ok
09:29:54.0232 4564 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
09:29:54.0232 4564 Wanarpv6 - ok
09:29:54.0310 4564 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
09:29:54.0341 4564 wcncsvc - ok
09:29:54.0372 4564 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
09:29:54.0388 4564 WcsPlugInService - ok
09:29:54.0419 4564 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
09:29:54.0419 4564 Wd - ok
09:29:54.0466 4564 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
09:29:54.0481 4564 WDC_SAM - ok
09:29:54.0590 4564 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:29:54.0606 4564 Wdf01000 - ok
09:29:54.0637 4564 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
09:29:54.0653 4564 WdiServiceHost - ok
09:29:54.0668 4564 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
09:29:54.0684 4564 WdiSystemHost - ok
09:29:54.0731 4564 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
09:29:54.0746 4564 WebClient - ok
09:29:54.0824 4564 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
09:29:54.0840 4564 Wecsvc - ok
09:29:54.0871 4564 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
09:29:54.0887 4564 wercplsupport - ok
09:29:54.0902 4564 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
09:29:54.0918 4564 WerSvc - ok
09:29:55.0027 4564 winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
09:29:55.0043 4564 winachsf - ok
09:29:55.0105 4564 winbondcir (54d68b92dc59fbba95919c804a7c3e07) C:\Windows\system32\DRIVERS\winbondcir.sys
09:29:55.0121 4564 winbondcir - ok
09:29:55.0168 4564 WinDefend - ok
09:29:55.0183 4564 WinHttpAutoProxySvc - ok
09:29:55.0277 4564 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
09:29:55.0292 4564 Winmgmt - ok
09:29:55.0573 4564 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
09:29:55.0651 4564 WinRM - ok
09:29:55.0901 4564 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
09:29:55.0932 4564 Wlansvc - ok
09:29:56.0010 4564 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:29:56.0010 4564 wlcrasvc - ok
09:29:56.0306 4564 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:29:56.0338 4564 wlidsvc - ok
09:29:56.0431 4564 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:29:56.0431 4564 WmiAcpi - ok
09:29:56.0525 4564 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
09:29:56.0540 4564 wmiApSrv - ok
09:29:56.0587 4564 WMPNetworkSvc - ok
09:29:56.0650 4564 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
09:29:56.0665 4564 WPCSvc - ok
09:29:56.0712 4564 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
09:29:56.0728 4564 WPDBusEnum - ok
09:29:56.0806 4564 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
09:29:56.0806 4564 WpdUsb - ok
09:29:57.0040 4564 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:29:57.0118 4564 WPFFontCache_v0400 - ok
09:29:57.0164 4564 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
09:29:57.0164 4564 ws2ifsl - ok
09:29:57.0196 4564 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
09:29:57.0211 4564 wscsvc - ok
09:29:57.0227 4564 WSearch - ok
09:29:57.0539 4564 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
09:29:57.0617 4564 wuauserv - ok
09:29:57.0757 4564 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
09:29:57.0773 4564 WudfPf - ok
09:29:57.0820 4564 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:29:57.0851 4564 WUDFRd - ok
09:29:57.0882 4564 wudfsvc (3dcc7bf5afa921b479e622bd999121f3) C:\Windows\System32\WUDFSvc.dll
09:29:57.0898 4564 wudfsvc - ok
09:29:57.0976 4564 ZTEusbmdm6k (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
09:29:57.0991 4564 ZTEusbmdm6k - ok
09:29:58.0007 4564 ZTEusbnmea (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
09:29:58.0022 4564 ZTEusbnmea - ok
09:29:58.0054 4564 ZTEusbser6k (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
09:29:58.0100 4564 ZTEusbser6k - ok
09:29:58.0132 4564 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:29:58.0506 4564 \Device\Harddisk0\DR0 - ok
09:29:58.0522 4564 Boot (0x1200) (7f113e94e8cb47f517de92ca4d79ed6e) \Device\Harddisk0\DR0\Partition0
09:29:58.0522 4564 \Device\Harddisk0\DR0\Partition0 - ok
09:29:58.0522 4564 ============================================================
09:29:58.0522 4564 Scan finished
09:29:58.0522 4564 ============================================================
09:29:58.0537 4420 Detected object count: 0
09:29:58.0537 4420 Actual detected object count: 0
09:33:00.0901 4716 Deinitialize success

#10
Quinny
Posted 29 June 2012 - 03:55 AM

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 104 posts
  • Gender:Male
  • Location:South Wales UK
  • Interests:Photography and nature,music and movies.
Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 22
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.262
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````

#11
Maurice Naggar
Posted 29 June 2012 - 11:49 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,229 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
The TDSSKILLER run shows nothing detected. Which is a good start.

These steps are for Quinny only. If you are a casual viewer, do NOT try this on your system!
If you are not Quinny and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to any other system :excl:

1
Your logs showed some peer-to-peer filesharing apps: Azureus I do not recommend the use of P-2-P programs since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.
Risks of File-Sharing Technology.

P2P file sharing: Know the risks

De-install Azureus & any other peer-to-peer app via Programs and Features, AND confirm for me that you have done that.
These type apps will cause re-infection, and should I see you still have those, I will cease helping you.

2
What anti-virus application was installed before you installed AVAST, was your subscription still current, and did you uninstall it before you installed AVAST?

Did you install a Norton application on June 23rd or therabouts?

Did a Norton free-trial or a McAfee free-trial come preinstalled on the computer when you bought it? (Doesn't matter if you never used or Activated it.)

Incomplete de-installs of antivirus programs lead to conflicts and dealocks. It is important you reply to my questions.

3
This pc has a "AF-HHS" toolbar from Conduit. It is reputed to have "trackware" capability. I would suggest you de-install it via Programs and Features.

4
This pc also has the Searchqu toolbar (or remnants) which need removing.
We Need to Run a Batch Script
  • Press the Windows-key on keyboard.
  • In the Posted Image box, type notepad and press Enter.
  • Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
    reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar /v !{99079a25-328f-4bd4-be04-00955acaa0a7} /f
rd /s /q C:\Program Files (x86)\Windows Searchqu Toolbar
del /f /q "%~f0"
  • Select File -> Save AS.
  • Press the Desktop button on the left side of the save dialog.
  • In the Posted Image box, type in Fix.bat.
  • Press Posted Image.
  • Close Notepad.
  • Right click Posted Image on your desktop, and choose Posted Image.
  • Press Yes if prompted by User Account Control.

Java runtime
Posted Image Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of >> Windows Offline << from here and save it to your desktop.

  • Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u5-windows-i586.exe to install the newest version.
    ( jre-7u5-windows-x64.exe if this is a 64-bit Windows o.s.)
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) Posted Image
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:
Click Advanced Tab. Expand the Miscellaneous item.
UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml
When all is well, you should see Java Version: Java 7 Update 5 from Sun Microsystems Inc.

Confirmation, answers, and new RSIT run
CONFIRM that all peer-to-peer apps are removed.

Answer my questions (from above).

Right Click on RSIT and select Run as Administrator. Run it, and Copy & Paste the new LOG.txt + Info.txt for review.
~Maurice Naggar

I close my threads if there is 5 days without a response.

#12
Quinny
Posted 29 June 2012 - 01:36 PM

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 104 posts
  • Gender:Male
  • Location:South Wales UK
  • Interests:Photography and nature,music and movies.
Hi Maurice,Thanks for your help.The laptop is my brother-in-laws and it's aprox 4yrs old.
Before my first post i uninstalled Vuze i just had a look for Azureus on add and remove but can't see it.
I did find a folder called Azureus which i deleted,i can't find anything Azureus in program files either.
I think in the past he's had Norton and Macafee installed.Should i run removel tools for these antiviruses?

#13
Quinny
Posted 29 June 2012 - 02:26 PM

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 104 posts
  • Gender:Male
  • Location:South Wales UK
  • Interests:Photography and nature,music and movies.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Wools at 2012-06-29 20:25:33
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 71 GB (32%) free of 224 GB
Total RAM: 4093 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:25:36, on 29/06/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\Wools\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Wools.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=17162
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
R3 - URLSearchHook: (no name) - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - (no file)
R3 - URLSearchHook: (no name) - {90eee664-34b1-422a-a782-779af65cdf6d} - (no file)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: (no name) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02464DDC-3187-11D8-8004-0020ED227566} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - (no file)
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - !{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\WI9130~1\Datamngr\datamngr.dll C:\PROGRA~2\WI9130~1\Datamngr\IEBHO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BecHelperService - Unknown owner - C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11638 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FreeFileViewerUpdateChecker.job
C:\Windows\tasks\GlaryInitialize.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3560542134-3112040110-2959616142-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3560542134-3112040110-2959616142-1000UA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Wools\AppData\Roaming\Mozilla\Firefox\Profiles\m54eyri2.default
prefs.js - "browser.startup.homepage" - "google.com"
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
"fe_9.0@nokia.com"=C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0
"{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.262 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.0]
"Description"=
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53]
"Description"=RealPlayer™ LiveConnect-Enabled Plug-In
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53]
"Description"=RealNetworks™ RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53]
"Description"=RealPlayer™ HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53]
"Description"=RealPlayer Download Plugin
"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
nppl3260.dll
nppl3260.xpt
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpplugin.dll
QuickTimePlugin.class
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
babylon.xml
bing.xml
eBay.xml
google.xml
Search_Results.xml
twitter.xml
wikipedia.xml
yahoo.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02464DDC-3187-11D8-8004-0020ED227566}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-05-30 425680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-06-29 453104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-06-29 157680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]
!{99079a25-328f-4bd4-be04-00955acaa0a7}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]
"Conime"=C:\Windows\system32\conime.exe [2009-04-11 69120]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]
C:\Users\Wools\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\WI9130~1\Datamngr\datamngr.dll C:\PROGRA~2\WI9130~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutorun"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"BindDirectlyToPropertySetStorage"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.SCLS"=SCLS.dll
"VIDC.FFDS"=ff_vfw.dll
"vidc.yv12"=DivX.dll
"msacm.siren"=sirenacm.dll
"vidc.DIVX"=DivX.dll
======File associations======
.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-06-29 20:21:57 ----D---- C:\Program Files (x86)\Common Files\Java
2012-06-29 20:20:10 ----A---- C:\Windows\SysWOW64\javaws.exe
2012-06-29 20:19:57 ----A---- C:\Windows\SysWOW64\javaw.exe
2012-06-29 20:19:57 ----A---- C:\Windows\SysWOW64\java.exe
2012-06-29 10:23:11 ----D---- C:\Program Files (x86)\Oracle
2012-06-29 10:22:47 ----A---- C:\Windows\SysWOW64\npDeployJava1.dll
2012-06-29 09:28:56 ----A---- C:\TDSSKiller.2.7.42.0_29.06.2012_09.28.56_log.txt
2012-06-28 21:00:16 ----D---- C:\rsit
2012-06-28 21:00:16 ----D---- C:\Program Files (x86)\trend micro
2012-06-28 20:42:54 ----D---- C:\Windows\ERDNT
2012-06-28 20:41:06 ----D---- C:\Program Files (x86)\ERUNT
2012-06-28 18:34:24 ----D---- C:\Users\Wools\AppData\Roaming\Windows Live Writer
2012-06-27 20:20:29 ----D---- C:\Users\Wools\AppData\Roaming\dvdcss
2012-06-24 08:54:43 ----A---- C:\Windows\SysWOW64\wups.dll
2012-06-24 08:54:43 ----A---- C:\Windows\SysWOW64\wudriver.dll
2012-06-24 08:54:43 ----A---- C:\Windows\SysWOW64\wuapi.dll
2012-06-24 08:54:30 ----A---- C:\Windows\SysWOW64\wuwebv.dll
2012-06-24 08:54:30 ----A---- C:\Windows\SysWOW64\wuapp.exe
2012-06-22 18:22:26 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-22 17:47:35 ----D---- C:\Users\Wools\AppData\Roaming\Malwarebytes
2012-06-22 17:47:26 ----D---- C:\ProgramData\Malwarebytes
2012-06-22 17:47:25 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-22 15:51:19 ----SD---- C:\Windows\SysWOW64\Microsoft
2012-06-20 14:54:35 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-20 09:13:03 ----D---- C:\ProgramData\Mozilla
2012-06-16 19:50:27 ----D---- C:\Program Files (x86)\iTunes
2012-06-13 22:06:02 ----A---- C:\Windows\SysWOW64\url.dll
2012-06-13 22:06:02 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 22:06:01 ----A---- C:\Windows\SysWOW64\urlmon.dll
2012-06-13 22:06:01 ----A---- C:\Windows\SysWOW64\iertutil.dll
2012-06-13 22:06:00 ----A---- C:\Windows\SysWOW64\ieui.dll
2012-06-13 22:05:59 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2012-06-13 22:05:58 ----A---- C:\Windows\SysWOW64\wininet.dll
2012-06-13 22:05:57 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 22:05:57 ----A---- C:\Windows\SysWOW64\jscript9.dll
2012-06-13 22:05:57 ----A---- C:\Windows\SysWOW64\jscript.dll
2012-06-13 22:05:56 ----A---- C:\Windows\SysWOW64\mshtml.dll
2012-06-13 22:05:53 ----A---- C:\Windows\SysWOW64\ieframe.dll
2012-06-13 21:13:28 ----A---- C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 21:13:28 ----A---- C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 21:13:28 ----A---- C:\Windows\SysWOW64\crypt32.dll
2012-06-10 19:25:33 ----D---- C:\Program Files (x86)\Dropbox
2012-05-30 19:35:02 ----D---- C:\Program Files (x86)\Common Files\xing shared
======List of files/folders modified in the last 1 month======
2012-06-29 20:25:37 ----D---- C:\Windows\Prefetch
2012-06-29 20:25:32 ----D---- C:\Windows\Temp
2012-06-29 20:21:57 ----SHD---- C:\Windows\Installer
2012-06-29 20:21:57 ----D---- C:\Program Files (x86)\Common Files
2012-06-29 20:20:10 ----D---- C:\Windows\SysWOW64
2012-06-29 20:19:23 ----A---- C:\Windows\SysWOW64\deployJava1.dll
2012-06-29 20:19:20 ----D---- C:\Program Files (x86)\Java
2012-06-29 20:19:16 ----SHD---- C:\System Volume Information
2012-06-29 20:10:15 ----D---- C:\Windows\System32
2012-06-29 20:09:29 ----RD---- C:\Program Files
2012-06-29 20:09:24 ----D---- C:\Windows\inf
2012-06-29 20:03:19 ----D---- C:\ProgramData\Kodak
2012-06-29 20:02:26 ----RD---- C:\Program Files (x86)
2012-06-28 23:43:31 ----SD---- C:\Users\Wools\AppData\Roaming\Microsoft
2012-06-28 20:42:54 ----D---- C:\Windows
2012-06-28 18:02:18 ----D---- C:\Program Files (x86)\Vuze
2012-06-28 17:37:32 ----D---- C:\Users\Wools\AppData\Roaming\Dropbox
2012-06-27 20:46:46 ----D---- C:\Users\Wools\AppData\Roaming\Azureus
2012-06-27 20:44:04 ----D---- C:\Windows\Debug
2012-06-27 20:20:46 ----D---- C:\Users\Wools\AppData\Roaming\vlc
2012-06-26 18:24:40 ----D---- C:\Windows\rescache
2012-06-26 07:18:16 ----D---- C:\Windows\SysWOW64\en-US
2012-06-25 22:25:22 ----D---- C:\Windows\winsxs
2012-06-23 16:12:39 ----D---- C:\Program Files (x86)\Windows Searchqu Toolbar
2012-06-23 15:36:30 ----D---- C:\ProgramData\Norton
2012-06-22 18:22:24 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-06-22 17:47:26 ----HD---- C:\ProgramData
2012-06-22 15:53:02 ----D---- C:\Windows\Tasks
2012-06-22 15:16:24 ----D---- C:\Users\Wools\AppData\Roaming\Skype
2012-06-22 15:16:17 ----D---- C:\Windows\ModemLogs
2012-06-22 15:16:16 ----D---- C:\Windows\Logs
2012-06-16 19:50:28 ----D---- C:\Program Files (x86)\Common Files\Apple
2012-06-14 19:36:01 ----D---- C:\Windows\Microsoft.NET
2012-06-14 19:11:46 ----RSD---- C:\Windows\assembly
2012-06-13 22:45:14 ----D---- C:\Windows\SysWOW64\migration
2012-06-13 22:45:14 ----D---- C:\Program Files (x86)\Internet Explorer
2012-05-30 19:35:12 ----D---- C:\Program Files (x86)\Real
2012-05-30 19:34:47 ----A---- C:\Windows\SysWOW64\rmoc3260.dll
2012-05-30 19:34:26 ----A---- C:\Windows\SysWOW64\pndx5032.dll
2012-05-30 19:34:26 ----A---- C:\Windows\SysWOW64\pndx5016.dll
2012-05-30 19:34:22 ----A---- C:\Windows\SysWOW64\pncrt.dll
2012-05-30 19:34:11 ----A---- C:\Windows\SysWOW64\msvcr71.dll
2012-05-30 19:34:11 ----A---- C:\Windows\SysWOW64\msvcp71.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys []
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys []
R1 archlp;archlp; C:\Windows\system32\drivers\archlp.sys []
R1 aswRdr;aswRdr; C:\Windows\SysWOW64\drivers\aswRdr.sys []
R1 aswSnx;aswSnx; C:\Windows\SysWOW64\drivers\aswSnx.sys []
R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdpx64.sys []
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2010-12-01 125512]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV6.SYS []
R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL6.SYS []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
R3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETw3v64.sys []
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-06-12 1729152]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS []
R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys []
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []
S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys []
S3 mbamchameleon;mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys []
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 pwdrvio;pwdrvio; \??\C:\Windows\system32\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys []
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys []
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys []
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys []
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys []
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8; C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-05-24 55184]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]
R2 BecHelperService;BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-11-22 358936]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service; C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 McciCMService;McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [2011-03-23 319488]
R2 TVersityMediaServer;TVersity Media Server; C:\ProgramData\TVersity\Media Server\MediaServer.exe [2011-07-29 1249064]
R2 VideoAcceleratorService;VideoAcceleratorService; C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe [2012-03-20 313624]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-28 250056]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-02-17 867080]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-06-07 936848]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
-----------------EOF-----------------

#14
Maurice Naggar
Posted 29 June 2012 - 03:08 PM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,229 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

 Quinny, on 29 June 2012 - 01:36 PM, said:

.....
....
I think in the past he's had Norton and Macafee installed.Should i run removel tools for these antiviruses?
Download & SAVE the removal tools, and then, run each (one time)
Yes, Mcafee --> http://service.mcafe...033&id=TS100507 <<-- Do Steps 1 & 2 only & then reboot.
Norton / Symantec -- > http://service1.syma...005033108162039
Logoff and Restart fresh when all done.

Edited by Maurice Naggar, 29 June 2012 - 03:14 PM.

~Maurice Naggar

I close my threads if there is 5 days without a response.

#15
Maurice Naggar
Posted 29 June 2012 - 03:13 PM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,229 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
Once you have finished the above, the.............do the following:

You will want to print out or copy these instructions to Notepad for offline reference!
These steps are for member Quinny only. If you are a casual viewer, do NOT try this on your system!
If you are not Quinny and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!
Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 1
If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages
It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.
You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.
Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system


Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Right- click on Combo-Fix.exe on your Desktop Posted Image and select "Run as Administrator".
  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.

    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.


A file will be created at => C:\Combofix.txt.
Note:
Do not mouseclick combofix's window nor run any program while Combofix is running.
That may cause it to stall.

When all done, Re-Enable your antivirus.

Reply with a copy of the C:\Combofix.txt log
~Maurice Naggar

I close my threads if there is 5 days without a response.

#16
Quinny
Posted 29 June 2012 - 04:04 PM

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 104 posts
  • Gender:Male
  • Location:South Wales UK
  • Interests:Photography and nature,music and movies.
I run the Norton removel tool but can't find an option to run Mcaffe removel tool from your link.

#17
Quinny
Posted 29 June 2012 - 05:37 PM

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 104 posts
  • Gender:Male
  • Location:South Wales UK
  • Interests:Photography and nature,music and movies.
Managed to find Mcaffe removel tool from mod on Mcafee forum.Here's the combo fix logfile.
ComboFix 12-06-28.03 - Wools 29/06/2012 23:11:29.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4093.2718 [GMT 1:00]
Running from: c:\users\Wools\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Windows Searchqu Toolbar
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll
c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\DnsBHO.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))
.
.
2012-06-29 22:29 . 2012-06-29 22:29 -------- d-----w- c:\users\Wools\AppData\Local\temp
2012-06-29 22:29 . 2012-06-29 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-29 19:21 . 2012-06-29 19:21 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-29 08:27 . 2012-06-29 08:27 33096 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-06-28 22:43 . 2012-06-28 22:43 -------- d-----w- c:\users\Wools\AppData\Local\Macromedia
2012-06-28 20:00 . 2012-06-29 19:25 -------- d-----w- c:\program files (x86)\trend micro
2012-06-28 20:00 . 2012-06-28 20:00 -------- d-----w- C:\rsit
2012-06-28 19:41 . 2012-06-28 19:41 -------- d-----w- c:\program files (x86)\ERUNT
2012-06-28 19:07 . 2012-06-28 19:07 -------- d-----w- c:\program files\Speccy
2012-06-28 17:34 . 2012-06-28 17:34 -------- d-----w- c:\users\Wools\AppData\Local\Windows Live Writer
2012-06-28 17:34 . 2012-06-28 17:34 -------- d-----w- c:\users\Wools\AppData\Roaming\Windows Live Writer
2012-06-27 19:20 . 2012-06-27 19:20 -------- d-----w- c:\users\Wools\AppData\Roaming\dvdcss
2012-06-24 07:55 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 07:55 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 07:55 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 07:55 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 07:54 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-24 07:54 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-24 07:54 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 07:54 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-24 07:54 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 07:54 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-24 07:54 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 07:54 . 2012-06-02 14:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-24 07:54 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-24 07:54 . 2012-06-02 14:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-22 16:47 . 2012-06-22 16:47 -------- d-----w- c:\users\Wools\AppData\Roaming\Malwarebytes
2012-06-22 16:47 . 2012-06-22 16:47 -------- d-----w- c:\programdata\Malwarebytes
2012-06-22 16:47 . 2012-06-22 16:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-22 16:47 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-22 14:51 . 2012-06-22 14:51 -------- d-s---w- c:\windows\SysWow64\Microsoft
2012-06-20 13:54 . 2012-06-28 22:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-16 18:50 . 2012-06-16 18:50 -------- d-----w- c:\program files\iPod
2012-06-16 18:50 . 2012-06-16 18:51 -------- d-----w- c:\program files\iTunes
2012-06-16 18:50 . 2012-06-16 18:51 -------- d-----w- c:\program files (x86)\iTunes
2012-06-13 21:05 . 2012-05-18 02:51 754808 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-06-13 20:13 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 20:13 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 20:13 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 20:13 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 20:13 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 20:13 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 20:13 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 20:13 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-10 18:25 . 2012-06-10 18:25 -------- d-----w- c:\program files (x86)\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 19:19 . 2011-01-12 15:56 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-28 22:43 . 2011-07-27 07:15 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-30 18:34 . 2011-11-25 15:40 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-30 18:34 . 2011-11-25 15:40 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-03 08:22 . 2012-05-09 16:48 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Wools\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Wools\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Wools\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-12-12 2234288]
.
c:\users\Wools\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"NokiaMServer"=c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-28 250056]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 22:43]
.
2012-06-29 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-02-14 14:24]
.
2012-06-29 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-01-10 14:13]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3560542134-3112040110-2959616142-1000Core.job
- c:\users\Wools\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 19:15]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3560542134-3112040110-2959616142-1000UA.job
- c:\users\Wools\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 19:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Wools\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Wools\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Wools\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Wools\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
LSP: c:\progra~2\SPEEDB~1\sblsp.dll
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Wools\AppData\Roaming\Mozilla\Firefox\Profiles\m54eyri2.default\
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
URLSearchHooks-{f0381dbd-e018-4e07-ae40-d96ab15083f0} - (no file)
URLSearchHooks-{90eee664-34b1-422a-a782-779af65cdf6d} - (no file)
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{66bd2442-241b-44cd-8c7a-b51037053cdb} - (no file)
Toolbar-10 - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
BHO-{9D717F81-9148-4f12-8568-69135F087DB0} - c:\progra~2\WI9130~1\Datamngr\x64\BROWSE~1.DLL
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
Toolbar-10 - (no file)
Toolbar-!{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{F0381DBD-E018-4E07-AE40-D96AB15083F0} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{66BD2442-241B-44CD-8C7A-B51037053CDB} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\01\05\09\02\18y"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-06-29 23:32:27
ComboFix-quarantined-files.txt 2012-06-29 22:32
.
Pre-Run: 69,197,070,336 bytes free
Post-Run: 69,128,617,984 bytes free
.
- - End Of File - - F450109BC79883826E478BBE5930E578

#18
Maurice Naggar
Posted 30 June 2012 - 09:57 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,229 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
Good run of Combofix. ok, now I want to follow-up with a scan using drWeb Cure-It utility (free download).
once you start this tool, do not run any other app (eg, do not use the system during the run).
Close any programs you started.

Download Dr.Web CureIt to the desktop.
  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.
~Maurice Naggar

I close my threads if there is 5 days without a response.

#19
Quinny
Posted 30 June 2012 - 05:37 PM

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 104 posts
  • Gender:Male
  • Location:South Wales UK
  • Interests:Photography and nature,music and movies.
Hi,For some reason i am unable to copy&paste the DrWeb logfile or send it as an attachment.

#20
Quinny
Posted 30 June 2012 - 05:43 PM

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 104 posts
  • Gender:Male
  • Location:South Wales UK
  • Interests:Photography and nature,music and movies.
I found out the reason i can't post the DrWeb logfile is because it's size is 58.8mb.
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us