HLuther

Removing BCool, Sweet Packs & OptimizerPro1

15 posts in this topic

Please help, i need to uninstall these programs, I have tried uninstalling but the programs keep on giving me errors.

See errors attached.

post-118904-0-39970100-1349189380.jpg

Share this post


Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Share this post


Link to post
Share on other sites

Hi, thanks for the reply.

I'm running Widows 7 Professional.

<moderator note> Please do NOT attach logs/reports. Always Copy & Paste contents directly into main-body of reply box.

Malwarebytes Anti-Malware (Trial) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.03.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

HLuther :: HLUTHER-HP [administrator]

Protection: Enabled

2012/10/03 07:26:30 AM

mbam-log-2012-10-03 (07-40-16).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 217613

Time elapsed: 11 minute(s), 2 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Users\HLuther\AppData\Local\Temp\{D3B65964-E714-EB3C-DDC5-E329D79AA819}\Addons\bcool_extension.exe (Adware.Dropper) -> No action taken.

C:\Users\HLuther\Downloads\spybot search a destroy.exe (Adware.Solimba.Lame) -> No action taken.

C:\Users\HLuther\Local Settings\Temporary Internet Files\Content.IE5\PJDLSP73\5066f728e3d10[1].exe (Adware.Dropper) -> No action taken.

(end)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2

Run by HLuther at 7:43:20 on 2012-10-03

Microsoft Windows 7 Professional 6.1.7601.1.1252.27.1033.18.4030.1238 [GMT 2:00]

.

AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\windows\system32\svchost.exe -k GPSvcGroup

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\Hpservice.exe

C:\windows\system32\vcsFPService.exe

C:\windows\system32\atieclxx.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe

c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe

C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\windows\system32\Dwm.exe

C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

C:\windows\Explorer.EXE

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe

C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe

C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Users\HLuther\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\HLuther\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\windows\system32\SearchIndexer.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe

C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe

C:\windows\system32\DllHost.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\windows\system32\igfxext.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrvPXDiscrete.exe

C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\windows\system32\msiexec.exe

C:\Users\HLuther\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\HLuther\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\HLuther\AppData\Local\Google\Chrome\Application\chrome.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://t1.search.com/

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

uURLSearchHooks: Search.com Toolbar: {bfeaf3d0-307e-4f52-b64a-af56babe82b5} - C:\Program Files (x86)\Search.com Toolbar\IE\6.0\searchcomToolbarIE.dll

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - No File

BHO: File Sanitizer for HP ProtectTools: {3134413b-49b4-425c-98a5-893c1f195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Search.com Toolbar: {bfeaf3d0-307e-4f52-b64a-af56babe82b5} - C:\Program Files (x86)\Search.com Toolbar\IE\6.0\searchcomToolbarIE.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll

TB: {98889811-442D-49dd-99D7-DC866BE87DBC} - No File

TB: Search.com Toolbar: {bfeaf3d0-307e-4f52-b64a-af56babe82b5} - C:\Program Files (x86)\Search.com Toolbar\IE\6.0\searchcomToolbarIE.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

TB: {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No File

TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File

uRun: [Google Update] "C:\Users\HLuther\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

uRun: [AdobeBridge]

uRun: [b7EF9AEC2F1AB252E008FE9EB20375A02D25FEDF._service_run] "C:\Users\HLuther\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service

uRunOnce: [simboApp] C:\Users\HLuther\AppData\Local\Temp\OfferID5\simboapp.exe

mRun: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe

mRun: [HPQuickWebProxy] "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start

mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun: [<NO NAME>]

mRun: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT

mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer

mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer

mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer

mRunOnce: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\HLuther\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\HLuther\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VIRTUA~1.LNK - C:\windows\Installer\{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}\_E6D9769DD20AF384865041.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{2032A163-82DF-45A6-A5D8-1E139BB87489} : NameServer = 168.210.2.2,192.168.1.1

TCP: Interfaces\{CA76C9C1-25CD-451C-8B4C-34C047271877} : DhcpNameServer = 192.168.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: DeviceNP - DeviceNP.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

LSA: Notification Packages = DPPassFilter EpePcNp64 scecli

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {2EECD738-5844-4a99-B4B6-146BF802613B} - No File

BHO-X64: Babylon toolbar helper - No File

BHO-X64: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll

BHO-X64: BHO_Startup - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO-X64: IESpeakDoc - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Search.com Toolbar: {BFEAF3D0-307E-4F52-B64A-AF56BABE82B5} - C:\Program Files (x86)\Search.com Toolbar\IE\6.0\searchcomToolbarIE.dll

BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll

TB-X64: {98889811-442D-49dd-99D7-DC866BE87DBC} - No File

TB-X64: Search.com Toolbar: {BFEAF3D0-307E-4F52-B64A-AF56BABE82B5} - C:\Program Files (x86)\Search.com Toolbar\IE\6.0\searchcomToolbarIE.dll

TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No File

TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File

mRun-x64: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe

mRun-x64: [HPQuickWebProxy] "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun-x64: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start

mRun-x64: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

mRun-x64: [(Default)]

mRun-x64: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun-x64: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun-x64: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT

mRun-x64: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRunOnce-x64: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer

mRunOnce-x64: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer

mRunOnce-x64: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer

mRunOnce-x64: [b Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]

R0 Avgloga;AVG Logging Driver;C:\windows\system32\DRIVERS\avgloga.sys --> C:\windows\system32\DRIVERS\avgloga.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]

R0 MfeEpeOpal;MfeEpeOpal;C:\windows\system32\drivers\MfeEpeOpal.sys --> C:\windows\system32\drivers\MfeEpeOpal.sys [?]

R0 MfeEpePc;MfeEpePc;C:\windows\system32\drivers\MfeEpePc.sys --> C:\windows\system32\drivers\MfeEpePc.sys [?]

R1 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]

R1 avgtp;avgtp;\??\C:\windows\system32\drivers\avgtpx64.sys --> C:\windows\system32\drivers\avgtpx64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-7-8 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]

R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-9-17 789224]

R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-1-7 138400]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-1-7 53920]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-8-20 5751928]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-8-20 184304]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe -s --> C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe -s [?]

R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-7-15 137272]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HPDayStarterService;HP DayStarter Service;C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-1-28 133688]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-5-16 197536]

R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-2-7 320000]

R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-6-20 523680]

R2 hpsrv;HP Service;C:\windows\system32\Hpservice.exe --> C:\windows\system32\Hpservice.exe [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-29 13336]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-3 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-3 676936]

R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-4-5 1323008]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]

R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-6-18 113264]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]

R2 uArcCapture;ArcCapture;C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe [2012-4-29 502464]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-29 2656280]

R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2012-2-15 2268240]

R2 Virtual Router;VirtualRouterService;C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [2009-11-18 12288]

R2 VMCService;Vodafone Mobile Connect Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-9-18 9216]

R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-3 722528]

R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]

R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\windows\system32\DRIVERS\ArcSoftVCapture.sys --> C:\windows\system32\DRIVERS\ArcSoftVCapture.sys [?]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\system32\DRIVERS\btath_flt.sys --> C:\windows\system32\DRIVERS\btath_flt.sys [?]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\system32\drivers\btath_a2dp.sys --> C:\windows\system32\drivers\btath_a2dp.sys [?]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\system32\DRIVERS\btath_bus.sys --> C:\windows\system32\DRIVERS\btath_bus.sys [?]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\system32\DRIVERS\btath_hcrp.sys --> C:\windows\system32\DRIVERS\btath_hcrp.sys [?]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\system32\DRIVERS\btath_lwflt.sys --> C:\windows\system32\DRIVERS\btath_lwflt.sys [?]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\system32\DRIVERS\btath_rcp.sys --> C:\windows\system32\DRIVERS\btath_rcp.sys [?]

R3 BtFilter;BtFilter;C:\windows\system32\DRIVERS\btfilter.sys --> C:\windows\system32\DRIVERS\btfilter.sys [?]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe -s --> C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe -s [?]

R3 intelkmd;intelkmd;C:\windows\system32\DRIVERS\igdpmd64.sys --> C:\windows\system32\DRIVERS\igdpmd64.sys [?]

R3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-17 136176]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]

S2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2011-3-7 62184]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-19 250288]

S3 DAMDrv;DAMDrv;C:\windows\system32\DRIVERS\DAMDrv64.sys --> C:\windows\system32\DRIVERS\DAMDrv64.sys [?]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudbus.sys --> C:\windows\system32\DRIVERS\ssudbus.sys [?]

S3 dmvsc;dmvsc;C:\windows\system32\drivers\dmvsc.sys --> C:\windows\system32\drivers\dmvsc.sys [?]

S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2011-9-5 476728]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-17 136176]

S3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]

S3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;C:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys --> C:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys [?]

S3 HSPADataCardusbnmea;HSPADataCard NMEA Port;C:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys --> C:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys [?]

S3 HSPADataCardusbser;HSPADataCard Diagnostic Port;C:\windows\system32\DRIVERS\HSPADataCardusbser.sys --> C:\windows\system32\DRIVERS\HSPADataCardusbser.sys [?]

S3 massfilter;ZTE Mass Storage Filter Driver;C:\windows\system32\DRIVERS\massfilter.sys --> C:\windows\system32\DRIVERS\massfilter.sys [?]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudmdm.sys --> C:\windows\system32\DRIVERS\ssudmdm.sys [?]

S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\windows\system32\DRIVERS\ZTEusbnet.sys --> C:\windows\system32\DRIVERS\ZTEusbnet.sys [?]

S3 ZTEusbvoice;ZTE VoUSB Port;C:\windows\system32\DRIVERS\ZTEusbvoice.sys --> C:\windows\system32\DRIVERS\ZTEusbvoice.sys [?]

.

=============== Created Last 30 ================

.

2012-10-03 05:24:01 -------- d-----w- C:\Users\HLuther\AppData\Roaming\Malwarebytes

2012-10-03 05:23:48 -------- d-----w- C:\ProgramData\Malwarebytes

2012-10-03 05:23:47 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-10-03 05:23:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-10-02 15:57:06 -------- d-----w- C:\Users\HLuther\AppData\Local\Chris_Pietschmann_(http__

2012-10-02 15:54:35 -------- d-----w- C:\Program Files (x86)\Virtual Router

2012-10-02 15:38:22 -------- d-----w- C:\Users\HLuther\AppData\Local\DanuSoft

2012-10-02 14:58:12 -------- d-----w- C:\Program Files (x86)\Ask.com

2012-10-02 14:58:05 -------- d-----w- C:\Users\HLuther\AppData\Local\APN

2012-10-02 14:57:38 -------- d-----w- C:\ProgramData\PC Optimizer Pro

2012-10-02 14:55:13 -------- d-----w- C:\Program Files (x86)\Search.com Toolbar

2012-10-02 14:55:13 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot

2012-10-02 14:55:13 -------- d-----w- C:\Program Files (x86)\Application Updater

2012-10-02 14:29:19 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-10-02 14:29:10 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3238E2CA-7071-4E24-9FE4-877D8675B288}\mpengine.dll

2012-10-02 14:21:57 -------- d-----w- C:\Program Files (x86)\PC Speed Up

2012-10-02 14:05:50 -------- d-----w- C:\Program Files (x86)\ESET

2012-10-02 13:00:57 739 ----a-w- C:\vapad.tmp

2012-10-01 10:02:00 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2012-09-30 06:19:09 -------- d-----w- C:\Users\HLuther\AppData\Local\{BC02EA8B-224E-410A-933E-FAE43F2B792F}

2012-09-29 19:10:36 -------- d-----w- C:\Users\HLuther\AppData\Local\Nero_AG

2012-09-29 19:09:16 -------- d-----w- C:\Users\HLuther\AppData\Local\Nero

2012-09-29 18:48:07 -------- d-----w- C:\Program Files (x86)\Nero

2012-09-29 18:47:55 -------- d-----w- C:\ProgramData\Nero

2012-09-29 18:23:41 248672 ----a-w- C:\windows\SysWow64\d3dx11_43.dll

2012-09-29 18:22:47 470880 ----a-w- C:\windows\SysWow64\d3dx10_43.dll

2012-09-29 18:21:34 1998168 ----a-w- C:\windows\SysWow64\D3DX9_43.dll

2012-09-29 18:20:26 1868128 ----a-w- C:\windows\SysWow64\d3dcsx_43.dll

2012-09-29 18:19:45 2106216 ----a-w- C:\windows\SysWow64\D3DCompiler_43.dll

2012-09-29 14:10:54 -------- d-----w- C:\Users\HLuther\AppData\Roaming\LimeWire

2012-09-29 13:25:34 -------- d-----w- C:\windows\SysWow64\Extensions

2012-09-29 13:25:33 -------- d-----w- C:\windows\SysWow64\searchplugins

2012-09-29 13:25:26 -------- d-----w- C:\ProgramData\Browser Manager

2012-09-29 13:23:49 -------- d-----w- C:\ProgramData\Premium

2012-09-29 13:21:34 -------- d-----w- C:\ProgramData\InstallMate

2012-09-29 06:11:25 -------- d-----w- C:\Users\HLuther\AppData\Roaming\AVG2013

2012-09-29 05:52:17 -------- d-----w- C:\Users\HLuther\AppData\Roaming\TuneUp Software

2012-09-29 05:51:54 -------- d-----w- C:\Program Files (x86)\AVG Secure Search

2012-09-29 05:46:53 -------- d-----w- C:\ProgramData\AVG2013

2012-09-29 05:34:32 -------- d-----w- C:\Users\HLuther\AppData\Local\MFAData

2012-09-29 05:34:32 -------- d-----w- C:\Users\HLuther\AppData\Local\Avg2013

2012-09-28 15:47:15 -------- d-----w- C:\Users\HLuther\AppData\Local\ArcSoft

2012-09-26 13:55:38 245760 ----a-w- C:\windows\System32\OxpsConverter.exe

2012-09-19 08:07:49 -------- d-----w- C:\Users\HLuther\AppData\Roaming\PerformerSoft

2012-09-19 08:07:49 -------- d-----w- C:\ProgramData\IBUpdaterService

2012-09-19 08:01:25 -------- d-----w- C:\Users\HLuther\AppData\Roaming\Systweak

2012-09-19 08:01:24 19000 ----a-w- C:\windows\System32\roboot64.exe

2012-09-17 16:58:54 56672 ----a-w- C:\windows\System32\drivers\avgidsha.sys

2012-09-14 03:34:34 105312 ----a-w- C:\windows\System32\drivers\avgmfx64.sys

2012-09-12 11:38:54 950128 ----a-w- C:\windows\System32\drivers\ndis.sys

2012-09-12 11:38:54 574464 ----a-w- C:\windows\System32\d3d10level9.dll

2012-09-12 11:38:54 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll

2012-09-12 11:38:54 41472 ----a-w- C:\windows\System32\drivers\RNDISMP.sys

2012-09-12 11:38:52 376688 ----a-w- C:\windows\System32\drivers\netio.sys

2012-09-12 11:38:52 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS

2012-09-12 11:38:52 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys

2012-09-12 09:47:20 199520 ----a-w- C:\windows\System32\drivers\avgtdia.sys

2012-09-12 09:47:02 175968 ----a-w- C:\windows\System32\drivers\avgldx64.sys

2012-09-11 07:53:29 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-10 07:47:11 -------- d-----w- C:\Users\HLuther\AppData\Local\{D23EB156-8404-4353-9DFE-7AA1BE6698DC}

2012-09-10 07:47:11 -------- d-----w- C:\Users\HLuther\AppData\Local\{7142B2D2-20A1-4734-B4D3-F9E5D5F33D4C}

2012-09-10 06:26:50 -------- d-----w- C:\ProgramData\PDFC

2012-09-04 08:54:24 203104 ----a-w- C:\windows\System32\drivers\ssudmdm.sys

2012-09-04 08:54:24 102240 ----a-w- C:\windows\System32\drivers\ssudbus.sys

2012-09-03 12:01:19 31080 ----a-w- C:\windows\System32\drivers\avgtpx64.sys

2012-09-03 07:26:09 -------- d-----w- C:\Users\HLuther\AppData\Roaming\PDAppFlex

.

==================== Find3M ====================

.

2012-09-22 04:56:46 73136 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-22 04:56:46 696240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-09-11 07:53:25 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll

2012-09-11 07:53:25 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll

2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-08-13 14:40:52 150880 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys

2012-08-10 02:52:16 40288 ----a-w- C:\windows\System32\drivers\avgrkx64.sys

2012-08-09 11:56:42 230240 ----a-w- C:\windows\System32\drivers\avgloga.sys

2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys

2012-07-06 20:07:42 552960 ----a-w- C:\windows\System32\drivers\bthport.sys

.

============= FINISH: 7:44:05.40 ===============

Share this post


Link to post
Share on other sites

Hi,

I ran ESET Online Scanner, see documents attached.

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting (after the next restart) - quarantined

C:\Program Files (x86)\Search.com Toolbar\IE\6.0\searchcomToolbarIE.dll a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined

C:\Users\HLuther\AppData\Local\Temp\NODC564.tmp a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined

Share this post


Link to post
Share on other sites

Hello,

Reminder: Please do NOT attach logs/reports. Always Copy & Paste contents directly into main-body of reply box. :excl:

1

Close all your browsers.

Go to Control Panel >> Programs and Features and Uninstall any of the following ..... if there .....

Ask toolbar

Dealio toolbar or Dealio search

Search.com toolbar

Spigot toolbar

2

Again, close all your browsers.

Next, Go to Start > Run

Type

iexplore.exe -extoff

Press Enter

3

Using IE (only!) go to

http://support.microsoft.com/kb/923737

[ignore any DOES NOT APPLY warning as well as the APPLIES TO section],

run the Fix It and then reboot.

Tip: For optimal results, enable the Delete personal settings option.

4

Download TFC by OldTimer and SAVE it to your desktop

  • Double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Step 5

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 6

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 7

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 8

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 9

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 10

RE-Enable your antivirus program. :excl:

Then copy/paste the following into your post (in order):

  • the contents of C:\AdwCleaner[R1].txt report;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Share this post


Link to post
Share on other sites

Hi,

Could not remove Search Toolbar with Windows Uninstall.

# AdwCleaner v2.003 - Logfile created 10/07/2012 at 11:57:23

# Updated 23/09/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : HLuther - HLUTHER-HP

# Boot Mode : Normal

# Running from : C:\Users\HLuther\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

Found : Application Updater

***** [Files / Folders] *****

File Found : C:\user.js

Folder Found : C:\Program Files (x86)\Application Updater

Folder Found : C:\Program Files (x86)\AVG Secure Search

Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Found : C:\Program Files (x86)\Common Files\spigot

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\ProgramData\AVG Secure Search

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\ProgramData\Browser Manager

Folder Found : C:\ProgramData\IBUpdaterService

Folder Found : C:\ProgramData\InstallMate

Folder Found : C:\ProgramData\Premium

Folder Found : C:\ProgramData\Tarma Installer

Folder Found : C:\Users\HLuther\AppData\Local\APN

Folder Found : C:\Users\HLuther\AppData\Local\AVG Secure Search

Folder Found : C:\Users\HLuther\AppData\Local\Conduit

Folder Found : C:\Users\HLuther\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Folder Found : C:\Users\HLuther\AppData\Local\Ilivid Player

Folder Found : C:\Users\HLuther\AppData\LocalLow\AVG Secure Search

Folder Found : C:\Users\HLuther\AppData\LocalLow\boost_interprocess

Folder Found : C:\Users\HLuther\AppData\LocalLow\Conduit

Folder Found : C:\Users\HLuther\AppData\LocalLow\Search Settings

Folder Found : C:\Users\HLuther\AppData\Roaming\Babylon

Folder Found : C:\Users\HLuther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\Search Settings

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\DataMngr_Toolbar

Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Key Found : HKCU\Software\IGearSettings

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\Search Settings

Key Found : HKCU\Software\Softonic

Key Found : HKCU\Software\StartSearch

Key Found : HKCU\Software\SweetIm

Key Found : HKLM\Software\AVG Secure Search

Key Found : HKLM\Software\Babylon

Key Found : HKLM\Software\BrowserMngr

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\S

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

12:01:47.0050 1892 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

12:01:47.0846 1892 ============================================================

12:01:47.0846 1892 Current date / time: 2012/10/07 12:01:47.0846

12:01:47.0846 1892 SystemInfo:

12:01:47.0846 1892

12:01:47.0846 1892 OS Version: 6.1.7601 ServicePack: 1.0

12:01:47.0846 1892 Product type: Workstation

12:01:47.0846 1892 ComputerName: HLUTHER-HP

12:01:47.0846 1892 UserName: HLuther

12:01:47.0846 1892 Windows directory: C:\windows

12:01:47.0846 1892 System windows directory: C:\windows

12:01:47.0846 1892 Running under WOW64

12:01:47.0846 1892 Processor architecture: Intel x64

12:01:47.0846 1892 Number of processors: 4

12:01:47.0846 1892 Page size: 0x1000

12:01:47.0846 1892 Boot type: Normal boot

12:01:47.0846 1892 ============================================================

12:01:48.0360 1892 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

12:01:48.0360 1892 ============================================================

12:01:48.0360 1892 \Device\Harddisk0\DR0:

12:01:48.0360 1892 MBR partitions:

12:01:48.0360 1892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000

12:01:48.0360 1892 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x47A8E000

12:01:48.0360 1892 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x47B24800, BlocksNum 0x2332000

12:01:48.0360 1892 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x49E56800, BlocksNum 0x9FD800

12:01:48.0360 1892 ============================================================

12:01:48.0454 1892 E: <-> \Device\Harddisk0\DR0\Partition3

12:01:48.0470 1892 F: <-> \Device\Harddisk0\DR0\Partition4

12:01:48.0470 1892 ============================================================

12:01:48.0470 1892 Initialize success

12:01:48.0470 1892 ============================================================

12:02:02.0229 2584 ============================================================

12:02:02.0229 2584 Scan started

12:02:02.0229 2584 Mode: Manual;

12:02:02.0229 2584 ============================================================

12:02:02.0369 2584 ================ Scan system memory ========================

12:02:02.0369 2584 System memory - ok

12:02:02.0369 2584 ================ Scan services =============================

12:02:02.0416 2584 1394ohci - ok

12:02:02.0432 2584 Accelerometer - ok

12:02:02.0463 2584 ACDaemon - ok

12:02:02.0478 2584 ACPI - ok

12:02:02.0478 2584 AcpiPmi - ok

12:02:02.0510 2584 AdobeARMservice - ok

12:02:02.0556 2584 AdobeFlashPlayerUpdateSvc - ok

12:02:02.0572 2584 adp94xx - ok

12:02:02.0588 2584 adpahci - ok

12:02:02.0588 2584 adpu320 - ok

12:02:02.0603 2584 AeLookupSvc - ok

12:02:02.0619 2584 AESTFilters - ok

12:02:02.0634 2584 Afc - ok

12:02:02.0650 2584 AFD - ok

12:02:02.0666 2584 agp440 - ok

12:02:02.0666 2584 ALG - ok

12:02:02.0697 2584 aliide - ok

12:02:02.0712 2584 AMD External Events Utility - ok

12:02:02.0712 2584 amdide - ok

12:02:02.0728 2584 AmdK8 - ok

12:02:02.0744 2584 amdkmdag - ok

12:02:02.0790 2584 amdkmdap - ok

12:02:02.0790 2584 AmdPPM - ok

12:02:02.0822 2584 amdsata - ok

12:02:02.0837 2584 amdsbs - ok

12:02:02.0837 2584 amdxata - ok

12:02:02.0868 2584 AppID - ok

12:02:02.0868 2584 AppIDSvc - ok

12:02:02.0884 2584 Appinfo - ok

12:02:02.0915 2584 Application Updater - ok

12:02:02.0915 2584 AppMgmt - ok

12:02:02.0915 2584 arc - ok

12:02:02.0931 2584 arcsas - ok

12:02:02.0946 2584 ARCVCAM - ok

12:02:02.0962 2584 aspnet_state - ok

12:02:02.0962 2584 AsyncMac - ok

12:02:02.0978 2584 atapi - ok

12:02:02.0993 2584 AthBTPort - ok

12:02:02.0993 2584 Atheros Bt&Wlan Coex Agent - ok

12:02:03.0024 2584 AtherosSvc - ok

12:02:03.0024 2584 athr - ok

12:02:03.0040 2584 AudioEndpointBuilder - ok

12:02:03.0040 2584 AudioSrv - ok

12:02:03.0071 2584 AVGIDSAgent - ok

12:02:03.0071 2584 AVGIDSDriver - ok

12:02:03.0087 2584 AVGIDSHA - ok

12:02:03.0087 2584 Avgldx64 - ok

12:02:03.0118 2584 Avgloga - ok

12:02:03.0118 2584 Avgmfx64 - ok

12:02:03.0165 2584 Avgrkx64 - ok

12:02:03.0165 2584 Avgtdia - ok

12:02:03.0212 2584 avgtp - ok

12:02:03.0227 2584 avgwd - ok

12:02:03.0243 2584 AxInstSV - ok

12:02:03.0258 2584 b06bdrv - ok

12:02:03.0274 2584 b57nd60a - ok

12:02:03.0290 2584 BDESVC - ok

12:02:03.0290 2584 Beep - ok

12:02:03.0305 2584 BFE - ok

12:02:03.0321 2584 BITS - ok

12:02:03.0321 2584 blbdrive - ok

12:02:03.0321 2584 bowser - ok

12:02:03.0321 2584 BrFiltLo - ok

12:02:03.0336 2584 BrFiltUp - ok

12:02:03.0336 2584 Browser - ok

12:02:03.0336 2584 Brserid - ok

12:02:03.0336 2584 BrSerWdm - ok

12:02:03.0352 2584 BrUsbMdm - ok

12:02:03.0352 2584 BrUsbSer - ok

12:02:03.0352 2584 BTATH_A2DP - ok

12:02:03.0368 2584 BTATH_BUS - ok

12:02:03.0383 2584 BTATH_HCRP - ok

12:02:03.0383 2584 BTATH_LWFLT - ok

12:02:03.0383 2584 BTATH_RCP - ok

12:02:03.0399 2584 BtFilter - ok

12:02:03.0414 2584 BthEnum - ok

12:02:03.0430 2584 BTHMODEM - ok

12:02:03.0430 2584 BthPan - ok

12:02:03.0446 2584 BTHPORT - ok

12:02:03.0446 2584 bthserv - ok

12:02:03.0461 2584 BTHUSB - ok

12:02:03.0461 2584 cdfs - ok

12:02:03.0477 2584 cdrom - ok

12:02:03.0492 2584 CertPropSvc - ok

12:02:03.0492 2584 circlass - ok

12:02:03.0492 2584 CLFS - ok

12:02:03.0508 2584 clr_optimization_v2.0.50727_32 - ok

12:02:03.0508 2584 clr_optimization_v2.0.50727_64 - ok

12:02:03.0524 2584 clr_optimization_v4.0.30319_32 - ok

12:02:03.0524 2584 clr_optimization_v4.0.30319_64 - ok

12:02:03.0539 2584 CmBatt - ok

12:02:03.0539 2584 cmdide - ok

12:02:03.0555 2584 CNG - ok

12:02:03.0555 2584 Compbatt - ok

12:02:03.0570 2584 CompositeBus - ok

12:02:03.0570 2584 COMSysApp - ok

12:02:03.0570 2584 crcdisk - ok

12:02:03.0570 2584 CryptSvc - ok

12:02:03.0586 2584 CSC - ok

12:02:03.0586 2584 CscService - ok

12:02:03.0586 2584 DAMDrv - ok

12:02:03.0602 2584 dc3d - ok

12:02:03.0617 2584 DcomLaunch - ok

12:02:03.0633 2584 defragsvc - ok

12:02:03.0633 2584 DfsC - ok

12:02:03.0648 2584 dg_ssudbus - ok

12:02:03.0648 2584 Dhcp - ok

12:02:03.0648 2584 discache - ok

12:02:03.0664 2584 Disk - ok

12:02:03.0664 2584 dmvsc - ok

12:02:03.0664 2584 Dnscache - ok

12:02:03.0664 2584 dot3svc - ok

12:02:03.0695 2584 DpHost - ok

12:02:03.0695 2584 DPS - ok

12:02:03.0711 2584 drmkaud - ok

12:02:03.0711 2584 DXGKrnl - ok

12:02:03.0726 2584 EapHost - ok

12:02:03.0742 2584 ebdrv - ok

12:02:03.0742 2584 EFS - ok

12:02:03.0742 2584 ehRecvr - ok

12:02:03.0742 2584 ehSched - ok

12:02:03.0742 2584 elxstor - ok

12:02:03.0758 2584 ErrDev - ok

12:02:03.0789 2584 EventSystem - ok

12:02:03.0789 2584 exfat - ok

12:02:03.0789 2584 fastfat - ok

12:02:03.0820 2584 Fax - ok

12:02:03.0820 2584 fdc - ok

12:02:03.0836 2584 fdPHost - ok

12:02:03.0836 2584 FDResPub - ok

12:02:03.0836 2584 FileInfo - ok

12:02:03.0836 2584 Filetrace - ok

12:02:03.0851 2584 FirebirdGuardianDefaultInstance - ok

12:02:03.0851 2584 FirebirdServerDefaultInstance - ok

12:02:03.0851 2584 FLCDLOCK - ok

12:02:03.0867 2584 flpydisk - ok

12:02:03.0867 2584 FltMgr - ok

12:02:03.0867 2584 FontCache - ok

12:02:03.0867 2584 FontCache3.0.0.0 - ok

12:02:03.0882 2584 FsDepends - ok

12:02:03.0882 2584 Fs_Rec - ok

12:02:03.0882 2584 fvevol - ok

12:02:03.0882 2584 gagp30kx - ok

12:02:03.0898 2584 GameConsoleService - ok

12:02:03.0898 2584 gpsvc - ok

12:02:03.0898 2584 gupdate - ok

12:02:03.0914 2584 gupdatem - ok

12:02:03.0914 2584 hcw85cir - ok

12:02:03.0914 2584 HdAudAddService - ok

12:02:03.0929 2584 HDAudBus - ok

12:02:03.0929 2584 HidBatt - ok

12:02:03.0929 2584 HidBth - ok

12:02:03.0945 2584 HidIr - ok

12:02:03.0960 2584 hidserv - ok

12:02:03.0976 2584 HidUsb - ok

12:02:03.0976 2584 hkmsvc - ok

12:02:03.0976 2584 HomeGroupListener - ok

12:02:03.0976 2584 HomeGroupProvider - ok

12:02:03.0992 2584 HP Power Assistant Service - ok

12:02:04.0007 2584 HP Support Assistant Service - ok

12:02:04.0023 2584 hpCMSrv - ok

12:02:04.0038 2584 HPDayStarterService - ok

12:02:04.0038 2584 HPDrvMntSvc.exe - ok

12:02:04.0038 2584 hpdskflt - ok

12:02:04.0054 2584 HPFSService - ok

12:02:04.0054 2584 hpHotkeyMonitor - ok

12:02:04.0054 2584 HpqKbFiltr - ok

12:02:04.0054 2584 hpqwmiex - ok

12:02:04.0070 2584 HpSAMD - ok

12:02:04.0070 2584 hpsrv - ok

12:02:04.0070 2584 HSPADataCardusbmdm - ok

12:02:04.0085 2584 HSPADataCardusbnmea - ok

12:02:04.0085 2584 HSPADataCardusbser - ok

12:02:04.0101 2584 HTTP - ok

12:02:04.0101 2584 hwpolicy - ok

12:02:04.0116 2584 i8042prt - ok

12:02:04.0116 2584 iaStor - ok

12:02:04.0116 2584 IAStorDataMgrSvc - ok

12:02:04.0132 2584 iaStorV - ok

12:02:04.0132 2584 idsvc - ok

12:02:04.0148 2584 igfx - ok

12:02:04.0148 2584 iirsp - ok

12:02:04.0163 2584 IKEEXT - ok

12:02:04.0163 2584 intelide - ok

12:02:04.0179 2584 intelkmd - ok

12:02:04.0179 2584 intelppm - ok

12:02:04.0179 2584 IPBusEnum - ok

12:02:04.0194 2584 IpFilterDriver - ok

12:02:04.0210 2584 iphlpsvc - ok

12:02:04.0210 2584 IPMIDRV - ok

12:02:04.0210 2584 IPNAT - ok

12:02:04.0210 2584 IRENUM - ok

12:02:04.0226 2584 isapnp - ok

12:02:04.0226 2584 iScsiPrt - ok

12:02:04.0241 2584 jhi_service - ok

12:02:04.0241 2584 JMCR - ok

12:02:04.0257 2584 kbdclass - ok

12:02:04.0257 2584 kbdhid - ok

12:02:04.0257 2584 KeyIso - ok

12:02:04.0257 2584 KSecDD - ok

12:02:04.0257 2584 KSecPkg - ok

12:02:04.0272 2584 ksthunk - ok

12:02:04.0272 2584 KtmRm - ok

12:02:04.0272 2584 LanmanServer - ok

12:02:04.0272 2584 LanmanWorkstation - ok

12:02:04.0288 2584 lltdio - ok

12:02:04.0288 2584 lltdsvc - ok

12:02:04.0288 2584 lmhosts - ok

12:02:04.0304 2584 LMS - ok

12:02:04.0319 2584 LSI_FC - ok

12:02:04.0319 2584 LSI_SAS - ok

12:02:04.0319 2584 LSI_SAS2 - ok

12:02:04.0335 2584 LSI_SCSI - ok

12:02:04.0335 2584 luafv - ok

12:02:04.0350 2584 massfilter - ok

12:02:04.0350 2584 MBAMProtector - ok

12:02:04.0382 2584 MBAMScheduler - ok

12:02:04.0397 2584 MBAMService - ok

12:02:04.0397 2584 McAfee Endpoint Encryption Agent - ok

12:02:04.0413 2584 Mcx2Svc - ok

12:02:04.0413 2584 MDM - ok

12:02:04.0413 2584 megasas - ok

12:02:04.0413 2584 MegaSR - ok

12:02:04.0428 2584 MEIx64 - ok

12:02:04.0428 2584 MfeEpeOpal - ok

12:02:04.0444 2584 MfeEpePc - ok

12:02:04.0444 2584 Microsoft Office Groove Audit Service - ok

12:02:04.0460 2584 MMCSS - ok

12:02:04.0460 2584 Modem - ok

12:02:04.0475 2584 monitor - ok

12:02:04.0475 2584 mouclass - ok

12:02:04.0491 2584 mouhid - ok

12:02:04.0491 2584 mountmgr - ok

12:02:04.0491 2584 mpio - ok

12:02:04.0506 2584 mpsdrv - ok

12:02:04.0506 2584 MpsSvc - ok

12:02:04.0506 2584 MRxDAV - ok

12:02:04.0506 2584 mrxsmb - ok

12:02:04.0506 2584 mrxsmb10 - ok

12:02:04.0522 2584 mrxsmb20 - ok

12:02:04.0522 2584 msahci - ok

12:02:04.0522 2584 msdsm - ok

12:02:04.0522 2584 MSDTC - ok

12:02:04.0538 2584 Msfs - ok

12:02:04.0553 2584 mshidkmdf - ok

12:02:04.0553 2584 msisadrv - ok

12:02:04.0553 2584 MSiSCSI - ok

12:02:04.0553 2584 msiserver - ok

12:02:04.0569 2584 MSKSSRV - ok

12:02:04.0569 2584 MSPCLOCK - ok

12:02:04.0569 2584 MSPQM - ok

12:02:04.0584 2584 MsRPC - ok

12:02:04.0584 2584 mssmbios - ok

12:02:04.0584 2584 MSTEE - ok

12:02:04.0584 2584 MTConfig - ok

12:02:04.0600 2584 Mup - ok

12:02:04.0600 2584 napagent - ok

12:02:04.0600 2584 NativeWifiP - ok

12:02:04.0616 2584 NAUpdate - ok

12:02:04.0616 2584 NDIS - ok

12:02:04.0631 2584 NdisCap - ok

12:02:04.0647 2584 NdisTapi - ok

12:02:04.0647 2584 Ndisuio - ok

12:02:04.0647 2584 NdisWan - ok

12:02:04.0647 2584 NDProxy - ok

12:02:04.0662 2584 NetBIOS - ok

12:02:04.0662 2584 NetBT - ok

12:02:04.0662 2584 Netlogon - ok

12:02:04.0662 2584 Netman - ok

12:02:04.0678 2584 NetMsmqActivator - ok

12:02:04.0678 2584 NetPipeActivator - ok

12:02:04.0678 2584 netprofm - ok

12:02:04.0694 2584 NetTcpActivator - ok

12:02:04.0694 2584 NetTcpPortSharing - ok

12:02:04.0694 2584 nfrd960 - ok

12:02:04.0694 2584 NlaSvc - ok

12:02:04.0709 2584 Npfs - ok

12:02:04.0709 2584 nsi - ok

12:02:04.0709 2584 nsiproxy - ok

12:02:04.0709 2584 Ntfs - ok

12:02:04.0725 2584 Null - ok

12:02:04.0740 2584 nusb3hub - ok

12:02:04.0740 2584 nusb3xhc - ok

12:02:04.0740 2584 nvraid - ok

12:02:04.0756 2584 nvstor - ok

12:02:04.0756 2584 nv_agp - ok

12:02:04.0756 2584 odserv - ok

12:02:04.0756 2584 ohci1394 - ok

12:02:04.0772 2584 ose - ok

12:02:04.0772 2584 p2pimsvc - ok

12:02:04.0772 2584 p2psvc - ok

12:02:04.0772 2584 Parport - ok

12:02:04.0787 2584 partmgr - ok

12:02:04.0787 2584 PcaSvc - ok

12:02:04.0787 2584 pci - ok

12:02:04.0787 2584 pciide - ok

12:02:04.0803 2584 pcmcia - ok

12:02:04.0803 2584 pcw - ok

12:02:04.0803 2584 PdiService - ok

12:02:04.0803 2584 PEAUTH - ok

12:02:04.0803 2584 PeerDistSvc - ok

12:02:04.0818 2584 PerfHost - ok

12:02:04.0818 2584 pla - ok

12:02:04.0834 2584 PlugPlay - ok

12:02:04.0834 2584 PNRPAutoReg - ok

12:02:04.0834 2584 PNRPsvc - ok

12:02:04.0850 2584 Point64 - ok

12:02:04.0850 2584 PolicyAgent - ok

12:02:04.0850 2584 Power - ok

12:02:04.0865 2584 PptpMiniport - ok

12:02:04.0865 2584 Processor - ok

12:02:04.0865 2584 ProfSvc - ok

12:02:04.0881 2584 ProtectedStorage - ok

12:02:04.0881 2584 Psched - ok

12:02:04.0881 2584 ql2300 - ok

12:02:04.0896 2584 ql40xx - ok

12:02:04.0896 2584 QWAVE - ok

12:02:04.0896 2584 QWAVEdrv - ok

12:02:04.0896 2584 RasAcd - ok

12:02:04.0912 2584 RasAgileVpn - ok

12:02:04.0912 2584 RasAuto - ok

12:02:04.0912 2584 Rasl2tp - ok

12:02:04.0912 2584 RasMan - ok

12:02:04.0912 2584 RasPppoe - ok

12:02:04.0928 2584 RasSstp - ok

12:02:04.0928 2584 rdbss - ok

12:02:04.0928 2584 rdpbus - ok

12:02:04.0928 2584 RDPCDD - ok

12:02:04.0943 2584 RDPDR - ok

12:02:04.0943 2584 RDPENCDD - ok

12:02:04.0943 2584 RDPREFMP - ok

12:02:04.0943 2584 RDPWD - ok

12:02:04.0959 2584 rdyboost - ok

12:02:04.0959 2584 RemoteAccess - ok

12:02:04.0959 2584 RemoteRegistry - ok

12:02:04.0974 2584 RFCOMM - ok

12:02:04.0990 2584 RimUsb - ok

12:02:04.0990 2584 RpcEptMapper - ok

12:02:04.0990 2584 RpcLocator - ok

12:02:05.0006 2584 RpcSs - ok

12:02:05.0006 2584 rspndr - ok

12:02:05.0006 2584 RTL8167 - ok

12:02:05.0021 2584 s3cap - ok

12:02:05.0021 2584 SamSs - ok

12:02:05.0021 2584 sbp2port - ok

12:02:05.0021 2584 SCardSvr - ok

12:02:05.0021 2584 scfilter - ok

12:02:05.0037 2584 Schedule - ok

12:02:05.0037 2584 SCPolicySvc - ok

12:02:05.0037 2584 sdbus - ok

12:02:05.0052 2584 SDRSVC - ok

12:02:05.0052 2584 secdrv - ok

12:02:05.0052 2584 seclogon - ok

12:02:05.0052 2584 SENS - ok

12:02:05.0068 2584 SensrSvc - ok

12:02:05.0084 2584 Serenum - ok

12:02:05.0084 2584 Serial - ok

12:02:05.0099 2584 sermouse - ok

12:02:05.0115 2584 SessionEnv - ok

12:02:05.0115 2584 sffdisk - ok

12:02:05.0115 2584 sffp_mmc - ok

12:02:05.0130 2584 sffp_sd - ok

12:02:05.0130 2584 sfloppy - ok

12:02:05.0130 2584 SharedAccess - ok

12:02:05.0130 2584 ShellHWDetection - ok

12:02:05.0146 2584 SiSRaid2 - ok

12:02:05.0146 2584 SiSRaid4 - ok

12:02:05.0146 2584 Skype C2C Service - ok

12:02:05.0146 2584 SkypeUpdate - ok

12:02:05.0162 2584 Smb - ok

12:02:05.0177 2584 SNMPTRAP - ok

12:02:05.0193 2584 SNP2UVC - ok

12:02:05.0193 2584 spldr - ok

12:02:05.0193 2584 Spooler - ok

12:02:05.0193 2584 sppsvc - ok

12:02:05.0208 2584 sppuinotify - ok

12:02:05.0208 2584 srv - ok

12:02:05.0208 2584 srv2 - ok

12:02:05.0208 2584 srvnet - ok

12:02:05.0208 2584 SSDPSRV - ok

12:02:05.0224 2584 SstpSvc - ok

12:02:05.0240 2584 ssudmdm - ok

12:02:05.0240 2584 STacSV - ok

12:02:05.0240 2584 stexstor - ok

12:02:05.0255 2584 STHDA - ok

12:02:05.0271 2584 stisvc - ok

12:02:05.0286 2584 storflt - ok

12:02:05.0286 2584 StorSvc - ok

12:02:05.0286 2584 storvsc - ok

12:02:05.0286 2584 swenum - ok

12:02:05.0318 2584 SwitchBoard - ok

12:02:05.0318 2584 swprv - ok

12:02:05.0349 2584 SynTP - ok

12:02:05.0349 2584 SysMain - ok

12:02:05.0349 2584 TabletInputService - ok

12:02:05.0364 2584 TapiSrv - ok

12:02:05.0364 2584 TBS - ok

12:02:05.0364 2584 Tcpip - ok

12:02:05.0364 2584 TCPIP6 - ok

12:02:05.0380 2584 tcpipreg - ok

12:02:05.0380 2584 TDPIPE - ok

12:02:05.0380 2584 TDTCP - ok

12:02:05.0396 2584 tdx - ok

12:02:05.0396 2584 TermDD - ok

12:02:05.0396 2584 TermService - ok

12:02:05.0396 2584 Themes - ok

12:02:05.0411 2584 THREADORDER - ok

12:02:05.0411 2584 TrkWks - ok

12:02:05.0411 2584 TrustedInstaller - ok

12:02:05.0411 2584 tssecsrv - ok

12:02:05.0427 2584 TsUsbFlt - ok

12:02:05.0427 2584 TsUsbGD - ok

12:02:05.0442 2584 tunnel - ok

12:02:05.0442 2584 uagp35 - ok

12:02:05.0442 2584 uArcCapture - ok

12:02:05.0442 2584 udfs - ok

12:02:05.0458 2584 UI0Detect - ok

12:02:05.0458 2584 uliagpkx - ok

12:02:05.0474 2584 umbus - ok

12:02:05.0489 2584 UmPass - ok

12:02:05.0489 2584 UmRdpService - ok

12:02:05.0505 2584 UNS - ok

12:02:05.0505 2584 upnphost - ok

12:02:05.0505 2584 usbccgp - ok

12:02:05.0520 2584 usbcir - ok

12:02:05.0520 2584 usbehci - ok

12:02:05.0520 2584 usbhub - ok

12:02:05.0536 2584 usbohci - ok

12:02:05.0536 2584 usbprint - ok

12:02:05.0536 2584 USBSTOR - ok

12:02:05.0536 2584 usbuhci - ok

12:02:05.0552 2584 usbvideo - ok

12:02:05.0552 2584 UxSms - ok

12:02:05.0567 2584 VaultSvc - ok

12:02:05.0567 2584 vcsFPService - ok

12:02:05.0567 2584 vdrvroot - ok

12:02:05.0567 2584 vds - ok

12:02:05.0583 2584 vga - ok

12:02:05.0583 2584 VgaSave - ok

12:02:05.0583 2584 vhdmp - ok

12:02:05.0583 2584 viaide - ok

12:02:05.0614 2584 Virtual Router - ok

12:02:05.0614 2584 vmbus - ok

12:02:05.0614 2584 VMBusHID - ok

12:02:05.0630 2584 VMCService - ok

12:02:05.0630 2584 volmgr - ok

12:02:05.0630 2584 volmgrx - ok

12:02:05.0630 2584 volsnap - ok

12:02:05.0630 2584 vpcbus - ok

12:02:05.0630 2584 vpcnfltr - ok

12:02:05.0630 2584 vpcusb - ok

12:02:05.0630 2584 vpcvmm - ok

12:02:05.0630 2584 vsmraid - ok

12:02:05.0645 2584 VSS - ok

12:02:05.0645 2584 vToolbarUpdater12.2.6 - ok

12:02:05.0661 2584 vwifibus - ok

12:02:05.0661 2584 vwififlt - ok

12:02:05.0692 2584 vwifimp - ok

12:02:05.0692 2584 W32Time - ok

12:02:05.0692 2584 WacomPen - ok

12:02:05.0723 2584 WANARP - ok

12:02:05.0723 2584 Wanarpv6 - ok

12:02:05.0739 2584 WatAdminSvc - ok

12:02:05.0739 2584 wbengine - ok

12:02:05.0739 2584 WbioSrvc - ok

12:02:05.0754 2584 wcncsvc - ok

12:02:05.0754 2584 WcsPlugInService - ok

12:02:05.0754 2584 Wd - ok

12:02:05.0754 2584 Wdf01000 - ok

12:02:05.0770 2584 WdiServiceHost - ok

12:02:05.0770 2584 WdiSystemHost - ok

12:02:05.0770 2584 WebClient - ok

12:02:05.0770 2584 Wecsvc - ok

12:02:05.0786 2584 wercplsupport - ok

12:02:05.0786 2584 WerSvc - ok

12:02:05.0786 2584 WfpLwf - ok

12:02:05.0786 2584 WIMMount - ok

12:02:05.0801 2584 WinDefend - ok

12:02:05.0801 2584 WinHttpAutoProxySvc - ok

12:02:05.0801 2584 Winmgmt - ok

12:02:05.0801 2584 WinRM - ok

12:02:05.0832 2584 WinUSB - ok

12:02:05.0832 2584 Wlansvc - ok

12:02:05.0848 2584 wlidsvc - ok

12:02:05.0848 2584 WmiAcpi - ok

12:02:05.0848 2584 wmiApSrv - ok

12:02:05.0848 2584 WMPNetworkSvc - ok

12:02:05.0864 2584 WPCSvc - ok

12:02:05.0864 2584 WPDBusEnum - ok

12:02:05.0864 2584 ws2ifsl - ok

12:02:05.0879 2584 wscsvc - ok

12:02:05.0879 2584 WSearch - ok

12:02:05.0879 2584 wuauserv - ok

12:02:05.0879 2584 WudfPf - ok

12:02:05.0895 2584 WUDFRd - ok

12:02:05.0895 2584 wudfsvc - ok

12:02:05.0895 2584 WwanSvc - ok

12:02:05.0910 2584 XobniService - ok

12:02:05.0942 2584 ZTEusbmdm6k - ok

12:02:05.0957 2584 ZTEusbnet - ok

12:02:05.0957 2584 ZTEusbnmea - ok

12:02:05.0988 2584 ZTEusbser6k - ok

12:02:05.0988 2584 ZTEusbvoice - ok

12:02:06.0051 2584 ================ Scan global ===============================

12:02:06.0051 2584 [Global] - ok

12:02:06.0051 2584 ================ Scan MBR ==================================

12:02:06.0066 2584 [ 065BB1DDAC55703154E090CB36D3FA2C ] \Device\Harddisk0\DR0

12:02:06.0472 2584 \Device\Harddisk0\DR0 - ok

12:02:06.0472 2584 ================ Scan VBR ==================================

12:02:06.0472 2584 [ D1183B4F0B57A31B3535A29CDE46F411 ] \Device\Harddisk0\DR0\Partition1

12:02:06.0472 2584 \Device\Harddisk0\DR0\Partition1 - ok

12:02:06.0503 2584 [ 3F67ADB0ACFE36648CC41EB866F3E03B ] \Device\Harddisk0\DR0\Partition2

12:02:06.0503 2584 \Device\Harddisk0\DR0\Partition2 - ok

12:02:06.0519 2584 [ BB661B8E5D47A2A5D944F99FB6F7F6BE ] \Device\Harddisk0\DR0\Partition3

12:02:06.0534 2584 \Device\Harddisk0\DR0\Partition3 - ok

12:02:06.0597 2584 [ 1652DB0455E53A3467E333EE62380BAB ] \Device\Harddisk0\DR0\Partition4

12:02:06.0612 2584 \Device\Harddisk0\DR0\Partition4 - ok

12:02:06.0612 2584 ============================================================

12:02:06.0612 2584 Scan finished

12:02:06.0612 2584 ============================================================

12:02:06.0628 9000 Detected object count: 0

12:02:06.0628 9000 Actual detected object count: 0

12:02:29.0673 8952 ============================================================

12:02:29.0673 8952 Scan started

12:02:29.0673 8952 Mode: Manual;

12:02:29.0673 8952 ============================================================

12:02:29.0751 8952 ================ Scan system memory ========================

12:02:29.0751 8952 System memory - ok

12:02:29.0766 8952 ================ Scan services =============================

12:02:29.0797 8952 1394ohci - ok

12:02:29.0797 8952 Accelerometer - ok

12:02:29.0813 8952 ACDaemon - ok

12:02:29.0813 8952 ACPI - ok

12:02:29.0813 8952 AcpiPmi - ok

12:02:29.0829 8952 AdobeARMservice - ok

12:02:29.0829 8952 AdobeFlashPlayerUpdateSvc - ok

12:02:29.0829 8952 adp94xx - ok

12:02:29.0829 8952 adpahci - ok

12:02:29.0844 8952 adpu320 - ok

12:02:29.0844 8952 AeLookupSvc - ok

12:02:29.0844 8952 AESTFilters - ok

12:02:29.0844 8952 Afc - ok

12:02:29.0860 8952 AFD - ok

12:02:29.0860 8952 agp440 - ok

12:02:29.0860 8952 ALG - ok

12:02:29.0860 8952 aliide - ok

12:02:29.0875 8952 AMD External Events Utility - ok

12:02:29.0875 8952 amdide - ok

12:02:29.0875 8952 AmdK8 - ok

12:02:29.0875 8952 amdkmdag - ok

12:02:29.0875 8952 amdkmdap - ok

12:02:29.0891 8952 AmdPPM - ok

12:02:29.0891 8952 amdsata - ok

12:02:29.0891 8952 amdsbs - ok

12:02:29.0891 8952 amdxata - ok

12:02:29.0891 8952 AppID - ok

12:02:29.0907 8952 AppIDSvc - ok

12:02:29.0907 8952 Appinfo - ok

12:02:29.0907 8952 Application Updater - ok

12:02:29.0907 8952 AppMgmt - ok

12:02:29.0922 8952 arc - ok

12:02:29.0922 8952 arcsas - ok

12:02:29.0922 8952 ARCVCAM - ok

12:02:29.0922 8952 aspnet_state - ok

12:02:29.0938 8952 AsyncMac - ok

12:02:29.0938 8952 atapi - ok

12:02:29.0938 8952 AthBTPort - ok

12:02:29.0938 8952 Atheros Bt&Wlan Coex Agent - ok

12:02:29.0953 8952 AtherosSvc - ok

12:02:29.0953 8952 athr - ok

12:02:29.0953 8952 AudioEndpointBuilder - ok

12:02:29.0953 8952 AudioSrv - ok

12:02:29.0969 8952 AVGIDSAgent - ok

12:02:29.0969 8952 AVGIDSDriver - ok

12:02:29.0969 8952 AVGIDSHA - ok

12:02:29.0969 8952 Avgldx64 - ok

12:02:29.0985 8952 Avgloga - ok

12:02:29.0985 8952 Avgmfx64 - ok

12:02:29.0985 8952 Avgrkx64 - ok

12:02:29.0985 8952 Avgtdia - ok

12:02:30.0000 8952 avgtp - ok

12:02:30.0000 8952 avgwd - ok

12:02:30.0000 8952 AxInstSV - ok

12:02:30.0000 8952 b06bdrv - ok

12:02:30.0000 8952 b57nd60a - ok

12:02:30.0016 8952 BDESVC - ok

12:02:30.0016 8952 Beep - ok

12:02:30.0016 8952 BFE - ok

12:02:30.0031 8952 BITS - ok

12:02:30.0031 8952 blbdrive - ok

12:02:30.0031 8952 bowser - ok

12:02:30.0031 8952 BrFiltLo - ok

12:02:30.0031 8952 BrFiltUp - ok

12:02:30.0047 8952 Browser - ok

12:02:30.0047 8952 Brserid - ok

12:02:30.0047 8952 BrSerWdm - ok

12:02:30.0047 8952 BrUsbMdm - ok

12:02:30.0047 8952 BrUsbSer - ok

12:02:30.0063 8952 BTATH_A2DP - ok

12:02:30.0063 8952 BTATH_BUS - ok

12:02:30.0063 8952 BTATH_HCRP - ok

12:02:30.0063 8952 BTATH_LWFLT - ok

12:02:30.0078 8952 BTATH_RCP - ok

12:02:30.0078 8952 BtFilter - ok

12:02:30.0078 8952 BthEnum - ok

12:02:30.0078 8952 BTHMODEM - ok

12:02:30.0078 8952 BthPan - ok

12:02:30.0094 8952 BTHPORT - ok

12:02:30.0094 8952 bthserv - ok

12:02:30.0094 8952 BTHUSB - ok

12:02:30.0094 8952 cdfs - ok

12:02:30.0094 8952 cdrom - ok

12:02:30.0109 8952 CertPropSvc - ok

12:02:30.0109 8952 circlass - ok

12:02:30.0109 8952 CLFS - ok

12:02:30.0109 8952 clr_optimization_v2.0.50727_32 - ok

12:02:30.0125 8952 clr_optimization_v2.0.50727_64 - ok

12:02:30.0125 8952 clr_optimization_v4.0.30319_32 - ok

12:02:30.0125 8952 clr_optimization_v4.0.30319_64 - ok

12:02:30.0125 8952 CmBatt - ok

12:02:30.0141 8952 cmdide - ok

12:02:30.0141 8952 CNG - ok

12:02:30.0141 8952 Compbatt - ok

12:02:30.0141 8952 CompositeBus - ok

12:02:30.0141 8952 COMSysApp - ok

12:02:30.0156 8952 crcdisk - ok

12:02:30.0156 8952 CryptSvc - ok

12:02:30.0156 8952 CSC - ok

12:02:30.0156 8952 CscService - ok

12:02:30.0172 8952 DAMDrv - ok

12:02:30.0172 8952 dc3d - ok

12:02:30.0172 8952 DcomLaunch - ok

12:02:30.0172 8952 defragsvc - ok

12:02:30.0187 8952 DfsC - ok

12:02:30.0187 8952 dg_ssudbus - ok

12:02:30.0187 8952 Dhcp - ok

12:02:30.0187 8952 discache - ok

12:02:30.0187 8952 Disk - ok

12:02:30.0203 8952 dmvsc - ok

12:02:30.0203 8952 Dnscache - ok

12:02:30.0203 8952 dot3svc - ok

12:02:30.0203 8952 DpHost - ok

12:02:30.0219 8952 DPS - ok

12:02:30.0219 8952 drmkaud - ok

12:02:30.0219 8952 DXGKrnl - ok

12:02:30.0219 8952 EapHost - ok

12:02:30.0219 8952 ebdrv - ok

12:02:30.0234 8952 EFS - ok

12:02:30.0234 8952 ehRecvr - ok

12:02:30.0234 8952 ehSched - ok

12:02:30.0234 8952 elxstor - ok

12:02:30.0234 8952 ErrDev - ok

12:02:30.0250 8952 EventSystem - ok

12:02:30.0250 8952 exfat - ok

12:02:30.0250 8952 fastfat - ok

12:02:30.0265 8952 Fax - ok

12:02:30.0265 8952 fdc - ok

12:02:30.0265 8952 fdPHost - ok

12:02:30.0265 8952 FDResPub - ok

12:02:30.0265 8952 FileInfo - ok

12:02:30.0281 8952 Filetrace - ok

12:02:30.0281 8952 FirebirdGuardianDefaultInstance - ok

12:02:30.0281 8952 FirebirdServerDefaultInstance - ok

12:02:30.0281 8952 FLCDLOCK - ok

12:02:30.0281 8952 flpydisk - ok

12:02:30.0297 8952 FltMgr - ok

12:02:30.0297 8952 FontCache - ok

12:02:30.0297 8952 FontCache3.0.0.0 - ok

12:02:30.0297 8952 FsDepends - ok

12:02:30.0312 8952 Fs_Rec - ok

12:02:30.0312 8952 fvevol - ok

12:02:30.0312 8952 gagp30kx - ok

12:02:30.0312 8952 GameConsoleService - ok

12:02:30.0312 8952 gpsvc - ok

12:02:30.0328 8952 gupdate - ok

12:02:30.0328 8952 gupdatem - ok

12:02:30.0328 8952 hcw85cir - ok

12:02:30.0328 8952 HdAudAddService - ok

12:02:30.0328 8952 HDAudBus - ok

12:02:30.0343 8952 HidBatt - ok

12:02:30.0343 8952 HidBth - ok

12:02:30.0343 8952 HidIr - ok

12:02:30.0343 8952 hidserv - ok

12:02:30.0359 8952 HidUsb - ok

12:02:30.0359 8952 hkmsvc - ok

12:02:30.0359 8952 HomeGroupListener - ok

12:02:30.0359 8952 HomeGroupProvider - ok

12:02:30.0359 8952 HP Power Assistant Service - ok

12:02:30.0375 8952 HP Support Assistant Service - ok

12:02:30.0375 8952 hpCMSrv - ok

12:02:30.0375 8952 HPDayStarterService - ok

12:02:30.0375 8952 HPDrvMntSvc.exe - ok

12:02:30.0390 8952 hpdskflt - ok

12:02:30.0390 8952 HPFSService - ok

12:02:30.0390 8952 hpHotkeyMonitor - ok

12:02:30.0390 8952 HpqKbFiltr - ok

12:02:30.0390 8952 hpqwmiex - ok

12:02:30.0406 8952 HpSAMD - ok

12:02:30.0406 8952 hpsrv - ok

12:02:30.0406 8952 HSPADataCardusbmdm - ok

12:02:30.0406 8952 HSPADataCardusbnmea - ok

12:02:30.0421 8952 HSPADataCardusbser - ok

12:02:30.0421 8952 HTTP - ok

12:02:30.0421 8952 hwpolicy - ok

12:02:30.0421 8952 i8042prt - ok

12:02:30.0421 8952 iaStor - ok

12:02:30.0437 8952 IAStorDataMgrSvc - ok

12:02:30.0437 8952 iaStorV - ok

12:02:30.0437 8952 idsvc - ok

12:02:30.0437 8952 igfx - ok

12:02:30.0453 8952 iirsp - ok

12:02:30.0453 8952 IKEEXT - ok

12:02:30.0453 8952 intelide - ok

12:02:30.0453 8952 intelkmd - ok

12:02:30.0453 8952 intelppm - ok

12:02:30.0468 8952 IPBusEnum - ok

12:02:30.0468 8952 IpFilterDriver - ok

12:02:30.0468 8952 iphlpsvc - ok

12:02:30.0468 8952 IPMIDRV - ok

12:02:30.0484 8952 IPNAT - ok

12:02:30.0484 8952 IRENUM - ok

12:02:30.0484 8952 isapnp - ok

12:02:30.0484 8952 iScsiPrt - ok

12:02:30.0484 8952 jhi_service - ok

12:02:30.0499 8952 JMCR - ok

12:02:30.0499 8952 kbdclass - ok

12:02:30.0499 8952 kbdhid - ok

12:02:30.0499 8952 KeyIso - ok

12:02:30.0515 8952 KSecDD - ok

12:02:30.0515 8952 KSecPkg - ok

12:02:30.0515 8952 ksthunk - ok

12:02:30.0515 8952 KtmRm - ok

12:02:30.0515 8952 LanmanServer - ok

12:02:30.0531 8952 LanmanWorkstation - ok

12:02:30.0531 8952 lltdio - ok

12:02:30.0531 8952 lltdsvc - ok

12:02:30.0531 8952 lmhosts - ok

12:02:30.0546 8952 LMS - ok

12:02:30.0546 8952 LSI_FC - ok

12:02:30.0546 8952 LSI_SAS - ok

12:02:30.0546 8952 LSI_SAS2 - ok

12:02:30.0562 8952 LSI_SCSI - ok

12:02:30.0562 8952 luafv - ok

12:02:30.0562 8952 massfilter - ok

12:02:30.0562 8952 MBAMProtector - ok

12:02:30.0562 8952 MBAMScheduler - ok

12:02:30.0577 8952 MBAMService - ok

12:02:30.0577 8952 McAfee Endpoint Encryption Agent - ok

12:02:30.0577 8952 Mcx2Svc - ok

12:02:30.0577 8952 MDM - ok

12:02:30.0593 8952 megasas - ok

12:02:30.0593 8952 MegaSR - ok

12:02:30.0593 8952 MEIx64 - ok

12:02:30.0593 8952 MfeEpeOpal - ok

12:02:30.0593 8952 MfeEpePc - ok

12:02:30.0609 8952 Microsoft Office Groove Audit Service - ok

12:02:30.0609 8952 MMCSS - ok

12:02:30.0609 8952 Modem - ok

12:02:30.0609 8952 monitor - ok

12:02:30.0624 8952 mouclass - ok

12:02:30.0624 8952 mouhid - ok

12:02:30.0624 8952 mountmgr - ok

12:02:30.0624 8952 mpio - ok

12:02:30.0640 8952 mpsdrv - ok

12:02:30.0640 8952 MpsSvc - ok

12:02:30.0640 8952 MRxDAV - ok

12:02:30.0640 8952 mrxsmb - ok

12:02:30.0640 8952 mrxsmb10 - ok

12:02:30.0655 8952 mrxsmb20 - ok

12:02:30.0655 8952 msahci - ok

12:02:30.0655 8952 msdsm - ok

12:02:30.0655 8952 MSDTC - ok

12:02:30.0671 8952 Msfs - ok

12:02:30.0671 8952 mshidkmdf - ok

12:02:30.0671 8952 msisadrv - ok

12:02:30.0671 8952 MSiSCSI - ok

12:02:30.0687 8952 msiserver - ok

12:02:30.0687 8952 MSKSSRV - ok

12:02:30.0687 8952 MSPCLOCK - ok

12:02:30.0687 8952 MSPQM - ok

12:02:30.0687 8952 MsRPC - ok

12:02:30.0702 8952 mssmbios - ok

12:02:30.0702 8952 MSTEE - ok

12:02:30.0702 8952 MTConfig - ok

12:02:30.0702 8952 Mup - ok

12:02:30.0718 8952 napagent - ok

12:02:30.0718 8952 NativeWifiP - ok

12:02:30.0718 8952 NAUpdate - ok

12:02:30.0718 8952 NDIS - ok

12:02:30.0733 8952 NdisCap - ok

12:02:30.0733 8952 NdisTapi - ok

12:02:30.0733 8952 Ndisuio - ok

12:02:30.0733 8952 NdisWan - ok

12:02:30.0733 8952 NDProxy - ok

12:02:30.0749 8952 NetBIOS - ok

12:02:30.0749 8952 NetBT - ok

12:02:30.0749 8952 Netlogon - ok

12:02:30.0749 8952 Netman - ok

12:02:30.0749 8952 NetMsmqActivator - ok

12:02:30.0765 8952 NetPipeActivator - ok

12:02:30.0765 8952 netprofm - ok

12:02:30.0765 8952 NetTcpActivator - ok

12:02:30.0765 8952 NetTcpPortSharing - ok

12:02:30.0780 8952 nfrd960 - ok

12:02:30.0780 8952 NlaSvc - ok

12:02:30.0780 8952 Npfs - ok

12:02:30.0780 8952 nsi - ok

12:02:30.0780 8952 nsiproxy - ok

12:02:30.0796 8952 Ntfs - ok

12:02:30.0796 8952 Null - ok

12:02:30.0796 8952 nusb3hub - ok

12:02:30.0796 8952 nusb3xhc - ok

12:02:30.0811 8952 nvraid - ok

12:02:30.0811 8952 nvstor - ok

12:02:30.0811 8952 nv_agp - ok

12:02:30.0811 8952 odserv - ok

12:02:30.0811 8952 ohci1394 - ok

12:02:30.0827 8952 ose - ok

12:02:30.0827 8952 p2pimsvc - ok

12:02:30.0827 8952 p2psvc - ok

12:02:30.0827 8952 Parport - ok

12:02:30.0843 8952 partmgr - ok

12:02:30.0843 8952 PcaSvc - ok

12:02:30.0843 8952 pci - ok

12:02:30.0843 8952 pciide - ok

12:02:30.0858 8952 pcmcia - ok

12:02:30.0858 8952 pcw - ok

12:02:30.0858 8952 PdiService - ok

12:02:30.0858 8952 PEAUTH - ok

12:02:30.0858 8952 PeerDistSvc - ok

12:02:30.0874 8952 PerfHost - ok

12:02:30.0874 8952 pla - ok

12:02:30.0874 8952 PlugPlay - ok

12:02:30.0889 8952 PNRPAutoReg - ok

12:02:30.0889 8952 PNRPsvc - ok

12:02:30.0889 8952 Point64 - ok

12:02:30.0889 8952 PolicyAgent - ok

12:02:30.0905 8952 Power - ok

12:02:30.0905 8952 PptpMiniport - ok

12:02:30.0905 8952 Processor - ok

12:02:30.0905 8952 ProfSvc - ok

12:02:30.0921 8952 ProtectedStorage - ok

12:02:30.0921 8952 Psched - ok

12:02:30.0921 8952 ql2300 - ok

12:02:30.0921 8952 ql40xx - ok

12:02:30.0921 8952 QWAVE - ok

12:02:30.0936 8952 QWAVEdrv - ok

12:02:30.0936 8952 RasAcd - ok

12:02:30.0936 8952 RasAgileVpn - ok

12:02:30.0936 8952 RasAuto - ok

12:02:30.0936 8952 Rasl2tp - ok

12:02:30.0952 8952 RasMan - ok

12:02:30.0952 8952 RasPppoe - ok

12:02:30.0952 8952 RasSstp - ok

12:02:30.0952 8952 rdbss - ok

12:02:30.0952 8952 rdpbus - ok

12:02:30.0967 8952 RDPCDD - ok

12:02:30.0967 8952 RDPDR - ok

12:02:30.0967 8952 RDPENCDD - ok

12:02:30.0983 8952 RDPREFMP - ok

12:02:30.0983 8952 RDPWD - ok

12:02:30.0983 8952 rdyboost - ok

12:02:30.0983 8952 RemoteAccess - ok

12:02:30.0983 8952 RemoteRegistry - ok

12:02:30.0999 8952 RFCOMM - ok

12:02:30.0999 8952 RimUsb - ok

12:02:30.0999 8952 RpcEptMapper - ok

12:02:30.0999 8952 RpcLocator - ok

12:02:30.0999 8952 RpcSs - ok

12:02:31.0014 8952 rspndr - ok

12:02:31.0014 8952 RTL8167 - ok

12:02:31.0014 8952 s3cap - ok

12:02:31.0014 8952 SamSs - ok

12:02:31.0030 8952 sbp2port - ok

12:02:31.0030 8952 SCardSvr - ok

12:02:31.0030 8952 scfilter - ok

12:02:31.0030 8952 Schedule - ok

12:02:31.0030 8952 SCPolicySvc - ok

12:02:31.0045 8952 sdbus - ok

12:02:31.0045 8952 SDRSVC - ok

12:02:31.0045 8952 secdrv - ok

12:02:31.0045 8952 seclogon - ok

12:02:31.0061 8952 SENS - ok

12:02:31.0061 8952 SensrSvc - ok

12:02:31.0061 8952 Serenum - ok

12:02:31.0061 8952 Serial - ok

12:02:31.0077 8952 sermouse - ok

12:02:31.0077 8952 SessionEnv - ok

12:02:31.0077 8952 sffdisk - ok

12:02:31.0092 8952 sffp_mmc - ok

12:02:31.0092 8952 sffp_sd - ok

12:02:31.0092 8952 sfloppy - ok

12:02:31.0092 8952 SharedAccess - ok

12:02:31.0092 8952 ShellHWDetection - ok

12:02:31.0108 8952 SiSRaid2 - ok

12:02:31.0108 8952 SiSRaid4 - ok

12:02:31.0108 8952 Skype C2C Service - ok

12:02:31.0108 8952 SkypeUpdate - ok

12:02:31.0123 8952 Smb - ok

12:02:31.0123 8952 SNMPTRAP - ok

12:02:31.0123 8952 SNP2UVC - ok

12:02:31.0123 8952 spldr - ok

12:02:31.0139 8952 Spooler - ok

12:02:31.0139 8952 sppsvc - ok

12:02:31.0139 8952 sppuinotify - ok

12:02:31.0139 8952 srv - ok

12:02:31.0155 8952 srv2 - ok

12:02:31.0155 8952 srvnet - ok

12:02:31.0155 8952 SSDPSRV - ok

12:02:31.0155 8952 SstpSvc - ok

12:02:31.0155 8952 ssudmdm - ok

12:02:31.0170 8952 STacSV - ok

12:02:31.0170 8952 stexstor - ok

12:02:31.0170 8952 STHDA - ok

12:02:31.0170 8952 stisvc - ok

12:02:31.0170 8952 storflt - ok

12:02:31.0186 8952 StorSvc - ok

12:02:31.0186 8952 storvsc - ok

12:02:31.0186 8952 swenum - ok

12:02:31.0186 8952 SwitchBoard - ok

12:02:31.0201 8952 swprv - ok

12:02:31.0201 8952 SynTP - ok

12:02:31.0201 8952 SysMain - ok

12:02:31.0201 8952 TabletInputService - ok

12:02:31.0201 8952 TapiSrv - ok

12:02:31.0217 8952 TBS - ok

12:02:31.0217 8952 Tcpip - ok

12:02:31.0217 8952 TCPIP6 - ok

12:02:31.0233 8952 tcpipreg - ok

12:02:31.0233 8952 TDPIPE - ok

12:02:31.0233 8952 TDTCP - ok

12:02:31.0233 8952 tdx - ok

12:02:31.0248 8952 TermDD - ok

12:02:31.0248 8952 TermService - ok

12:02:31.0248 8952 Themes - ok

12:02:31.0248 8952 THREADORDER - ok

12:02:31.0248 8952 TrkWks - ok

12:02:31.0264 8952 TrustedInstaller - ok

12:02:31.0264 8952 tssecsrv - ok

12:02:31.0264 8952 TsUsbFlt - ok

12:02:31.0264 8952 TsUsbGD - ok

12:02:31.0279 8952 tunnel - ok

12:02:31.0279 8952 uagp35 - ok

12:02:31.0279 8952 uArcCapture - ok

12:02:31.0279 8952 udfs - ok

12:02:31.0295 8952 UI0Detect - ok

12:02:31.0295 8952 uliagpkx - ok

12:02:31.0295 8952 umbus - ok

12:02:31.0295 8952 UmPass - ok

12:02:31.0311 8952 UmRdpService - ok

12:02:31.0311 8952 UNS - ok

12:02:31.0311 8952 upnphost - ok

12:02:31.0311 8952 usbccgp - ok

12:02:31.0311 8952 usbcir - ok

12:02:31.0326 8952 usbehci - ok

12:02:31.0326 8952 usbhub - ok

12:02:31.0326 8952 usbohci - ok

12:02:31.0326 8952 usbprint - ok

12:02:31.0342 8952 USBSTOR - ok

12:02:31.0342 8952 usbuhci - ok

12:02:31.0342 8952 usbvideo - ok

12:02:31.0342 8952 UxSms - ok

12:02:31.0342 8952 VaultSvc - ok

12:02:31.0357 8952 vcsFPService - ok

12:02:31.0357 8952 vdrvroot - ok

12:02:31.0357 8952 vds - ok

12:02:31.0357 8952 vga - ok

12:02:31.0373 8952 VgaSave - ok

12:02:31.0373 8952 vhdmp - ok

12:02:31.0373 8952 viaide - ok

12:02:31.0373 8952 Virtual Router - ok

12:02:31.0373 8952 vmbus - ok

12:02:31.0389 8952 VMBusHID - ok

12:02:31.0389 8952 VMCService - ok

12:02:31.0389 8952 volmgr - ok

12:02:31.0389 8952 volmgrx - ok

12:02:31.0404 8952 volsnap - ok

12:02:31.0404 8952 vpcbus - ok

12:02:31.0404 8952 vpcnfltr - ok

12:02:31.0404 8952 vpcusb - ok

12:02:31.0404 8952 vpcvmm - ok

12:02:31.0420 8952 vsmraid - ok

12:02:31.0420 8952 VSS - ok

12:02:31.0420 8952 vToolbarUpdater12.2.6 - ok

12:02:31.0420 8952 vwifibus - ok

12:02:31.0435 8952 vwififlt - ok

12:02:31.0435 8952 vwifimp - ok

12:02:31.0435 8952 W32Time - ok

12:02:31.0435 8952 WacomPen - ok

12:02:31.0451 8952 WANARP - ok

12:02:31.0451 8952 Wanarpv6 - ok

12:02:31.0451 8952 WatAdminSvc - ok

12:02:31.0451 8952 wbengine - ok

12:02:31.0451 8952 WbioSrvc - ok

12:02:31.0467 8952 wcncsvc - ok

12:02:31.0467 8952 WcsPlugInService - ok

12:02:31.0467 8952 Wd - ok

12:02:31.0467 8952 Wdf01000 - ok

12:02:31.0482 8952 WdiServiceHost - ok

12:02:31.0482 8952 WdiSystemHost - ok

12:02:31.0482 8952 WebClient - ok

12:02:31.0482 8952 Wecsvc - ok

12:02:31.0482 8952 wercplsupport - ok

12:02:31.0498 8952 WerSvc - ok

12:02:31.0498 8952 WfpLwf - ok

12:02:31.0498 8952 WIMMount - ok

12:02:31.0498 8952 WinDefend - ok

12:02:31.0513 8952 WinHttpAutoProxySvc - ok

12:02:31.0513 8952 Winmgmt - ok

12:02:31.0513 8952 WinRM - ok

12:02:31.0529 8952 WinUSB - ok

12:02:31.0529 8952 Wlansvc - ok

12:02:31.0545 8952 wlidsvc - ok

12:02:31.0545 8952 WmiAcpi - ok

12:02:31.0545 8952 wmiApSrv - ok

12:02:31.0545 8952 WMPNetworkSvc - ok

12:02:31.0560 8952 WPCSvc - ok

12:02:31.0560 8952 WPDBusEnum - ok

12:02:31.0560 8952 ws2ifsl - ok

12:02:31.0560 8952 wscsvc - ok

12:02:31.0560 8952 WSearch - ok

12:02:31.0576 8952 wuauserv - ok

12:02:31.0576 8952 WudfPf - ok

12:02:31.0576 8952 WUDFRd - ok

12:02:31.0591 8952 wudfsvc - ok

12:02:31.0591 8952 WwanSvc - ok

12:02:31.0607 8952 XobniService - ok

12:02:31.0607 8952 ZTEusbmdm6k - ok

12:02:31.0607 8952 ZTEusbnet - ok

12:02:31.0623 8952 ZTEusbnmea - ok

12:02:31.0623 8952 ZTEusbser6k - ok

12:02:31.0623 8952 ZTEusbvoice - ok

12:02:31.0638 8952 ================ Scan global ===============================

12:02:31.0654 8952 [Global] - ok

12:02:31.0654 8952 ================ Scan MBR ==================================

12:02:31.0685 8952 [ 065BB1DDAC55703154E090CB36D3FA2C ] \Device\Harddisk0\DR0

12:02:32.0153 8952 \Device\Harddisk0\DR0 - ok

12:02:32.0153 8952 ================ Scan VBR ==================================

12:02:32.0169 8952 [ D1183B4F0B57A31B3535A29CDE46F411 ] \Device\Harddisk0\DR0\Partition1

12:02:32.0169 8952 \Device\Harddisk0\DR0\Partition1 - ok

12:02:32.0184 8952 [ 3F67ADB0ACFE36648CC41EB866F3E03B ] \Device\Harddisk0\DR0\Partition2

12:02:32.0184 8952 \Device\Harddisk0\DR0\Partition2 - ok

12:02:32.0200 8952 [ BB661B8E5D47A2A5D944F99FB6F7F6BE ] \Device\Harddisk0\DR0\Partition3

12:02:32.0215 8952 \Device\Harddisk0\DR0\Partition3 - ok

12:02:32.0231 8952 [ 1652DB0455E53A3467E333EE62380BAB ] \Device\Harddisk0\DR0\Partition4

12:02:32.0231 8952 \Device\Harddisk0\DR0\Partition4 - ok

12:02:32.0231 8952 ============================================================

12:02:32.0231 8952 Scan finished

12:02:32.0231 8952 ============================================================

12:02:32.0231 7484 Detected object count: 0

12:02:32.0231 7484 Actual detected object count: 0

12:02:46.0115 5288 ============================================================

12:02:46.0115 5288 Scan started

12:02:46.0115 5288 Mode: Manual;

12:02:46.0115 5288 ============================================================

12:02:46.0162 5288 ================ Scan system memory ========================

12:02:46.0162 5288 System memory - ok

12:02:46.0162 5288 ================ Scan services =============================

12:02:46.0209 5288 1394ohci - ok

12:02:46.0209 5288 Accelerometer - ok

12:02:46.0224 5288 ACDaemon - ok

12:02:46.0224 5288 ACPI - ok

12:02:46.0224 5288 AcpiPmi - ok

12:02:46.0240 5288 AdobeARMservice - ok

12:02:46.0240 5288 AdobeFlashPlayerUpdateSvc - ok

12:02:46.0240 5288 adp94xx - ok

12:02:46.0255 5288 adpahci - ok

12:02:46.0255 5288 adpu320 - ok

12:02:46.0255 5288 AeLookupSvc - ok

12:02:46.0255 5288 AESTFilters - ok

12:02:46.0271 5288 Afc - ok

12:02:46.0271 5288 AFD - ok

12:02:46.0271 5288 agp440 - ok

12:02:46.0271 5288 ALG - ok

12:02:46.0271 5288 aliide - ok

12:02:46.0287 5288 AMD External Events Utility - ok

12:02:46.0287 5288 amdide - ok

12:02:46.0287 5288 AmdK8 - ok

12:02:46.0287 5288 amdkmdag - ok

12:02:46.0287 5288 amdkmdap - ok

12:02:46.0302 5288 AmdPPM - ok

12:02:46.0302 5288 amdsata - ok

12:02:46.0302 5288 amdsbs - ok

12:02:46.0302 5288 amdxata - ok

12:02:46.0318 5288 AppID - ok

12:02:46.0318 5288 AppIDSvc - ok

12:02:46.0318 5288 Appinfo - ok

12:02:46.0318 5288 Application Updater - ok

12:02:46.0318 5288 AppMgmt - ok

12:02:46.0333 5288 arc - ok

12:02:46.0333 5288 arcsas - ok

12:02:46.0333 5288 ARCVCAM - ok

12:02:46.0349 5288 aspnet_state - ok

12:02:46.0349 5288 AsyncMac - ok

12:02:46.0349 5288 atapi - ok

12:02:46.0349 5288 AthBTPort - ok

12:02:46.0365 5288 Atheros Bt&Wlan Coex Agent - ok

12:02:46.0365 5288 AtherosSvc - ok

12:02:46.0365 5288 athr - ok

12:02:46.0365 5288 AudioEndpointBuilder - ok

12:02:46.0365 5288 AudioSrv - ok

12:02:46.0380 5288 AVGIDSAgent - ok

12:02:46.0380 5288 AVGIDSDriver - ok

12:02:46.0380 5288 AVGIDSHA - ok

12:02:46.0380 5288 Avgldx64 - ok

12:02:46.0396 5288 Avgloga - ok

12:02:46.0396 5288 Avgmfx64 - ok

12:02:46.0396 5288 Avgrkx64 - ok

12:02:46.0396 5288 Avgtdia - ok

12:02:46.0411 5288 avgtp - ok

12:02:46.0411 5288 avgwd - ok

12:02:46.0411 5288 AxInstSV - ok

12:02:46.0411 5288 b06bdrv - ok

12:02:46.0411 5288 b57nd60a - ok

12:02:46.0427 5288 BDESVC - ok

12:02:46.0427 5288 Beep - ok

12:02:46.0427 5288 BFE - ok

12:02:46.0427 5288 BITS - ok

12:02:46.0443 5288 blbdrive - ok

12:02:46.0443 5288 bowser - ok

12:02:46.0443 5288 BrFiltLo - ok

12:02:46.0443 5288 BrFiltUp - ok

12:02:46.0443 5288 Browser - ok

12:02:46.0458 5288 Brserid - ok

12:02:46.0458 5288 BrSerWdm - ok

12:02:46.0458 5288 BrUsbMdm - ok

12:02:46.0458 5288 BrUsbSer - ok

12:02:46.0474 5288 BTATH_A2DP - ok

12:02:46.0474 5288 BTATH_BUS - ok

12:02:46.0474 5288 BTATH_HCRP - ok

12:02:46.0474 5288 BTATH_LWFLT - ok

12:02:46.0474 5288 BTATH_RCP - ok

12:02:46.0489 5288 BtFilter - ok

12:02:46.0489 5288 BthEnum - ok

12:02:46.0489 5288 BTHMODEM - ok

12:02:46.0489 5288 BthPan - ok

12:02:46.0505 5288 BTHPORT - ok

12:02:46.0505 5288 bthserv - ok

12:02:46.0505 5288 BTHUSB - ok

12:02:46.0505 5288 cdfs - ok

12:02:46.0505 5288 cdrom - ok

12:02:46.0521 5288 CertPropSvc - ok

12:02:46.0521 5288 circlass - ok

12:02:46.0521 5288 CLFS - ok

12:02:46.0521 5288 clr_optimization_v2.0.50727_32 - ok

12:02:46.0521 5288 clr_optimization_v2.0.50727_64 - ok

12:02:46.0536 5288 clr_optimization_v4.0.30319_32 - ok

12:02:46.0536 5288 clr_optimization_v4.0.30319_64 - ok

12:02:46.0536 5288 CmBatt - ok

12:02:46.0536 5288 cmdide - ok

12:02:46.0552 5288 CNG - ok

12:02:46.0552 5288 Compbatt - ok

12:02:46.0552 5288 CompositeBus - ok

12:02:46.0552 5288 COMSysApp - ok

12:02:46.0567 5288 crcdisk - ok

12:02:46.0567 5288 CryptSvc - ok

12:02:46.0567 5288 CSC - ok

12:02:46.0567 5288 CscService - ok

12:02:46.0567 5288 DAMDrv - ok

12:02:46.0583 5288 dc3d - ok

12:02:46.0583 5288 DcomLaunch - ok

12:02:46.0583 5288 defragsvc - ok

12:02:46.0583 5288 DfsC - ok

12:02:46.0599 5288 dg_ssudbus - ok

12:02:46.0599 5288 Dhcp - ok

12:02:46.0599 5288 discache - ok

12:02:46.0599 5288 Disk - ok

12:02:46.0614 5288 dmvsc - ok

12:02:46.0614 5288 Dnscache - ok

12:02:46.0614 5288 dot3svc - ok

12:02:46.0614 5288 DpHost - ok

12:02:46.0630 5288 DPS - ok

12:02:46.0630 5288 drmkaud - ok

12:02:46.0630 5288 DXGKrnl - ok

12:02:46.0630 5288 EapHost - ok

12:02:46.0630 5288 ebdrv - ok

12:02:46.0645 5288 EFS - ok

12:02:46.0645 5288 ehRecvr - ok

12:02:46.0645 5288 ehSched - ok

12:02:46.0645 5288 elxstor - ok

12:02:46.0645 5288 ErrDev - ok

12:02:46.0661 5288 EventSystem - ok

12:02:46.0661 5288 exfat - ok

12:02:46.0661 5288 fastfat - ok

12:02:46.0661 5288 Fax - ok

12:02:46.0677 5288 fdc - ok

12:02:46.0677 5288 fdPHost - ok

12:02:46.0677 5288 FDResPub - ok

12:02:46.0677 5288 FileInfo - ok

12:02:46.0692 5288 Filetrace - ok

12:02:46.0692 5288 FirebirdGuardianDefaultInstance - ok

12:02:46.0692 5288 FirebirdServerDefaultInstance - ok

12:02:46.0692 5288 FLCDLOCK - ok

12:02:46.0708 5288 flpydisk - ok

12:02:46.0708 5288 FltMgr - ok

12:02:46.0708 5288 FontCache - ok

12:02:46.0723 5288 FontCache3.0.0.0 - ok

12:02:46.0723 5288 FsDepends - ok

12:02:46.0723 5288 Fs_Rec - ok

12:02:46.0723 5288 fvevol - ok

12:02:46.0739 5288 gagp30kx - ok

12:02:46.0739 5288 GameConsoleService - ok

12:02:46.0739 5288 gpsvc - ok

12:02:46.0755 5288 gupdate - ok

12:02:46.0755 5288 gupdatem - ok

12:02:46.0755 5288 hcw85cir - ok

12:02:46.0755 5288 HdAudAddService - ok

12:02:46.0755 5288 HDAudBus - ok

12:02:46.0770 5288 HidBatt - ok

12:02:46.0770 5288 HidBth - ok

12:02:46.0770 5288 HidIr - ok

12:02:46.0770 5288 hidserv - ok

12:02:46.0786 5288 HidUsb - ok

12:02:46.0786 5288 hkmsvc - ok

12:02:46.0786 5288 HomeGroupListener - ok

12:02:46.0786 5288 HomeGroupProvider - ok

12:02:46.0786 5288 HP Power Assistant Service - ok

12:02:46.0801 5288 HP Support Assistant Service - ok

12:02:46.0801 5288 hpCMSrv - ok

12:02:46.0801 5288 HPDayStarterService - ok

12:02:46.0801 5288 HPDrvMntSvc.exe - ok

12:02:46.0817 5288 hpdskflt - ok

12:02:46.0817 5288 HPFSService - ok

12:02:46.0817 5288 hpHotkeyMonitor - ok

12:02:46.0817 5288 HpqKbFiltr - ok

12:02:46.0833 5288 hpqwmiex - ok

12:02:46.0833 5288 HpSAMD - ok

12:02:46.0833 5288 hpsrv - ok

12:02:46.0833 5288 HSPADataCardusbmdm - ok

12:02:46.0848 5288 HSPADataCardusbnmea - ok

12:02:46.0848 5288 HSPADataCardusbser - ok

12:02:46.0848 5288 HTTP - ok

12:02:46.0848 5288 hwpolicy - ok

12:02:46.0864 5288 i8042prt - ok

12:02:46.0864 5288 iaStor - ok

12:02:46.0864 5288 IAStorDataMgrSvc - ok

12:02:46.0864 5288 iaStorV - ok

12:02:46.0879 5288 idsvc - ok

12:02:46.0879 5288 igfx - ok

12:02:46.0879 5288 iirsp - ok

12:02:46.0879 5288 IKEEXT - ok

12:02:46.0895 5288 intelide - ok

12:02:46.0895 5288 intelkmd - ok

12:02:46.0895 5288 intelppm - ok

12:02:46.0895 5288 IPBusEnum - ok

12:02:46.0911 5288 IpFilterDriver - ok

12:02:46.0911 5288 iphlpsvc - ok

12:02:46.0911 5288 IPMIDRV - ok

12:02:46.0911 5288 IPNAT - ok

12:02:46.0911 5288 IRENUM - ok

12:02:46.0926 5288 isapnp - ok

12:02:46.0926 5288 iScsiPrt - ok

12:02:46.0926 5288 jhi_service - ok

12:02:46.0942 5288 JMCR - ok

12:02:46.0942 5288 kbdclass - ok

12:02:46.0942 5288 kbdhid - ok

12:02:46.0942 5288 KeyIso - ok

12:02:46.0957 5288 KSecDD - ok

12:02:46.0957 5288 KSecPkg - ok

12:02:46.0957 5288 ksthunk - ok

12:02:46.0957 5288 KtmRm - ok

12:02:46.0957 5288 LanmanServer - ok

12:02:46.0973 5288 LanmanWorkstation - ok

12:02:46.0973 5288 lltdio - ok

12:02:46.0973 5288 lltdsvc - ok

12:02:46.0973 5288 lmhosts - ok

12:02:46.0989 5288 LMS - ok

12:02:46.0989 5288 LSI_FC - ok

12:02:46.0989 5288 LSI_SAS - ok

12:02:46.0989 5288 LSI_SAS2 - ok

12:02:47.0004 5288 LSI_SCSI - ok

12:02:47.0004 5288 luafv - ok

12:02:47.0004 5288 massfilter - ok

12:02:47.0004 5288 MBAMProtector - ok

12:02:47.0004 5288 MBAMScheduler - ok

12:02:47.0020 5288 MBAMService - ok

12:02:47.0020 5288 McAfee Endpoint Encryption Agent - ok

12:02:47.0020 5288 Mcx2Svc - ok

12:02:47.0020 5288 MDM - ok

12:02:47.0035 5288 megasas - ok

12:02:47.0035 5288 MegaSR - ok

12:02:47.0035 5288 MEIx64 - ok

12:02:47.0035 5288 MfeEpeOpal - ok

12:02:47.0035 5288 MfeEpePc - ok

12:02:47.0051 5288 Microsoft Office Groove Audit Service - ok

12:02:47.0051 5288 MMCSS - ok

12:02:47.0051 5288 Modem - ok

12:02:47.0067 5288 monitor - ok

12:02:47.0067 5288 mouclass - ok

12:02:47.0067 5288 mouhid - ok

12:02:47.0067 5288 mountmgr - ok

12:02:47.0067 5288 mpio - ok

12:02:47.0082 5288 mpsdrv - ok

12:02:47.0082 5288 MpsSvc - ok

12:02:47.0082 5288 MRxDAV - ok

12:02:47.0082 5288 mrxsmb - ok

12:02:47.0098 5288 mrxsmb10 - ok

12:02:47.0098 5288 mrxsmb20 - ok

12:02:47.0098 5288 msahci - ok

12:02:47.0098 5288 msdsm - ok

12:02:47.0098 5288 MSDTC - ok

12:02:47.0113 5288 Msfs - ok

12:02:47.0113 5288 mshidkmdf - ok

12:02:47.0113 5288 msisadrv - ok

12:02:47.0113 5288 MSiSCSI - ok

12:02:47.0129 5288 msiserver - ok

12:02:47.0129 5288 MSKSSRV - ok

12:02:47.0129 5288 MSPCLOCK - ok

12:02:47.0129 5288 MSPQM - ok

12:02:47.0145 5288 MsRPC - ok

12:02:47.0145 5288 mssmbios - ok

12:02:47.0145 5288 MSTEE - ok

12:02:47.0145 5288 MTConfig - ok

12:02:47.0160 5288 Mup - ok

12:02:47.0160 5288 napagent - ok

12:02:47.0160 5288 NativeWifiP - ok

12:02:47.0160 5288 NAUpdate - ok

12:02:47.0160 5288 NDIS - ok

12:02:47.0176 5288 NdisCap - ok

12:02:47.0176 5288 NdisTapi - ok

12:02:47.0176 5288 Ndisuio - ok

12:02:47.0176 5288 NdisWan - ok

12:02:47.0191 5288 NDProxy - ok

12:02:47.0191 5288 NetBIOS - ok

12:02:47.0191 5288 NetBT - ok

12:02:47.0191 5288 Netlogon - ok

12:02:47.0191 5288 Netman - ok

12:02:47.0207 5288 NetMsmqActivator - ok

12:02:47.0207 5288 NetPipeActivator - ok

12:02:47.0207 5288 netprofm - ok

12:02:47.0207 5288 NetTcpActivator - ok

12:02:47.0207 5288 NetTcpPortSharing - ok

12:02:47.0223 5288 nfrd960 - ok

12:02:47.0223 5288 NlaSvc - ok

12:02:47.0223 5288 Npfs - ok

12:02:47.0223 5288 nsi - ok

12:02:47.0238 5288 nsiproxy - ok

12:02:47.0238 5288 Ntfs - ok

12:02:47.0238 5288 Null - ok

12:02:47.0238 5288 nusb3hub - ok

12:02:47.0254 5288 nusb3xhc - ok

12:02:47.0254 5288 nvraid - ok

12:02:47.0254 5288 nvstor - ok

12:02:47.0254 5288 nv_agp - ok

12:02:47.0254 5288 odserv - ok

12:02:47.0269 5288 ohci1394 - ok

12:02:47.0269 5288 ose - ok

12:02:47.0269 5288 p2pimsvc - ok

12:02:47.0269 5288 p2psvc - ok

12:02:47.0285 5288 Parport - ok

12:02:47.0285 5288 partmgr - ok

12:02:47.0285 5288 PcaSvc - ok

12:02:47.0285 5288 pci - ok

12:02:47.0301 5288 pciide - ok

12:02:47.0301 5288 pcmcia - ok

12:02:47.0301 5288 pcw - ok

12:02:47.0301 5288 PdiService - ok

12:02:47.0316 5288 PEAUTH - ok

12:02:47.0316 5288 PeerDistSvc - ok

12:02:47.0316 5288 PerfHost - ok

12:02:47.0332 5288 pla - ok

12:02:47.0332 5288 PlugPlay - ok

12:02:47.0332 5288 PNRPAutoReg - ok

12:02:47.0332 5288 PNRPsvc - ok

12:02:47.0347 5288 Point64 - ok

12:02:47.0347 5288 PolicyAgent - ok

12:02:47.0347 5288 Power - ok

12:02:47.0347 5288 PptpMiniport - ok

12:02:47.0363 5288 Processor - ok

12:02:47.0363 5288 ProfSvc - ok

12:02:47.0363 5288 ProtectedStorage - ok

12:02:47.0363 5288 Psched - ok

12:02:47.0363 5288 ql2300 - ok

12:02:47.0379 5288 ql40xx - ok

12:02:47.0379 5288 QWAVE - ok

12:02:47.0379 5288 QWAVEdrv - ok

12:02:47.0379 5288 RasAcd - ok

12:02:47.0394 5288 RasAgileVpn - ok

12:02:47.0394 5288 RasAuto - ok

12:02:47.0394 5288 Rasl2tp - ok

12:02:47.0394 5288 RasMan - ok

12:02:47.0410 5288 RasPppoe - ok

12:02:47.0410 5288 RasSstp - ok

12:02:47.0410 5288 rdbss - ok

12:02:47.0410 5288 rdpbus - ok

12:02:47.0425 5288 RDPCDD - ok

12:02:47.0425 5288 RDPDR - ok

12:02:47.0425 5288 RDPENCDD - ok

12:02:47.0425 5288 RDPREFMP - ok

12:02:47.0441 5288 RDPWD - ok

12:02:47.0441 5288 rdyboost - ok

12:02:47.0441 5288 RemoteAccess - ok

12:02:47.0441 5288 RemoteRegistry - ok

12:02:47.0457 5288 RFCOMM - ok

12:02:47.0457 5288 RimUsb - ok

12:02:47.0457 5288 RpcEptMapper - ok

12:02:47.0457 5288 RpcLocator - ok

12:02:47.0457 5288 RpcSs - ok

12:02:47.0472 5288 rspndr - ok

12:02:47.0472 5288 RTL8167 - ok

12:02:47.0472 5288 s3cap - ok

12:02:47.0472 5288 SamSs - ok

12:02:47.0488 5288 sbp2port - ok

12:02:47.0488 5288 SCardSvr - ok

12:02:47.0488 5288 scfilter - ok

12:02:47.0488 5288 Schedule - ok

12:02:47.0488 5288 SCPolicySvc - ok

12:02:47.0503 5288 sdbus - ok

12:02:47.0503 5288 SDRSVC - ok

12:02:47.0503 5288 secdrv - ok

12:02:47.0503 5288 seclogon - ok

12:02:47.0503 5288 SENS - ok

12:02:47.0519 5288 SensrSvc - ok

12:02:47.0519 5288 Serenum - ok

12:02:47.0519 5288 Serial - ok

12:02:47.0519 5288 sermouse - ok

12:02:47.0535 5288 SessionEnv - ok

12:02:47.0535 5288 sffdisk - ok

12:02:47.0535 5288 sffp_mmc - ok

12:02:47.0550 5288 sffp_sd - ok

12:02:47.0550 5288 sfloppy - ok

12:02:47.0550 5288 SharedAccess - ok

12:02:47.0550 5288 ShellHWDetection - ok

12:02:47.0550 5288 SiSRaid2 - ok

12:02:47.0566 5288 SiSRaid4 - ok

12:02:47.0566 5288 Skype C2C Service - ok

12:02:47.0566 5288 SkypeUpdate - ok

12:02:47.0566 5288 Smb - ok

12:02:47.0581 5288 SNMPTRAP - ok

12:02:47.0581 5288 SNP2UVC - ok

12:02:47.0581 5288 spldr - ok

12:02:47.0581 5288 Spooler - ok

12:02:47.0597 5288 sppsvc - ok

12:02:47.0597 5288 sppuinotify - ok

12:02:47.0597 5288 srv - ok

12:02:47.0597 5288 srv2 - ok

12:02:47.0597 5288 srvnet - ok

12:02:47.0613 5288 SSDPSRV - ok

12:02:47.0613 5288 SstpSvc - ok

12:02:47.0613 5288 ssudmdm - ok

12:02:47.0613 5288 STacSV - ok

12:02:47.0628 5288 stexstor - ok

12:02:47.0628 5288 STHDA - ok

12:02:47.0628 5288 stisvc - ok

12:02:47.0628 5288 storflt - ok

12:02:47.0628 5288 StorSvc - ok

12:02:47.0644 5288 storvsc - ok

12:02:47.0644 5288 swenum - ok

12:02:47.0644 5288 SwitchBoard - ok

12:02:47.0644 5288 swprv - ok

12:02:47.0659 5288 SynTP - ok

12:02:47.0659 5288 SysMain - ok

12:02:47.0659 5288 TabletInputService - ok

12:02:47.0659 5288 TapiSrv - ok

12:02:47.0659 5288 TBS - ok

12:02:47.0675 5288 Tcpip - ok

12:02:47.0675 5288 TCPIP6 - ok

12:02:47.0691 5288 tcpipreg - ok

12:02:47.0691 5288 TDPIPE - ok

12:02:47.0691 5288 TDTCP - ok

12:02:47.0706 5288 tdx - ok

12:02:47.0706 5288 TermDD - ok

12:02:47.0706 5288 TermService - ok

12:02:47.0722 5288 Themes - ok

12:02:47.0722 5288 THREADORDER - ok

12:02:47.0722 5288 TrkWks - ok

12:02:47.0722 5288 TrustedInstaller - ok

12:02:47.0737 5288 tssecsrv - ok

12:02:47.0737 5288 TsUsbFlt - ok

12:02:47.0737 5288 TsUsbGD - ok

12:02:47.0753 5288 tunnel - ok

12:02:47.0753 5288 uagp35 - ok

12:02:47.0769 5288 uArcCapture - ok

12:02:47.0769 5288 udfs - ok

12:02:47.0769 5288 UI0Detect - ok

12:02:47.0784 5288 uliagpkx - ok

12:02:47.0784 5288 umbus - ok

12:02:47.0784 5288 UmPass - ok

12:02:47.0784 5288 UmRdpService - ok

12:02:47.0800 5288 UNS - ok

12:02:47.0800 5288 upnphost - ok

12:02:47.0800 5288 usbccgp - ok

12:02:47.0800 5288 usbcir - ok

12:02:47.0815 5288 usbehci - ok

12:02:47.0815 5288 usbhub - ok

12:02:47.0815 5288 usbohci - ok

12:02:47.0831 5288 usbprint - ok

12:02:47.0831 5288 USBSTOR - ok

12:02:47.0831 5288 usbuhci - ok

12:02:47.0831 5288 usbvideo - ok

12:02:47.0831 5288 UxSms - ok

12:02:47.0847 5288 VaultSvc - ok

12:02:47.0847 5288 vcsFPService - ok

12:02:47.0847 5288 vdrvroot - ok

12:02:47.0847 5288 vds - ok

12:02:47.0862 5288 vga - ok

12:02:47.0862 5288 VgaSave - ok

12:02:47.0862 5288 vhdmp - ok

12:02:47.0862 5288 viaide - ok

12:02:47.0878 5288 Virtual Router - ok

12:02:47.0878 5288 vmbus - ok

12:02:47.0878 5288 VMBusHID - ok

12:02:47.0878 5288 VMCService - ok

12:02:47.0878 5288 volmgr - ok

12:02:47.0893 5288 volmgrx - ok

12:02:47.0893 5288 volsnap - ok

12:02:47.0893 5288 vpcbus - ok

12:02:47.0893 5288 vpcnfltr - ok

12:02:47.0909 5288 vpcusb - ok

12:02:47.0909 5288 vpcvmm - ok

12:02:47.0909 5288 vsmraid - ok

12:02:47.0909 5288 VSS - ok

12:02:47.0925 5288 vToolbarUpdater12.2.6 - ok

12:02:47.0925 5288 vwifibus - ok

12:02:47.0925 5288 vwififlt - ok

12:02:47.0925 5288 vwifimp - ok

12:02:47.0940 5288 W32Time - ok

12:02:47.0940 5288 WacomPen - ok

12:02:47.0940 5288 WANARP - ok

12:02:47.0940 5288 Wanarpv6 - ok

12:02:47.0956 5288 WatAdminSvc - ok

12:02:47.0956 5288 wbengine - ok

12:02:47.0956 5288 WbioSrvc - ok

12:02:47.0956 5288 wcncsvc - ok

12:02:47.0971 5288 WcsPlugInService - ok

12:02:47.0971 5288 Wd - ok

12:02:47.0971 5288 Wdf01000 - ok

12:02:47.0971 5288 WdiServiceHost - ok

12:02:47.0971 5288 WdiSystemHost - ok

12:02:47.0987 5288 WebClient - ok

12:02:47.0987 5288 Wecsvc - ok

12:02:47.0987 5288 wercplsupport - ok

12:02:47.0987 5288 WerSvc - ok

12:02:48.0003 5288 WfpLwf - ok

12:02:48.0003 5288 WIMMount - ok

12:02:48.0003 5288 WinDefend - ok

12:02:48.0003 5288 WinHttpAutoProxySvc - ok

12:02:48.0018 5288 Winmgmt - ok

12:02:48.0018 5288 WinRM - ok

12:02:48.0018 5288 WinUSB - ok

12:02:48.0018 5288 Wlansvc - ok

12:02:48.0034 5288 wlidsvc - ok

12:02:48.0034 5288 WmiAcpi - ok

12:02:48.0034 5288 wmiApSrv - ok

12:02:48.0049 5288 WMPNetworkSvc - ok

12:02:48.0049 5288 WPCSvc - ok

12:02:48.0049 5288 WPDBusEnum - ok

12:02:48.0049 5288 ws2ifsl - ok

12:02:48.0049 5288 wscsvc - ok

12:02:48.0065 5288 WSearch - ok

12:02:48.0065 5288 wuauserv - ok

12:02:48.0065 5288 WudfPf - ok

12:02:48.0065 5288 WUDFRd - ok

12:02:48.0081 5288 wudfsvc - ok

12:02:48.0081 5288 WwanSvc - ok

12:02:48.0081 5288 XobniService - ok

12:02:48.0081 5288 ZTEusbmdm6k - ok

12:02:48.0096 5288 ZTEusbnet - ok

12:02:48.0096 5288 ZTEusbnmea - ok

12:02:48.0096 5288 ZTEusbser6k - ok

12:02:48.0096 5288 ZTEusbvoice - ok

12:02:48.0112 5288 ================ Scan global ===============================

12:02:48.0112 5288 [Global] - ok

12:02:48.0112 5288 ================ Scan MBR ==================================

12:02:48.0143 5288 [ 065BB1DDAC55703154E090CB36D3FA2C ] \Device\Harddisk0\DR0

12:02:48.0523 5288 \Device\Harddisk0\DR0 - ok

12:02:48.0524 5288 ================ Scan VBR ==================================

12:02:48.0526 5288 [ D1183B4F0B57A31B3535A29CDE46F411 ] \Device\Harddisk0\DR0\Partition1

12:02:48.0527 5288 \Device\Harddisk0\DR0\Partition1 - ok

12:02:48.0540 5288 [ 3F67ADB0ACFE36648CC41EB866F3E03B ] \Device\Harddisk0\DR0\Partition2

12:02:48.0540 5288 \Device\Harddisk0\DR0\Partition2 - ok

12:02:48.0569 5288 [ BB661B8E5D47A2A5D944F99FB6F7F6BE ] \Device\Harddisk0\DR0\Partition3

12:02:48.0571 5288 \Device\Harddisk0\DR0\Partition3 - ok

12:02:48.0590 5288 [ 1652DB0455E53A3467E333EE62380BAB ] \Device\Harddisk0\DR0\Partition4

12:02:48.0590 5288 \Device\Harddisk0\DR0\Partition4 - ok

12:02:48.0591 5288 ============================================================

12:02:48.0591 5288 Scan finished

12:02:48.0591 5288 ============================================================

12:02:48.0600 1508 Detected object count: 0

12:02:48.0600 1508 Actual detected object count: 0

RogueKiller V8.1.1 [10/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : HLuther [Admin rights]

Mode : Scan -- Date : 10/07/2012 12:05:16

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤

[RUN][bLACKLIST DLL] HKLM\[...]\Wow6432Node\RunOnce : B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll ("C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer) -> FOUND

[RUN][bLACKLIST DLL] HKLM\[...]\Wow6432Node\RunOnce : B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll ("C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer) -> FOUND

[RUN][bLACKLIST DLL] HKLM\[...]\Wow6432Node\RunOnce : B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll ("C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer) -> FOUND

[RUN][bLACKLIST DLL] HKLM\[...]\Wow6432Node\RunOnce : B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll ("C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer) -> FOUND

[TASK][sUSP PATH] OptimizerPro1UpdaterTask{7E9CB3FF-20EC-4589-89F1-F660E1008D8A}.job : C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe -> FOUND

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{2032A163-82DF-45A6-A5D8-1E139BB87489} : NameServer (168.210.2.2,192.168.1.1) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{2032A163-82DF-45A6-A5D8-1E139BB87489} : NameServer (168.210.2.2,192.168.1.1) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com 3dns.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.adobe.com activate.wip.adobe.com activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com

127.0.0.1 adobe-dns-3.adobe.com adobe-dns-4.adobe.com adobe-dns.adobe.com adobeereg.com crl.verisign.net ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com ood.opsource.net practivate.adobe practivate.adobe.com

127.0.0.1 practivate.adobe.ipp practivate.adobe.newoa practivate.adobe.ntp wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com wwis-dubc1-vip60.adobe.com www.adobeereg.com www.wip.adobe.com www.wip1.adobe.com www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6476GSX +++++

--- User ---

[MBR] 326d0891c31ab750e3e7b09af0ec1249

[bSP] 84367d3365e70c0f841db1d260addf57 : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 587036 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1202866176 | Size: 18020 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1239771136 | Size: 5115 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 13c9f33c95df9307bec5941dbc84892a

[bSP] 3d636aa8d5682f62dacd9857be8278f3 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 61440 Mo

2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167999488 | Size: 1001 Mo

3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 171999232 | Size: 1000 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

ID: 7   Posted (edited)

Let's have you do the following:

  • Close any open documents/programs & all internet browsers you have running.
  • Please start AdwCleaner
  • Click on Delete button.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
  • Note: You can find the logfile at C:\AdwCleaner[s1]

Step 2

Please copy/paste the lines in bold below to Notepad:

@Echo on

pushd\windows\system32\drivers\etc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset resetlog.log

shutdown -r -t 1

del %0

Save as flush.bat to your desktop.

Double-click flush.bat file to run it. Your computer will reboot.

Step 3

Download, & save & then run the MS Safety scanner

http://www.microsoft.com/security/scanner/en-us/default.aspx

Let me know the result.

Step 4

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,if any.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click stinger-icon.gif and select Run as Administrator.

On XP, double-click to start it.

The GUI interface will look like this

stinger2.png

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Rename

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

RE-Enable your anti-virus program.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

Step 5

Download Dr.Web CureIt to the desktop.

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

Tell me, How is the system now ?

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

# AdwCleaner v2.003 - Logfile created 10/07/2012 at 11:57:23

# Updated 23/09/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : HLuther - HLUTHER-HP

# Boot Mode : Normal

# Running from : C:\Users\HLuther\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

Found : Application Updater

***** [Files / Folders] *****

File Found : C:\user.js

Folder Found : C:\Program Files (x86)\Application Updater

Folder Found : C:\Program Files (x86)\AVG Secure Search

Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Found : C:\Program Files (x86)\Common Files\spigot

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\ProgramData\AVG Secure Search

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\ProgramData\Browser Manager

Folder Found : C:\ProgramData\IBUpdaterService

Folder Found : C:\ProgramData\InstallMate

Folder Found : C:\ProgramData\Premium

Folder Found : C:\ProgramData\Tarma Installer

Folder Found : C:\Users\HLuther\AppData\Local\APN

Folder Found : C:\Users\HLuther\AppData\Local\AVG Secure Search

Folder Found : C:\Users\HLuther\AppData\Local\Conduit

Folder Found : C:\Users\HLuther\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Folder Found : C:\Users\HLuther\AppData\Local\Ilivid Player

Folder Found : C:\Users\HLuther\AppData\LocalLow\AVG Secure Search

Folder Found : C:\Users\HLuther\AppData\LocalLow\boost_interprocess

Folder Found : C:\Users\HLuther\AppData\LocalLow\Conduit

Folder Found : C:\Users\HLuther\AppData\LocalLow\Search Settings

Folder Found : C:\Users\HLuther\AppData\Roaming\Babylon

Folder Found : C:\Users\HLuther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\Search Settings

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\DataMngr_Toolbar

Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Key Found : HKCU\Software\IGearSettings

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\Search Settings

Key Found : HKCU\Software\Softonic

Key Found : HKCU\Software\StartSearch

Key Found : HKCU\Software\SweetIm

Key Found : HKLM\Software\AVG Secure Search

Key Found : HKLM\Software\Babylon

Key Found : HKLM\Software\BrowserMngr

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\S

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\CToolbar

Key Found : HKLM\Software\DataMngr

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\Software\Iminent

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKLM\Software\Search Settings

Key Found : HKLM\Software\SweetIm

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}

Key Found : HKLM\SOFTWARE\Tarma Installer

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v22.0.1229.79

File : C:\Users\HLuther\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.43] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=113480&tt=060612_7_&babsrc=HP_ss&mntrId=3ad47cc3000000000000446d571a0489" ]

Found [l.81] : icon_url = "hxxp://www.ask.com/favicon.ico",

Found [l.84] : keyword = "ask.com",

Found [l.87] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=XPO&o=APN10017&locale=en_US&apn_uid=1957f6f4-0f33-48e8-91df-536de0fa69bb&apn_ptnrs=%5EA4E&apn_sauid=13CF65BD-EB8A-4D53-A43D-B8AC658A3ED6&apn_dtid=%5EYYYYYY%5EYY%5EZA&q={searchTerms}",

Found [l.88] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}",

Found [l.2335] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=113480&tt=060612_7_&babsrc=HP_ss&mntrId=3ad47cc3000000000000446d571a0489" ]

*************************

AdwCleaner[R1].txt - [10557 octets] - [07/10/2012 11:57:23]

########## EOF - C:\AdwCleaner[R1].txt - [10618 octets] ##########

Share this post


Link to post
Share on other sites

McAfee® Labs Stinger Version 10.2.0.804 built on Oct 5 2012

Copyright © 2012 McAfee, Inc. All Rights Reserved.

Virus data file v1000.0000 created on Oct 5 2012.

Ready to scan for 5296 viruses, trojans and variants.

Scan initiated on Sun Oct 07 17:44:55 2012

Rootkit scan result : Not Scanned

Master Boot Record(s):....1

Possibly Infected:.............0

Boot Sector(s):.................3

Possibly Infected: ............0

Number of clean files: 21918

Share this post


Link to post
Share on other sites

=============================================================================

Dr.Web Scanner for Windows v6.00.16 (6.00.16.01270)

© Doctor Web, Ltd., 1992-2011

Log generated on: 2012-10-07, 18:48:57 [HLUTHER-HP][HLuther]

Command line: "C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\7ec30_xp.exe" /lng /ini:setup_xp.ini /fast /send_stat

Boot mode: Normal Mode

Operating system: Windows Seven Professional x64/WOW (Build 7601), Service Pack 1

=============================================================================

DwShield started

Engine version: 7.00 (7.00.2.04281)

Engine API version: 2.02

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\51bb8d5f - 3323 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\0d1a26ab - 1 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\6256c1a6 - 23622 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\38ba90e5 - 17444 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\7b2e0432 - 21205 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\596fe492 - 11686 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\28572531 - 12677 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\332e31af - 10118 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\7580b37d - 12602 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\a9d16a82 - 18298 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\449a6969 - 17126 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\8fa7e8da - 20539 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\7692cd86 - 19330 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\44a0d9a5 - 19692 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\23ed3696 - 14727 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\fa830581 - 19485 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\4cc8fc53 - 22898 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\369e6c88 - 20551 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\7d49d851 - 9661 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\a58d174a - 23632 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\75c0b96d - 12423 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\8d0058fa - 15493 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\8208f5e4 - 13065 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\45cc2958 - 16238 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\08f24fdd - 11570 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\fe27ddc3 - 15478 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\eb58a7b1 - 11881 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\182daddc - 13578 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\3fefedee - 14292 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\98a0761c - 14084 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\cc855ff2 - 19126 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\8566fdc6 - 14920 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\830909a9 - 19017 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\39334f88 - 19691 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\543c53f0 - 23605 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\ddfd8236 - 19067 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\6fbf6368 - 19019 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\b730863a - 28028 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\55eedf0e - 29444 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\2649bf46 - 19353 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\e176519e - 20747 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\0a3c3340 - 28052 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\f68ae7f8 - 12183 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\2b70885a - 19984 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\8fbbc5c7 - 22627 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\701ec59e - 49580 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\3f1102d2 - 45195 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\f100b597 - 171075 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\30d4562a - 170820 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\a293a98d - 171279 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\85f447d5 - 170253 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\0fd6fba5 - 170291 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\417b2f4e - 170501 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\268d4ea4 - 353582 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\97fbf8c8 - 852776 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\a969b197 - 401 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\56b2945b - 1456 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\c1fce26d - 1421 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\75b53e49 - 1385 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\b7c9b5c4 - 1653 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\c009d658 - 1445 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\a9172b6e - 1588 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\e4b56fbc - 1702 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\58a95b6f - 1659 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\6f18bb40 - 1670 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\6fc129b5 - 1729 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\4f63f448 - 1523 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\8574a4a4 - 1805 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\6d7d34aa - 26456 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\480ba85c - 74279 virus records

[Virus database] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\420d1c83 - 1 virus records

Total virus records: 3217107

[self-checking] C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\7ec30_xp.exe

Key file: C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\setup.key

License key number: 0012734320

Registered to: A User

License key activates on: 2012-03-06

License key expires on: 2013-03-08

Share this post


Link to post
Share on other sites

SYSTEM BIOS - OK

Process in memory: :0 - OK

Process in memory: System:4 - OK

Process in memory: C:\Windows\System32\smss.exe:348 - OK

Process in memory: C:\Windows\System32\csrss.exe:532 - OK

Process in memory: C:\Windows\System32\wininit.exe:664 - OK

Process in memory: C:\Windows\System32\csrss.exe:692 - OK

Process in memory: C:\Windows\System32\services.exe:724 - OK

Process in memory: C:\Windows\System32\lsass.exe:752 - OK

Process in memory: C:\Windows\System32\lsm.exe:760 - OK

Process in memory: C:\Windows\System32\winlogon.exe:824 - OK

Process in memory: C:\Windows\System32\svchost.exe:896 - OK

Process in memory: C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe:964 - OK

Process in memory: C:\Windows\System32\svchost.exe:1016 - OK

Process in memory: C:\Windows\System32\atiesrxx.exe:392 - OK

Process in memory: C:\Windows\System32\svchost.exe:640 - OK

Process in memory: C:\Windows\System32\svchost.exe:416 - OK

Process in memory: C:\Windows\System32\svchost.exe:912 - OK

Process in memory: C:\Program Files\IDT\WDM\stacsv64.exe:1052 - OK

Process in memory: C:\Windows\System32\svchost.exe:1212 - OK

Process in memory: C:\Windows\System32\svchost.exe:1296 - OK

Process in memory: C:\Windows\System32\hpservice.exe:1488 - OK

Process in memory: C:\Windows\System32\vcsFPService.exe:1536 - OK

Process in memory: C:\Windows\System32\atieclxx.exe:1616 - OK

Process in memory: C:\Windows\System32\svchost.exe:1664 - OK

Process in memory: C:\Windows\System32\spoolsv.exe:1864 - OK

Process in memory: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe:1908 - OK

Process in memory: C:\Windows\System32\svchost.exe:2008 - OK

Process in memory: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe:1444 - OK

Process in memory: C:\Program Files\IDT\WDM\AESTSr64.exe:1464 - OK

Process in memory: C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe:1736 - OK

Process in memory: C:\Program Files (x86)\Bluetooth Suite\AdminService.exe:1628 - OK

Process in memory: C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe:2096 - OK

Process in memory: C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe:2136 - OK

Process in memory: C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe:2224 - OK

Process in memory: C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe:2248 - OK

Process in memory: C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe:2280 - OK

Process in memory: C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe:2312 - OK

Process in memory: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe:2340 - OK

Process in memory: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe:2372 - OK

Process in memory: C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe:2392 - OK

Process in memory: C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe:2448 - OK

Process in memory: C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe:2612 - OK

Process in memory: C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe:2840 - OK

Process in memory: C:\Windows\System32\svchost.exe:2916 - OK

Process in memory: C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe:2980 - OK

Process in memory: C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe:3028 - OK

Process in memory: C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe:3404 - OK

Process in memory: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE:3460 - OK

Process in memory: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE:3548 - OK

Process in memory: C:\Windows\System32\wbem\unsecapp.exe:3616 - OK

Process in memory: C:\Windows\System32\wbem\WmiPrvSE.exe:3732 - OK

Process in memory: C:\Windows\System32\taskhost.exe:3888 - OK

Process in memory: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe:3944 - OK

Process in memory: C:\Windows\System32\dwm.exe:3964 - OK

Process in memory: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe:3972 - OK

Process in memory: C:\Windows\explorer.exe:4064 - OK

Process in memory: C:\Windows\System32\taskeng.exe:3332 - OK

Process in memory: C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe:3708 - OK

Process in memory: C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe:1996 - OK

Process in memory: C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe:3908 - OK

Process in memory: C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe:4392 - OK

Process in memory: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe:5012 - OK

Process in memory: C:\Windows\System32\PrintIsolationHost.exe:5088 - OK

Process in memory: C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe:4132 - OK

Process in memory: C:\Windows\System32\svchost.exe:4660 - OK

Process in memory: C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe:4740 - OK

Process in memory: C:\Windows\System32\svchost.exe:2132 - OK

Process in memory: C:\Windows\System32\alg.exe:1416 - OK

Process in memory: C:\Windows\System32\svchost.exe:3664 - OK

Process in memory: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe:2276 - OK

Process in memory: C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe:4592 - OK

Process in memory: C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe:5260 - OK

Process in memory: C:\Windows\System32\igfxtray.exe:5312 - OK

Process in memory: C:\Windows\System32\hkcmd.exe:5336 - OK

Process in memory: C:\Windows\System32\igfxpers.exe:5432 - OK

Process in memory: C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe:5484 - OK

Process in memory: C:\Program Files\Microsoft IntelliPoint\ipoint.exe:5908 - OK

Process in memory: C:\Program Files\IDT\WDM\sttray64.exe:6092 - OK

Process in memory: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe:5128 - OK

Process in memory: C:\Program Files (x86)\Samsung\Kies\Kies.exe:5536 - OK

Process in memory: C:\Program Files (x86)\Google\Drive\googledrivesync.exe:5552 - OK

Process in memory: C:\Windows\System32\SearchIndexer.exe:2976 - OK

Process in memory: C:\Users\HLuther\AppData\Local\Google\Chrome\Application\chrome.exe:6112 - OK

Process in memory: C:\Program Files (x86)\Google\Drive\googledrivesync.exe:5652 - OK

Process in memory: C:\Users\HLuther\AppData\Roaming\Dropbox\bin\Dropbox.exe:6036 - OK

Process in memory: C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe:5712 - OK

Process in memory: C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe:4764 - OK

Process in memory: C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe:5680 - OK

Process in memory: C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe:5328 - OK

Process in memory: C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe:5252 - OK

Process in memory: C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe:5880 - OK

Process in memory: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe:5448 - OK

Process in memory: C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe:5160 - OK

Process in memory: C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe:6032 - OK

Process in memory: C:\Program Files\Synaptics\SynTP\SynTPHelper.exe:6932 - OK

Process in memory: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe:6268 - OK

Process in memory: C:\Program Files (x86)\AVG\AVG2013\avgui.exe:6256 - OK

Process in memory: C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe:5208 - OK

Process in memory: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe:5108 - OK

Process in memory: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe:8040 - OK

Process in memory: C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe:1684 - OK

Process in memory: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe:4136 - OK

Process in memory: C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe:7328 - OK

Process in memory: C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe:6804 - OK

Process in memory: C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe:7764 - OK

Process in memory: C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe:2772 - OK

Process in memory: C:\Program Files (x86)\Nero\Update\NASvc.exe:1816 - OK

Process in memory: C:\Users\HLuther\AppData\Local\Google\Chrome\Application\chrome.exe:5812 - OK

Process in memory: C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe:5072 - OK

Process in memory: C:\Users\HLuther\AppData\Local\Google\Chrome\Application\chrome.exe:7484 - OK

Process in memory: C:\Users\HLuther\AppData\Local\Google\Chrome\Application\chrome.exe:6456 - OK

Process in memory: C:\Users\HLuther\AppData\Local\Google\Chrome\Application\chrome.exe:7956 - OK

Process in memory: C:\Windows\System32\svchost.exe:6292 - OK

Process in memory: C:\Windows\System32\igfxext.exe:7140 - OK

Process in memory: C:\Windows\System32\igfxsrvc.exe:7364 - OK

Process in memory: C:\Program Files\Windows Media Player\wmpnetwk.exe:6196 - OK

Process in memory: C:\Users\HLuther\AppData\Local\Google\Chrome\Application\chrome.exe:8576 - OK

Process in memory: C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe:3580 - OK

Process in memory: C:\Windows\System32\svchost.exe:7016 - OK

Process in memory: C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe:4720 - OK

Process in memory: C:\Users\HLuther\AppData\Local\Google\Chrome\Application\chrome.exe:8392 - OK

Process in memory: C:\Windows\System32\WUDFHost.exe:5696 - OK

Process in memory: C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe:3220 - OK

Process in memory: C:\Users\HLuther\AppData\Local\Google\Chrome\Application\chrome.exe:6484 - OK

Process in memory: audiodg.exe:1520 - OK

Process in memory: C:\Users\HLuther\Downloads\wjs497v2.exe:4888 - OK

Process in memory: C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\80980f.exe:3204 - OK

Process in memory: C:\Windows\SysWOW64\ctfmon.exe:2584 - OK

Process in memory: C:\Users\HLuther\AppData\Local\Temp\46150B72-3997E796-836C0D36-5CE8A938\7ec30_xp.exe:8924 - OK

Process in memory: C:\Windows\System32\SearchProtocolHost.exe:4916 - OK

Process in memory: C:\Windows\System32\SearchFilterHost.exe:8048 - OK

[Memory scanning] No viruses found

Master Boot Record HDD1 - OK

Active OS/2 or WinNT Boot Sector HDD1 - OK

OS/2 or WinNT Boot Sector HDD1 - OK

OS/2 or WinNT Boot Sector HDD1 - OK

Share this post


Link to post
Share on other sites

That was way too much of the Cure-It log. Very much too verbose and not needed.

It appears that Cure-It detected no viruses.

You have TFC Temp File Cleaner from before.

Run TFC.exe 1 more time to make sure all temporary files are removed.

2

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

I will probably have you run some other report tool after this. We are not done yet.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.