View Full Version : Yontoo.Pagerage
girlie100
2013-04-03, 14:52
Please help, malware that Spybot cannot remove:
DDS txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.6001.19401 BrowserJavaVersion: 10.17.2
Run by User at 13:08:07 on 2013-04-03
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.3838.1202 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\User\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\EDIMAX\Common\RaUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Users\User\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\AirPort\APAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.iminent.com/?appId=525C3229-2172-49FF-A390-B6C0A017886C
uSearch Bar = Preserve
uProxyOverride = <local>
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
uURLSearchHooks: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - <orphaned>
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: TBSB01620 Class: {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: IMinent Toolbar: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Akamai NetSession Interface] "C:\Users\User\AppData\Local\Akamai\netsession_win.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Amazon Cloud Drive] C:\Users\User\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
mRun: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe"
mRun: [DVD or CD Sharing] "C:\Program Files (x86)\DVD or CD Sharing\ODSAgent.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Iminent] "C:\Program Files (x86)\Iminent\Iminent.exe" /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun: [IminentMessenger] "C:\Program Files (x86)\Iminent\Iminent.Messengers.exe" 7F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRunOnce: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\EDIMAX\Common\RaUI.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{12F00E71-EDD3-4034-99DD-F5868B153F7B} : DHCPNameServer = 10.0.0.2
TCP: Interfaces\{435EB237-F076-4DBA-89C7-E4FD651CF042} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{48464E3D-3173-4870-8DAB-5F418AAB8CA5} : DHCPNameServer = 10.0.0.2
TCP: Interfaces\{78E9DF41-5EF4-4AE3-ABC8-CEE980E04EE8} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{F3BADABC-16C7-4599-AACD-551FF47B1015} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
AppInit_DLLs= C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ievkbd.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: klogon - C:\Windows\System32\klogon.dll
x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
x64-mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - C:\Windows\System32\soundschemes.exe /AddRegistration
x64-mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - C:\Windows\System32\soundschemes2.exe /AddRegistration
Hosts: 0.0.0.0 localhost
Hosts: 0.0.0.0 localhost
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jfgl1xfx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - StartWeb
FF - prefs.js: browser.startup.homepage - hxxp://start.iminent.com/?appId=525C3229-2172-49FF-A390-B6C0A017886C
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jfgl1xfx.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jfgl1xfx.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\NPSWF32.dll
FF - ExtSQL: 2013-04-03 11:54; torntv2@torntv.com; C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jfgl1xfx.default\extensions\torntv2@torntv.com.xpi
FF - ExtSQL: 2013-04-03 11:54; plugin@yontoo.com; C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jfgl1xfx.default\extensions\plugin@yontoo.com
FF - ExtSQL: 2013-04-03 11:57; {C9B68337-E93A-44EA-94DC-CB300EC06444}; C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jfgl1xfx.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
FF - ExtSQL: 2013-04-03 11:58; webbooster@iminent.com; C:\Program Files (x86)\Iminent\webbooster@iminent.com
FF - ExtSQL: !HIDDEN! 2010-06-01 13:52; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 94304fed-130d-4ae9-ba91-a32c2b993721
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2011-5-25 85048]
R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\System32\drivers\klbg.sys [2009-10-14 40464]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2011-5-25 66104]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2009-9-14 27152]
R1 RapportCerberus_51755;RapportCerberus_51755;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys [2013-4-2 586072]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-4-2 228600]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-4-2 357272]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2010-6-1 27648]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-9-25 203776]
R2 AVP;Kaspersky PURE;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe [2010-10-1 348760]
R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2013-1-21 1737464]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2010-6-1 27648]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-10-11 375728]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-1-27 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-6-8 72216]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-4-2 1124184]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-8-10 1153368]
R2 SProtection;SProtection;C:\Program Files (x86)\Common Files\Umbrella\umbrella.exe [2013-1-25 2795048]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-10-2 21008]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2010-10-26 610816]
R3 RapportIaso;RapportIaso;C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys [2013-4-2 175352]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-6-2 34872]
RUnknown Yontoo Desktop Updater;Yontoo Desktop Updater; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-6-9 1431888]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-3-10 28696]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2010-10-5 11776]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2010-6-1 19968]
S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-10-11 236248]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2009-2-13 14464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-6-1 89920]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.txt: <filetype is not registered>
.js: <filetype is not registered>
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-04-02 12:16:10 236248 ----a-w- C:\Windows\System32\drivers\RapportKE64.sys
2013-03-14 08:37:45 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-14 08:37:45 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-14 03:07:27 72013344 ----a-w- C:\Windows\System32\mrt.exe
2013-03-07 12:31:30 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-07 12:31:30 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-03-07 12:31:30 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-07 12:31:30 262560 ----a-w- C:\Windows\SysWow64\javaws.exe
2013-03-07 12:31:30 174496 ----a-w- C:\Windows\SysWow64\javaw.exe
2013-03-07 12:31:30 174496 ----a-w- C:\Windows\SysWow64\java.exe
2013-02-28 17:43:13 9332736 ----a-w- C:\Windows\System32\mshtml.dll
2013-02-28 17:41:36 6011392 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-02-28 03:08:36 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-28 02:49:23 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-12 02:18:19 19456 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-02-02 10:55:13 1147392 ----a-w- C:\Windows\System32\wininet.dll
2013-02-02 10:54:50 1489408 ----a-w- C:\Windows\System32\urlmon.dll
2013-02-02 10:54:49 108032 ----a-w- C:\Windows\System32\url.dll
2013-02-02 10:52:51 243712 ----a-w- C:\Windows\System32\occache.dll
2013-02-02 10:50:59 1062912 ----a-w- C:\Windows\System32\mstime.dll
2013-02-02 10:50:29 98304 ----a-w- C:\Windows\System32\mshtmled.dll
2013-02-02 10:50:26 743424 ----a-w- C:\Windows\System32\msfeeds.dll
2013-02-02 10:50:26 71680 ----a-w- C:\Windows\System32\msfeedsbs.dll
2013-02-02 10:49:49 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2013-02-02 10:49:34 31744 ----a-w- C:\Windows\System32\jsproxy.dll
2013-02-02 10:49:27 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-02 10:49:10 77312 ----a-w- C:\Windows\System32\iesetup.dll
2013-02-02 10:49:10 2356736 ----a-w- C:\Windows\System32\iertutil.dll
2013-02-02 10:49:10 219136 ----a-w- C:\Windows\System32\ieui.dll
2013-02-02 10:49:10 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2013-02-02 10:49:09 72192 ----a-w- C:\Windows\System32\iernonce.dll
2013-02-02 10:49:09 252416 ----a-w- C:\Windows\System32\iepeers.dll
2013-02-02 10:48:18 12509184 ----a-w- C:\Windows\System32\ieframe.dll
2013-02-02 10:48:13 459776 ----a-w- C:\Windows\System32\iedkcs32.dll
2013-02-02 09:18:13 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-02 09:17:53 1212928 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-02-02 09:17:52 105984 ----a-w- C:\Windows\SysWow64\url.dll
2013-02-02 09:15:55 206848 ----a-w- C:\Windows\SysWow64\occache.dll
2013-02-02 09:13:54 611840 ----a-w- C:\Windows\SysWow64\mstime.dll
2013-02-02 09:13:23 67072 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-02-02 09:13:20 630272 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-02-02 09:13:20 55296 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
2013-02-02 09:12:40 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2013-02-02 09:12:21 25600 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-02-02 09:12:13 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 09:11:58 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-02-02 09:11:58 2004992 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-02-02 09:11:58 164352 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-02-02 09:11:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-02-02 09:11:56 55808 ----a-w- C:\Windows\SysWow64\iernonce.dll
2013-02-02 09:11:56 184320 ----a-w- C:\Windows\SysWow64\iepeers.dll
2013-02-02 09:11:56 11111424 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-02-02 09:11:51 387584 ----a-w- C:\Windows\SysWow64\iedkcs32.dll
2013-02-02 08:52:28 479232 ----a-w- C:\Windows\System32\html.iec
2013-02-02 07:37:34 385024 ----a-w- C:\Windows\SysWow64\html.iec
2013-02-02 07:33:35 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-02 07:33:12 70656 ----a-w- C:\Windows\System32\ie4uinit.exe
2013-02-02 07:31:44 12288 ----a-w- C:\Windows\System32\msfeedssync.exe
2013-02-02 05:52:46 174080 ----a-w- C:\Windows\SysWow64\ie4uinit.exe
2013-02-02 05:52:40 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 05:51:06 13312 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
2013-01-17 01:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-05 05:37:50 4695400 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-04 11:31:10 1423720 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-04 01:59:24 2773504 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 13:09:30.70 ===============
aswMBR:
It installed, updated started the scan and then closed itself with a fatal error?
Appreciate any help
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Running programs with Vista or Windows 7 , Right Click and select RUN AS ADMINISTATOR
Go here (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and download AdwCleaner to your desktop
Double click on AdwCleaner.exe to run the tool.
Click on Delete
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
http://i24.photobucket.com/albums/c30/ken545/AdwareCleaner.jpg
Download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop
shut down your protection software now to avoid potential conflicts.
run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
the tool will open and start scanning your system
please be patient as this can take a while to complete depending on your system's specifications
on completion, a log (JRT.txt) is saved to your desktop and will automatically open
post the contents of JRT.txt into your next message.
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
girlie100
2013-04-09, 13:55
Thanks Ken for looking at this, I did do a Spybot scan in safe mode yesterday and it appeared to remove the Yontoo.pageRage which then allowed me to uninstall the Iminent toobar which has now gone from my browser but here is the AdwCleaner Log:
# AdwCleaner v2.200 - Logfile created 04/09/2013 at 12:29:26
# Updated 02/04/2013 by Xplode
# Operating system : Windows (TM) Vista Ultimate Service Pack 2 (64 bits)
# User : User - OFFICE-PC
# Boot Mode : Normal
# Running from : C:\Users\User\Downloads\AdwCleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\Vuze_Remote
Deleted on reboot : C:\Program Files (x86)\Vuze_Remote
Deleted on reboot : C:\ProgramData\Ask
Deleted on reboot : C:\ProgramData\Tarma Installer
***** [Registry] *****
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vuze_Remote Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{678A3ED5-11C9-4840-864F-FC61F36BE85C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\Vuze_Remote
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{678A3ED5-11C9-4840-864F-FC61F36BE85C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.19401
[OK] Registry is clean.
-\\ Mozilla Firefox v19.0.2 (en-GB)
*************************
AdwCleaner[S1].txt - [8891 octets] - [09/04/2013 12:29:26]
########## EOF - C:\AdwCleaner[S1].txt - [8951 octets] ##########
girlie100
2013-04-09, 14:16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows (TM) Vista Ultimate x64
Ran by User on 09/04/2013 at 12:59:04.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\toolbar4"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\vuze_remote"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\vuze_remote"
Successfully deleted: [Folder] "C:\ProgramData\ask"
~~~ FireFox
Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\jfgl1xfx.default\user.js
Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\jfgl1xfx.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\jfgl1xfx.default\searchplugins\askcomsearch.xml
Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\jfgl1xfx.default\searchplugins\conduit.xml
Successfully deleted: [Folder] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\jfgl1xfx.default\conduitcommon
Successfully deleted: [Folder] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\jfgl1xfx.default\jetpack
Successfully deleted: [Folder] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\jfgl1xfx.default\extensions\plugin@yontoo.com
Successfully deleted: [Folder] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\jfgl1xfx.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\jfgl1xfx.default\prefs.js
user_pref("CT2504091..clientLogIsEnabled", true);
user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2504091.AppTrackingLastCheckTime", "Wed Oct 26 2011 10:49:34 GMT+0100 (GMT Daylight Time)");
user_pref("CT2504091.BrowserCompStateIsOpen_129566938558801595", true);
user_pref("CT2504091.CTID", "CT2504091");
user_pref("CT2504091.CurrentServerDate", "9-11-2011");
user_pref("CT2504091.DialogsAlignMode", "LTR");
user_pref("CT2504091.DialogsGetterLastCheckTime", "Mon Nov 07 2011 09:36:40 GMT+0000 (GMT Standard Time)");
user_pref("CT2504091.DownloadReferralCookieData", "");
user_pref("CT2504091.EMailNotifierPollDate", "Wed Nov 09 2011 11:35:44 GMT+0000 (GMT Standard Time)");
user_pref("CT2504091.FeedLastCount129079840422964131", 13);
user_pref("CT2504091.FeedPollDate128891351169457140", "Tue Aug 30 2011 10:40:28 GMT+0100 (GMT Daylight Time)");
user_pref("CT2504091.FeedPollDate129079840422964131", "Tue Aug 30 2011 10:40:29 GMT+0100 (GMT Daylight Time)");
user_pref("CT2504091.FeedTTL128891351169457140", 40);
user_pref("CT2504091.FirstServerDate", "4-6-2010");
user_pref("CT2504091.FirstTime", true);
user_pref("CT2504091.FirstTimeFF3", true);
user_pref("CT2504091.FirstTimeSettingsDone", true);
user_pref("CT2504091.FixPageNotFoundErrors", true);
user_pref("CT2504091.GroupingServerCheckInterval", 1440);
user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2504091.HasUserGlobalKeys", true);
user_pref("CT2504091.HomePageProtectorEnabled", false);
user_pref("CT2504091.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
user_pref("CT2504091.Initialize", true);
user_pref("CT2504091.InitializeCommonPrefs", true);
user_pref("CT2504091.InstallationAndCookieDataSentCount", 3);
user_pref("CT2504091.InstallationType", "UnknownIntegration");
user_pref("CT2504091.InstalledDate", "Fri Jun 04 2010 11:54:21 GMT+0100 (GMT Daylight Time)");
user_pref("CT2504091.IsAlertDBUpdated", true);
user_pref("CT2504091.IsGrouping", false);
user_pref("CT2504091.IsMulticommunity", false);
user_pref("CT2504091.IsOpenThankYouPage", false);
user_pref("CT2504091.IsOpenUninstallPage", false);
user_pref("CT2504091.LanguagePackLastCheckTime", "Wed Nov 09 2011 11:14:50 GMT+0000 (GMT Standard Time)");
user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2504091.LastLogin_2.7.0.14", "Tue Aug 17 2010 10:49:36 GMT+0100 (GMT Daylight Time)");
user_pref("CT2504091.LastLogin_2.7.1.3", "Thu Aug 19 2010 13:25:54 GMT+0100 (GMT Daylight Time)");
user_pref("CT2504091.LastLogin_2.7.2.0", "Wed Feb 23 2011 11:44:57 GMT+0000 (GMT Standard Time)");
user_pref("CT2504091.LastLogin_3.3.0.19", "Sun Apr 03 2011 12:02:03 GMT+0100 (GMT Daylight Time)");
user_pref("CT2504091.LastLogin_3.3.3.2", "Wed Jun 22 2011 11:07:30 GMT+0100 (GMT Daylight Time)");
user_pref("CT2504091.LastLogin_3.5.0.12", "Thu Aug 25 2011 10:05:00 GMT+0100 (GMT Daylight Time)");
user_pref("CT2504091.LastLogin_3.6.0.10", "Mon Oct 03 2011 09:58:01 GMT+0100 (GMT Daylight Time)");
user_pref("CT2504091.LastLogin_3.7.0.6", "Wed Nov 09 2011 11:14:45 GMT+0000 (GMT Standard Time)");
user_pref("CT2504091.LatestVersion", "3.8.0.8");
user_pref("CT2504091.Locale", "en-us");
user_pref("CT2504091.LoginCache", 4);
user_pref("CT2504091.MAX_NUMBER_OF_ALERTS_129566938558801595", "1_1314697270777");
user_pref("CT2504091.MCDetectTooltipHeight", "83");
user_pref("CT2504091.MCDetectTooltipShow", false);
user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2504091.MCDetectTooltipWidth", "295");
user_pref("CT2504091.MyStuffEnabledAtInstallation", true);
user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2504091&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT2504091.SearchEngineBeforeUnload", "Google Powered Search");
user_pref("CT2504091.SearchFromAddressBarIsInit", true);
user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=");
user_pref("CT2504091.SearchInNewTabEnabled", true);
user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
user_pref("CT2504091.SearchInNewTabLastCheckTime", "Wed Nov 09 2011 11:14:43 GMT+0000 (GMT Standard Time)");
user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
user_pref("CT2504091.SearchProtectorEnabled", true);
user_pref("CT2504091.SearchProtectorToolbarDisabled", false);
user_pref("CT2504091.ServiceMapLastCheckTime", "Wed Nov 09 2011 11:14:44 GMT+0000 (GMT Standard Time)");
user_pref("CT2504091.SettingsCheckIntervalMin", 120);
user_pref("CT2504091.SettingsLastCheckTime", "Wed Nov 09 2011 11:14:44 GMT+0000 (GMT Standard Time)");
user_pref("CT2504091.SettingsLastUpdate", "1319755934");
user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Wed Oct 26 2011 12:04:43 GMT+0100 (GMT Daylight Time)");
user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1312887586");
user_pref("CT2504091.ToolbarShrinkedFromSetup", false);
user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2504091");
user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2504091.UserID", "UN19066133314891753");
user_pref("CT2504091.ValidationData_Search", 2);
user_pref("CT2504091.ValidationData_Toolbar", 2);
user_pref("CT2504091.alertChannelId", "897164");
user_pref("CT2504091.approveUntrustedApps", false);
user_pref("CT2504091.backendstorage._gpl_firstrun10100", "31333137393837303335");
user_pref("CT2504091.backendstorage.for_aoi", "31333132373937303133");
user_pref("CT2504091.backendstorage.for_ccid", "4368656C6D73666F7264");
user_pref("CT2504091.backendstorage.for_cdtr5", "31333132373937303133");
user_pref("CT2504091.backendstorage.for_cdtr6", "31333135393934363633");
user_pref("CT2504091.backendstorage.for_cid", "4742");
user_pref("CT2504091.backendstorage.for_ip", "38362E3133322E3130332E313835");
user_pref("CT2504091.backendstorage.for_lcut", "31333139343439303538");
user_pref("CT2504091.backendstorage.for_pid", "31303231");
user_pref("CT2504091.backendstorage.for_rid", "4534");
user_pref("CT2504091.backendstorage.for_zoneid", "3130313537");
user_pref("CT2504091.backendstorage.hxxp://dl_gameplaylabs_com/items/conduit/temp._gpl_firstrun10100", "31333137393837303335");
user_pref("CT2504091.clientLogIsEnabled", false);
user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2504091.components.129079840422182852", false);
user_pref("CT2504091.components.129079840422339107", false);
user_pref("CT2504091.components.129079840422964131", false);
user_pref("CT2504091.components.129079849636241789", false);
user_pref("CT2504091.components.129566938558801595", false);
user_pref("CT2504091.components.129593776931068636", false);
user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2504091.globalFirstTimeInfoLastCheckTime", "Wed Nov 09 2011 11:14:45 GMT+0000 (GMT Standard Time)");
user_pref("CT2504091.homepageProtectorEnableByLogin", true);
user_pref("CT2504091.initDone", true);
user_pref("CT2504091.isAppTrackingManagerOn", true);
user_pref("CT2504091.myStuffEnabled", true);
user_pref("CT2504091.myStuffPublihserMinWidth", 400);
user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2504091.oldAppsList", "129079840421557838,129079840422026594,111,129079849636241789,129079840422182852,129079840422339107,129079840422964131,1000034,1000080,10000
user_pref("CT2504091.revertSettingsEnabled", true);
user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);
user_pref("CT2504091.searchProtectorEnableByLogin", true);
user_pref("CT2504091.testingCtid", "");
user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Wed Nov 09 2011 11:14:50 GMT+0000 (GMT Standard Time)");
user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Mon Oct 31 2011 10:25:14 GMT+0000 (GMT Standard Time)");
user_pref("CT2504091.undefined", "Thu Feb 24 2011 11:19:12 GMT+0000 (GMT Standard Time)");
user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2504091.usagesFlag", 2);
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/897164/892962/UK", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/UK", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "wVmmvqqOMqrv5xct1cJIHg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "0uSPYx+Kl2jpu8sJZMeHjw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "Dclc8oo4TTv7+mAkSlUSWg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "K4Vqu91uAzWURlxJRdXJOg==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.0.19", "\"0652eeacc6cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"807dc126dd28cc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=2.7.1.3", "\"0652eeacc6cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.0.19", "\"0652eeacc6cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.0.12", "\"80ee9485875dcc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"0ee90707f77cc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"6a637346d78ccc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091", "\"56fe0d15406c7b69464328b19c048ede\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634333631231730000\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634339976460000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/2011 6:54:06 PM", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2504091&octid=CT2504091", "\"1319755934\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2504091/CT2504091", "\"1311168869\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634322696881670000\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"dfcd977b3de16cbbb14789dbe1cbbc9f\"");
user_pref("CommunityToolbar.EngineOwner", "");
user_pref("CommunityToolbar.EngineOwnerGuid", "{ba14329e-9550-4989-b3f2-9732e92d17cc}");
user_pref("CommunityToolbar.EngineOwnerToolbarId", "vuze_remote");
user_pref("CommunityToolbar.IsEngineShown", true);
user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\User\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\jfgl1xfx.default\\conduitCommon\\modules\\3.7.0.6");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6");
user_pref("CommunityToolbar.OriginalEngineOwner", "CT2504091");
user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{ba14329e-9550-4989-b3f2-9732e92d17cc}");
user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "vuze_remote");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Jun 09 2011 10:34:04 GMT+0100 (GMT Daylight Time)");
user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 22 2011 12:34:42 GMT+0100 (GMT Daylight Time)");
user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 22 2011 12:34:34 GMT+0100 (GMT Daylight Time)");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "4f7cc9f0-3d2d-49bf-ace2-b4193981d8f6");
user_pref("CommunityToolbar.globalUserId", "ad3fe0e5-9e72-4603-9eee-a481c4289bd8");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2504091");
user_pref("CommunityToolbar.killedEngine", true);
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Nov 08 2011 11:26:11 GMT+0000 (GMT Standard Time)");
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Nov 09 2011 11:14:52 GMT+0000 (GMT Standard Time)");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Nov 09 2011 11:14:44 GMT+0000 (GMT Standard Time)");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "73d949fe-6d0c-4bd0-bc0c-20005e2cee8a");
user_pref("CommunityToolbar.undefined", "");
user_pref("browser.search.defaultengine", "Ask.com Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}");
user_pref("browser.search.order.1", "Ask.com Search");
user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
user_pref("extentions.y2layers.installId", "94304fed-130d-4ae9-ba91-a32c2b993721");
user_pref("iminent.webbooster.scripts.minibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0");
user_pref("iminent.webbooster.scripts.minibar.displayFavLinks", "1");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent140", "1364990446886");
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\jfgl1xfx.default\minidumps [21 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/04/2013 at 13:15:31.80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
girlie100
2013-04-09, 14:19
OTL won't run, just asks to close.
Hi,
You had an awful lot of toolbars installed, these are things that you dont need, they alter your search settings in your browsers and some contain adware. What you need to do is when installing any programs, be sure to read through the prompts , sometimes they try and slip one in on you if your not looking. Updating Java is a good example, if you don't uncheck the Ask Toolbar it will install it and its a piece of garbage.
Lets hold off on OTL right now and see if this will run. Are you experiencing any browser redirects or unwanted pop up windows ???
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
girlie100
2013-04-10, 10:13
There has been no pop ups or browser re-directs since spybot removed it.
Here is the log from Malwarebytes:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.04.10.02
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19401
User :: OFFICE-PC [administrator]
10/04/2013 08:43:52
mbam-log-2013-04-10 (08-43-52).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218475
Time elapsed: 27 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Good Morning,
See if you can run OTL in safemode
To Enter Safemode
Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard
Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)
girlie100
2013-04-10, 11:29
Morning Ken,
Tried OTL in safe mode but same problem, OTL encountered a problem and then closes.
At this point without seeing a aswMBR log and also OTL I am not sure if its a virus blocking the programs from running or if its just a problem with your system.
Run this program, remember that you need to right click on the programs we are running and select RUN AS ADMINISTRATOR, have you been doing that ?
After running RKill than give aswMBR and OTL another try
Please download rkill (Courtesy of Bleepingcomputer.com).
There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
Note: You only need to get one of the tools to run, not all of them.
1. rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
2. rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
3. rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
4. WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
5. uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)
Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.
Run rkill repeatedly until it's able to do it's job. This may take a few tries.
You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.
girlie100
2013-04-10, 14:00
thanks Ken, yep everything has been right clicked and run as administrator.
log from Rkill:
Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 04/10/2013 12:49:30 PM in x64 mode.
Windows Version: Windows Vista (TM) Ultimate Service Pack 2
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
Backup Registry file created at:
C:\Users\User\Desktop\rkill\rkill-04-10-2013-12-51-11.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Firewall Disabled
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
::1 localhost
0.0.0.0 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
0.0.0.0 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
20 out of 32 HOSTS entries shown.
Please review HOSTS file for further entries.
Program finished at: 04/10/2013 12:52:49 PM
Execution time: 0 hours(s), 3 minute(s), and 19 seconds(s)
girlie100
2013-04-10, 15:12
aswMBR updated and started the scan got quite a bit through it before it closed with the attached screen grab.
:sad:
girlie100
2013-04-10, 15:16
When I run OTL I just get as attached;
Ok, lets see if this will run
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
girlie100
2013-04-11, 09:58
08:53:00.0124 2868 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:53:00.0820 2868 ============================================================
08:53:00.0820 2868 Current date / time: 2013/04/11 08:53:00.0820
08:53:00.0820 2868 SystemInfo:
08:53:00.0820 2868
08:53:00.0820 2868 OS Version: 6.0.6002 ServicePack: 2.0
08:53:00.0820 2868 Product type: Workstation
08:53:00.0820 2868 ComputerName: OFFICE-PC
08:53:00.0821 2868 UserName: User
08:53:00.0821 2868 Windows directory: C:\Windows
08:53:00.0821 2868 System windows directory: C:\Windows
08:53:00.0821 2868 Running under WOW64
08:53:00.0821 2868 Processor architecture: Intel x64
08:53:00.0821 2868 Number of processors: 4
08:53:00.0821 2868 Page size: 0x1000
08:53:00.0821 2868 Boot type: Normal boot
08:53:00.0821 2868 ============================================================
08:53:03.0407 2868 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:53:03.0424 2868 Drive \Device\Harddisk1\DR1 - Size: 0xE8B6F00000 (930.86 Gb), SectorSize: 0x200, Cylinders: 0x1DAAB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:53:03.0507 2868 ============================================================
08:53:03.0507 2868 \Device\Harddisk0\DR0:
08:53:03.0547 2868 MBR partitions:
08:53:03.0547 2868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
08:53:03.0547 2868 \Device\Harddisk1\DR1:
08:53:03.0549 2868 MBR partitions:
08:53:03.0549 2868 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x745B7000
08:53:03.0549 2868 ============================================================
08:53:03.0647 2868 C: <-> \Device\Harddisk0\DR0\Partition1
08:53:03.0656 2868 J: <-> \Device\Harddisk1\DR1\Partition1
08:53:03.0657 2868 ============================================================
08:53:03.0657 2868 Initialize success
08:53:03.0657 2868 ============================================================
08:53:19.0584 2868 ============================================================
08:53:19.0584 2868 Scan started
08:53:19.0584 2868 Mode: Manual;
08:53:19.0584 2868 ============================================================
08:53:30.0360 2868 ================ Scan system memory ========================
08:53:30.0360 2868 System memory - ok
08:53:30.0361 2868 ================ Scan services =============================
08:53:31.0395 2868 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
08:53:31.0417 2868 ACPI - ok
08:53:31.0637 2868 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:53:31.0642 2868 AdobeARMservice - ok
08:53:31.0714 2868 [ 9137451D37BA1C325CD6C2DEF3D2D692 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:53:31.0730 2868 adp94xx - ok
08:53:31.0785 2868 [ 01F80898DF5CC7DF19B3B11351846263 ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:53:31.0801 2868 adpahci - ok
08:53:31.0862 2868 [ DA001DB13FFF45DFE9109936E265B7CC ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
08:53:31.0876 2868 adpu160m - ok
08:53:31.0908 2868 [ 2B10C35C5B7C5C0C28F572E035319602 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:53:31.0926 2868 adpu320 - ok
08:53:31.0984 2868 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:53:31.0998 2868 AeLookupSvc - ok
08:53:32.0178 2868 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
08:53:32.0182 2868 AFD - ok
08:53:32.0238 2868 [ 5CCDD13BC602AE33CD8B62D33C29AB72 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:53:32.0251 2868 agp440 - ok
08:53:32.0285 2868 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
08:53:32.0300 2868 aic78xx - ok
08:53:34.0155 2868 [ C7074BD8D4B8F564859ED373433030AE ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll
08:53:34.0155 2868 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
08:53:34.0164 2868 Akamai ( HiddenFile.Multi.Generic ) - warning
08:53:34.0164 2868 Akamai - detected HiddenFile.Multi.Generic (1)
08:53:34.0233 2868 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
08:53:34.0251 2868 ALG - ok
08:53:34.0278 2868 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
08:53:34.0314 2868 aliide - ok
08:53:34.0414 2868 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:53:34.0432 2868 AMD External Events Utility - ok
08:53:34.0467 2868 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
08:53:34.0487 2868 amdide - ok
08:53:34.0523 2868 [ DE55DC52F7CEB89A967572D6B491ADA2 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
08:53:34.0558 2868 AmdK8 - ok
08:53:35.0278 2868 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:53:35.0375 2868 amdkmdag - ok
08:53:35.0455 2868 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
08:53:35.0491 2868 amdkmdap - ok
08:53:35.0629 2868 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
08:53:35.0649 2868 Appinfo - ok
08:53:35.0888 2868 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:53:35.0906 2868 Apple Mobile Device - ok
08:53:35.0970 2868 [ 3DA98C07B18A676180FE7EED924D1673 ] AppMgmt C:\Windows\System32\appmgmts.dll
08:53:35.0992 2868 AppMgmt - ok
08:53:36.0048 2868 [ 2E8623F2FED998A97129A3DB919551C8 ] arc C:\Windows\system32\drivers\arc.sys
08:53:36.0075 2868 arc - ok
08:53:36.0097 2868 [ 741A003C041A3EC480A2E71AF71E9654 ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:53:36.0123 2868 arcsas - ok
08:53:36.0418 2868 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:53:36.0472 2868 aspnet_state - ok
08:53:36.0571 2868 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:53:36.0591 2868 AsyncMac - ok
08:53:36.0640 2868 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
08:53:36.0656 2868 atapi - ok
08:53:36.0923 2868 [ 60216B0E704584DE6D5A9F59E9C34C47 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:53:36.0972 2868 atikmdag - ok
08:53:37.0038 2868 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
08:53:37.0060 2868 AtiPcie - ok
08:53:37.0105 2868 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:53:37.0166 2868 AudioEndpointBuilder - ok
08:53:37.0178 2868 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:53:37.0181 2868 AudioSrv - ok
08:53:37.0243 2868 [ A2B790F9A751F24F17967F9A5574186D ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
08:53:37.0291 2868 AVP - ok
08:53:37.0485 2868 [ 553E94AE71D233C14A8C8B4AF9286ED0 ] BecHelperService C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
08:53:37.0587 2868 BecHelperService - ok
08:53:37.0703 2868 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
08:53:37.0742 2868 BFE - ok
08:53:37.0879 2868 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
08:53:37.0950 2868 BITS - ok
08:53:37.0955 2868 blbdrive - ok
08:53:38.0095 2868 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:53:38.0110 2868 Bonjour Service - ok
08:53:38.0155 2868 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:53:38.0163 2868 bowser - ok
08:53:38.0231 2868 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
08:53:38.0245 2868 BrFiltLo - ok
08:53:38.0273 2868 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
08:53:38.0300 2868 BrFiltUp - ok
08:53:38.0368 2868 [ A1B39DE453433B115B4EA69EE0343816 ] Browser
girlie100
2013-04-11, 09:59
C:\Windows\System32\browser.dll
08:53:38.0378 2868 Browser - ok
08:53:38.0519 2868 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
08:53:38.0533 2868 Brserid - ok
08:53:38.0586 2868 [ 34F6C504B150F99DAE69D7073D2A4DF4 ] BrSerIf C:\Windows\system32\DRIVERS\BrSerIf.sys
08:53:38.0595 2868 BrSerIf - ok
08:53:38.0634 2868 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
08:53:38.0648 2868 BrSerWdm - ok
08:53:38.0677 2868 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
08:53:38.0690 2868 BrUsbMdm - ok
08:53:38.0718 2868 [ 601CB966FFFEBC6806626DC8E7AA0EF2 ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys
08:53:38.0728 2868 BrUsbSer - ok
08:53:38.0763 2868 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:53:38.0783 2868 BTHMODEM - ok
08:53:38.0886 2868 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:53:38.0896 2868 cdfs - ok
08:53:38.0942 2868 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:53:38.0953 2868 cdrom - ok
08:53:39.0019 2868 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
08:53:39.0028 2868 CertPropSvc - ok
08:53:39.0049 2868 [ F28F00596824058BC61D5EDF434C9B82 ] circlass C:\Windows\system32\drivers\circlass.sys
08:53:39.0062 2868 circlass - ok
08:53:39.0096 2868 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
08:53:39.0125 2868 CLFS - ok
08:53:39.0270 2868 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:53:39.0306 2868 clr_optimization_v2.0.50727_32 - ok
08:53:39.0408 2868 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:53:39.0448 2868 clr_optimization_v2.0.50727_64 - ok
08:53:39.0556 2868 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:53:39.0561 2868 clr_optimization_v4.0.30319_32 - ok
08:53:39.0668 2868 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:53:39.0694 2868 clr_optimization_v4.0.30319_64 - ok
08:53:39.0728 2868 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:53:39.0742 2868 cmdide - ok
08:53:39.0771 2868 [ 0E77A445640BF310817F60941C50560C ] Compbatt C:\Windows\system32\drivers\compbatt.sys
08:53:39.0785 2868 Compbatt - ok
08:53:39.0790 2868 COMSysApp - ok
08:53:39.0826 2868 [ B1192DCD5B9CF46BEED0E2A9E5BCF59A ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:53:39.0840 2868 crcdisk - ok
08:53:39.0913 2868 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:53:39.0915 2868 CryptSvc - ok
08:53:39.0981 2868 [ F60F50C8ED3FCBE358430B95FE27D09C ] CSC C:\Windows\system32\drivers\csc.sys
08:53:40.0013 2868 CSC - ok
08:53:40.0059 2868 [ AB1201F8DE199E764DA9A32ABF71049C ] CSCrySec C:\Windows\system32\DRIVERS\CSCrySec.sys
08:53:40.0076 2868 CSCrySec - ok
08:53:40.0126 2868 [ 1B5F256D31836ED2BA60B3A6C800200C ] CscService C:\Windows\System32\cscsvc.dll
08:53:40.0159 2868 CscService - ok
08:53:40.0312 2868 [ 6E5B42219F1FE4A3D087D9D501E343D5 ] CSObjectsSrv C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
08:53:40.0338 2868 CSObjectsSrv - ok
08:53:40.0401 2868 [ A6EED705BB510FA6B0F9F097165A3395 ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
08:53:40.0411 2868 CSVirtualDiskDrv - ok
08:53:40.0556 2868 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
08:53:40.0561 2868 DcomLaunch - ok
08:53:40.0587 2868 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:53:40.0595 2868 DfsC - ok
08:53:40.0949 2868 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
08:53:40.0995 2868 DFSR - ok
08:53:41.0085 2868 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
08:53:41.0119 2868 Dhcp - ok
08:53:41.0149 2868 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
08:53:41.0171 2868 disk - ok
08:53:41.0255 2868 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:53:41.0301 2868 Dnscache - ok
08:53:41.0353 2868 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
08:53:41.0371 2868 dot3svc - ok
08:53:41.0507 2868 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
08:53:41.0524 2868 DPS - ok
08:53:41.0603 2868 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:53:41.0636 2868 drmkaud - ok
08:53:41.0748 2868 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:53:41.0767 2868 DXGKrnl - ok
08:53:41.0803 2868 [ D57FE09B575545738A73A0C193D0616A ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
08:53:41.0833 2868 E1G60 - ok
08:53:41.0888 2868 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
08:53:41.0913 2868 EapHost - ok
08:53:42.0003 2868 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
08:53:42.0027 2868 Ecache - ok
08:53:42.0147 2868 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:53:42.0169 2868 ehRecvr - ok
08:53:42.0200 2868 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
08:53:42.0214 2868 ehSched - ok
08:53:42.0266 2868 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
08:53:42.0283 2868 ehstart - ok
08:53:42.0319 2868 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
08:53:42.0342 2868 ElbyCDIO - ok
08:53:42.0410 2868 [ 3D6298AFF3FE06C0616CE5D090A3EEAA ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:53:42.0447 2868 elxstor - ok
08:53:42.0524 2868 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
08:53:42.0578 2868 EMDMgmt - ok
08:53:42.0617 2868 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
08:53:42.0671 2868 EventSystem - ok
08:53:42.0700 2868 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
08:53:42.0717 2868 exfat - ok
08:53:42.0760 2868 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:53:42.0788 2868 fastfat - ok
08:53:42.0876 2868 [ 989A776A2FF32A148FCF15C44058B129 ] Fax C:\Windows\system32\fxssvc.exe
08:53:42.0897 2868 Fax - ok
08:53:42.0940 2868 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:53:42.0954 2868 fdc - ok
08:53:43.0009 2868 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
08:53:43.0028 2868 fdPHost - ok
08:53:43.0088 2868 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
08:53:43.0112 2868 FDResPub - ok
08:53:43.0190 2868 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:53:43.0212 2868 FileInfo - ok
08:53:43.0261 2868 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:53:43.0283 2868 Filetrace - ok
08:53:43.0324 2868 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:53:43.0359 2868 FLEXnet Licensing Service - ok
08:53:43.0572 2868 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
08:53:43.0583 2868 FLEXnet Licensing Service 64 - ok
08:53:43.0610 2868 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:53:43.0621 2868 flpydisk - ok
08:53:43.0684 2868 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:53:43.0708 2868 FltMgr - ok
08:53:43.0844 2868 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
08:53:43.0861 2868 FontCache - ok
08:53:44.0007 2868 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:53:44.0035 2868 FontCache3.0.0.0 - ok
08:53:44.0049 2868 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:53:44.0051 2868 Fs_Rec - ok
08:53:44.0125 2868 [ 849E38DB7D829962D0233A0A252B60C3 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:53:44.0150 2868 fvevol - ok
08:53:44.0219 2868 [ B54520CC7B4B55134D7527B1CD3FC1F2 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:53:44.0233 2868 gagp30kx - ok
08:53:44.0334 2868 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:53:44.0337 2868 GEARAspiWDM - ok
08:53:44.0497 2868 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
08:53:44.0531 2868 gpsvc - ok
08:53:44.0673 2868 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:53:44.0678 2868 gupdate - ok
08:53:44.0823 2868 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:53:44.0825 2868 gupdatem - ok
08:53:44.0928 2868 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:53:44.0948 2868 HdAudAddService - ok
08:53:45.0105 2868 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:53:45.0119 2868 HDAudBus - ok
08:53:45.0185 2868 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:53:45.0199 2868 HidBth - ok
08:53:45.0217 2868 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
08:53:45.0231 2868 HidIr - ok
08:53:45.0264 2868 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
08:53:45.0274 2868 hidserv - ok
08:53:45.0341 2868 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:53:45.0363 2868 HidUsb - ok
08:53:45.0396 2868 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
08:53:45.0411 2868 hkmsvc - ok
08:53:45.0445 2868 [ 8EDC820115DF1E04763B2923676EA5B2 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
08:53:45.0459 2868 HpCISSs - ok
08:53:45.0553 2868 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:53:45.0573 2868 HTTP - ok
08:53:45.0584 2868 [ F2901763845570ECAC48E6A50EC50812 ] i2omp C:\Windows\system32\drivers\i2omp.sys
08:53:45.0598 2868 i2omp - ok
08:53:45.0663 2868 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
08:53:45.0674 2868 i8042prt - ok
08:53:45.0706 2868 [ 72C3EE7EA3CD75A772E62AE0E5DF8B8C ] iaStorV C:\Windows\system32\drivers\iastorv.sys
08:53:45.0721 2868 iaStorV - ok
08:53:45.0850 2868 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
08:53:45.0874 2868 IDriverT - ok
08:53:45.0987 2868 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:53:46.0017 2868 idsvc - ok
08:53:46.0036 2868 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:53:46.0056 2868 iirsp - ok
08:53:46.0188 2868 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
08:53:46.0218 2868 IKEEXT - ok
08:53:46.0397 2868 [ F6B3B107ECC1A94E7A8245B008B9E613 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
08:53:46.0430 2868 IntcAzAudAddService - ok
08:53:46.0516 2868 [ 36A266C673812878996F72B200203FBB ] intelide C:\Windows\system32\drivers\intelide.sys
08:53:46.0576 2868 intelide - ok
08:53:46.0600 2868 [ CD802075728E514548841DCC3F8B0220 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:53:46.0631 2868 intelppm - ok
08:53:46.0677 2868 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:53:46.0696 2868 IPBusEnum - ok
08:53:46.0735 2868 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:53:46.0831 2868 IpFilterDriver - ok
08:53:46.0923 2868 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:53:46.0949 2868 iphlpsvc - ok
08:53:46.0954 2868 IpInIp - ok
08:53:46.0989 2868 [ EACDBBE429C6D170BDEEE0EFFCBC317B ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
08:53:47.0038 2868 IPMIDRV - ok
08:53:47.0098 2868 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
08:53:47.0125 2868 IPNAT - ok
08:53:47.0280 2868 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:53:47.0332 2868 iPod Service - ok
08:53:47.0370 2868 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:53:47.0394 2868 IRENUM - ok
08:53:47.0434 2868 [ D3BB520B31F28C1A065CD058E762EE73 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:53:47.0466 2868 isapnp - ok
08:53:47.0511 2868 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
08:53:47.0534 2868 iScsiPrt - ok
08:53:47.0551 2868 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
08:53:47.0591 2868 iteatapi - ok
08:53:47.0676 2868 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
08:53:47.0711 2868 iteraid - ok
08:53:47.0824 2868 [ 5C6671764E8411ABC86F96A1D1FB30C9 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
08:53:47.0833 2868 ivusb - ok
08:53:47.0885 2868 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:53:47.0910 2868 kbdclass - ok
08:53:47.0946 2868 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:53:47.0986 2868 kbdhid - ok
08:53:48.0018 2868 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
08:53:48.0021 2868 KeyIso - ok
08:53:48.0138 2868 [ DB449F50E5141458EB58E64FFAC4863F ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
08:53:48.0196 2868 kl1 - ok
08:53:48.0244 2868 [ 87200A8AFE40532BAA4D2B24A7BA0EEA ] KLBG C:\Windows\system32\DRIVERS\klbg.sys
08:53:48.0274 2868 KLBG - ok
08:53:48.0316 2868 [ 34D49307217B20E5A845B7DB50CDD4FA ] KLIF C:\Windows\system32\DRIVERS\klif.sys
08:53:48.0331 2868 KLIF - ok
08:53:48.0403 2868 [ 630F22545379437737CF4172F09FE449 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
08:53:48.0428 2868 KLIM6 - ok
08:53:48.0432 2868 [ 786791291939ABB11F6D0F040DA23912 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
08:53:48.0475 2868 klmouflt - ok
08:53:48.0553 2868 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:53:48.0603 2868 KSecDD - ok
08:53:48.0642 2868 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:53:48.0663 2868 ksthunk - ok
08:53:48.0734 2868 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
08:53:48.0749 2868 KtmRm - ok
08:53:48.0795 2868 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
08:53:48.0826 2868 LanmanServer - ok
08:53:48.0858 2868 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:53:48.0884 2868 LanmanWorkstation - ok
08:53:48.0968 2868 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:53:48.0991 2868 lltdio - ok
08:53:49.0031 2868 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:53:49.0046 2868 lltdsvc - ok
08:53:49.0092 2868 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:53:49.0133 2868 lmhosts - ok
08:53:49.0244 2868 [ 7109163D8027076D2680CFC4E80E2A28 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
08:53:49.0341 2868 LMIGuardianSvc - ok
08:53:49.0418 2868 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
08:53:49.0452 2868 LMIInfo - ok
08:53:49.0508 2868 [ 8054CE1FC8B417691960D00F931516A7 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
08:53:49.0527 2868 LMIMaint - ok
08:53:49.0590 2868 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
08:53:49.0641 2868 lmimirr - ok
08:53:49.0705 2868 LMIRfsClientNP - ok
08:53:49.0757 2868 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
08:53:49.0838 2868 LMIRfsDriver - ok
08:53:50.0275 2868 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
08:53:50.0306 2868 LogMeIn - ok
08:53:50.0390 2868 [ 1572F8D999C0AB4376AFDCE058A78DF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:53:50.0411 2868 LSI_FC - ok
08:53:50.0541 2868 [ 64470979C3E3C9FF60EDFB5230C56E0E ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:53:50.0570 2868 LSI_SAS - ok
08:53:50.0643 2868 [ 4CED7D3B54BFC5BBAE75C4A73C7F7428 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:53:50.0667 2868 LSI_SCSI - ok
08:53:50.0744 2868 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
08:53:50.0759 2868 luafv - ok
08:53:50.0855 2868 [ 23488767CB18FC3FF39E3AF1DB3FB02C ] massfilter C:\Windows\system32\drivers\massfilter.sys
08:53:50.0883 2868 massfilter - ok
08:53:50.0964 2868 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:53:50.0980 2868 Mcx2Svc - ok
08:53:51.0039 2868 [ 2F631C2939D5F2E8958935EE701D70D7 ] megasas C:\Windows\system32\drivers\megasas.sys
08:53:51.0061 2868 megasas - ok
08:53:51.0388 2868 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
08:53:51.0429 2868 Microsoft Office Groove Audit Service - ok
08:53:51.0483 2868 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
08:53:51.0527 2868 MMCSS - ok
08:53:51.0557 2868 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
08:53:51.0574 2868 Modem - ok
08:53:51.0656 2868 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:53:51.0739 2868 monitor - ok
08:53:51.0765 2868 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:53:51.0796 2868 mouclass - ok
08:53:51.0862 2868 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:53:51.0913 2868 mouhid - ok
08:53:51.0985 2868 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
08:53:52.0006 2868 MountMgr - ok
08:53:52.0073 2868 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:53:52.0175 2868 MozillaMaintenance - ok
08:53:52.0242 2868 [ ED48EAC719EE28DB773359EB1B06E2B5 ] mpio C:\Windows\system32\drivers\mpio.sys
08:53:52.0279 2868 mpio - ok
08:53:52.0314 2868 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:53:52.0342 2868 mpsdrv - ok
08:53:52.0392 2868 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
08:53:52.0494 2868 MpsSvc - ok
08:53:52.0517 2868 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
08:53:52.0578 2868 Mraid35x - ok
08:53:52.0610 2868 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:53:52.0687 2868 MRxDAV - ok
08:53:52.0750 2868 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:53:52.0788 2868 mrxsmb - ok
08:53:52.0826 2868 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:53:52.0830 2868 mrxsmb10 - ok
08:53:52.0890 2868 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:53:52.0924 2868 mrxsmb20 - ok
08:53:52.0961 2868 [ EEADF970795148BFBB1DB3ABCC89C16B ] msahci C:\Windows\system32\drivers\msahci.sys
08:53:52.0993 2868 msahci - ok
08:53:53.0017 2868 [ 96D7C0A1B98434C6E4FF0C2E26A0E20A ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:53:53.0065 2868 msdsm - ok
08:53:53.0127 2868 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
08:53:53.0150 2868 MSDTC - ok
08:53:53.0209 2868 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:53:53.0229 2868 Msfs - ok
08:53:53.0272 2868 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:53:53.0287 2868 msisadrv - ok
08:53:53.0352 2868 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:53:53.0365 2868 MSiSCSI - ok
08:53:53.0369 2868 msiserver - ok
08:53:53.0472 2868 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:53:53.0485 2868 MSKSSRV - ok
08:53:53.0512 2868 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:53:53.0544 2868 MSPCLOCK - ok
08:53:53.0568 2868 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:53:53.0596 2868 MSPQM - ok
08:53:53.0655 2868 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:53:53.0682 2868 MsRPC - ok
08:53:53.0737 2868 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
08:53:53.0748 2868 mssmbios - ok
08:53:53.0773 2868 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:53:53.0784 2868 MSTEE - ok
08:53:54.0185 2868 [ CB4A082AF58D1A0969F931816D5CFB05 ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
08:53:54.0216 2868 msvsmon90 - ok
08:53:54.0249 2868 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
08:53:54.0272 2868 Mup - ok
08:53:54.0341 2868 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
08:53:54.0370 2868 napagent - ok
08:53:54.0437 2868 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:53:54.0448 2868 NativeWifiP - ok
08:53:54.0557 2868 [ E4534BCCDD1EA7A7A256BB9D6688A5FC ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
08:53:54.0570 2868 NAUpdate - ok
08:53:54.0746 2868 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:53:54.0773 2868 NDIS - ok
08:53:54.0835 2868 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:53:54.0845 2868 NdisTapi - ok
08:53:54.0920 2868 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:53:54.0930 2868 Ndisuio - ok
08:53:55.0067 2868 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:53:55.0090 2868 NdisWan - ok
08:53:55.0123 2868 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:53:55.0134 2868 NDProxy - ok
08:53:55.0175 2868 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:53:55.0185 2868 NetBIOS - ok
08:53:55.0258 2868 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
08:53:55.0282 2868 netbt - ok
08:53:55.0306 2868 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
08:53:55.0307 2868 Netlogon - ok
08:53:55.0414 2868 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
08:53:55.0425 2868 Netman - ok
08:53:55.0487 2868 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:53:55.0514 2868 NetMsmqActivator - ok
08:53:55.0518 2868 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:53:55.0520 2868 NetPipeActivator - ok
08:53:55.0588 2868 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
08:53:55.0600 2868 netprofm - ok
08:53:55.0614 2868 netr28x - ok
08:53:55.0764 2868 [ 3B5809E9D3B8995FB65A82CB92745072 ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys
08:53:55.0779 2868 netr7364 - ok
08:53:55.0832 2868 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:53:55.0834 2868 NetTcpActivator - ok
08:53:55.0859 2868 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing
girlie100
2013-04-11, 10:00
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:53:55.0860 2868 NetTcpPortSharing - ok
08:53:55.0930 2868 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:53:55.0945 2868 nfrd960 - ok
08:53:56.0031 2868 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
08:53:56.0042 2868 NlaSvc - ok
08:53:56.0071 2868 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:53:56.0081 2868 Npfs - ok
08:53:56.0122 2868 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
08:53:56.0131 2868 nsi - ok
08:53:56.0170 2868 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:53:56.0181 2868 nsiproxy - ok
08:53:56.0325 2868 [ 2ACCAA3C3C55370A32F17B3595E1A217 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:53:56.0334 2868 Ntfs - ok
08:53:56.0380 2868 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
08:53:56.0394 2868 Null - ok
08:53:56.0420 2868 [ 840EEB44DC49317A6161961F7682CD99 ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:53:56.0435 2868 nvraid - ok
08:53:56.0460 2868 [ 94C5334040A5D500897F4C5FD12AEEDE ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:53:56.0474 2868 nvstor - ok
08:53:56.0502 2868 [ AA1B6C86A4763502E20B65C025F39BAD ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:53:56.0517 2868 nv_agp - ok
08:53:56.0521 2868 NwlnkFlt - ok
08:53:56.0526 2868 NwlnkFwd - ok
08:53:56.0684 2868 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:53:56.0699 2868 odserv - ok
08:53:56.0751 2868 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:53:56.0776 2868 ohci1394 - ok
08:53:56.0888 2868 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:53:56.0917 2868 ose - ok
08:53:57.0020 2868 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
08:53:57.0092 2868 p2pimsvc - ok
08:53:57.0127 2868 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
08:53:57.0133 2868 p2psvc - ok
08:53:57.0174 2868 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
08:53:57.0203 2868 Parport - ok
08:53:57.0234 2868 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:53:57.0238 2868 partmgr - ok
08:53:57.0279 2868 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
08:53:57.0311 2868 PcaSvc - ok
08:53:57.0402 2868 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
08:53:57.0422 2868 pci - ok
08:53:57.0450 2868 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
08:53:57.0473 2868 pciide - ok
08:53:57.0498 2868 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:53:57.0527 2868 pcmcia - ok
08:53:57.0610 2868 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:53:57.0641 2868 PEAUTH - ok
08:53:58.0018 2868 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:53:58.0043 2868 PerfHost - ok
08:53:58.0149 2868 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
08:53:58.0184 2868 pla - ok
08:53:58.0273 2868 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:53:58.0365 2868 PlugPlay - ok
08:53:58.0437 2868 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
08:53:58.0444 2868 PNRPAutoReg - ok
08:53:58.0469 2868 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
08:53:58.0476 2868 PNRPsvc - ok
08:53:58.0532 2868 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:53:58.0611 2868 PolicyAgent - ok
08:53:58.0660 2868 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:53:58.0720 2868 PptpMiniport - ok
08:53:58.0805 2868 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\DRIVERS\processr.sys
08:53:58.0821 2868 Processor - ok
08:53:58.0902 2868 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
08:53:58.0923 2868 ProfSvc - ok
08:53:58.0966 2868 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
08:53:58.0968 2868 ProtectedStorage - ok
08:53:59.0010 2868 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
08:53:59.0011 2868 PSched - ok
08:53:59.0119 2868 [ 4A29D25704917161BAD9B4659A248DFD ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:53:59.0149 2868 ql2300 - ok
08:53:59.0170 2868 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:53:59.0196 2868 ql40xx - ok
08:53:59.0237 2868 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
08:53:59.0267 2868 QWAVE - ok
08:53:59.0309 2868 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:53:59.0319 2868 QWAVEdrv - ok
08:53:59.0603 2868 [ DE004C5857A45EB59FBFDC57AAA17026 ] RapportCerberus_51755 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_51755.sys
08:53:59.0646 2868 RapportCerberus_51755 - ok
08:53:59.0794 2868 [ BB9E8EB0B28922057A849F6998C3F69C ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
08:53:59.0844 2868 RapportEI64 - ok
08:53:59.0904 2868 [ 0B629D5595CB4C1B38C6D3A654EDA75A ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys
08:53:59.0954 2868 RapportKE64 - ok
08:54:00.0085 2868 [ C4C4736DCE60276E9B0CB0FE3A848586 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
08:54:00.0156 2868 RapportMgmtService - ok
08:54:00.0239 2868 [ A7F657CC79E8C6FEB92D0B50CA30F97C ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
08:54:00.0306 2868 RapportPG64 - ok
08:54:00.0345 2868 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:54:00.0366 2868 RasAcd - ok
08:54:00.0424 2868 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
08:54:00.0446 2868 RasAuto - ok
08:54:00.0495 2868 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:54:00.0552 2868 Rasl2tp - ok
08:54:00.0596 2868 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
08:54:00.0663 2868 RasMan - ok
08:54:00.0704 2868 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:54:00.0735 2868 RasPppoe - ok
08:54:00.0767 2868 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:54:00.0797 2868 RasSstp - ok
08:54:00.0890 2868 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:54:00.0944 2868 rdbss - ok
08:54:00.0981 2868 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:54:01.0002 2868 RDPCDD - ok
08:54:01.0034 2868 [ AE23E79B13FEB62939E2CA1189E71735 ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
08:54:01.0057 2868 rdpdr - ok
08:54:01.0147 2868 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:54:01.0162 2868 RDPENCDD - ok
08:54:01.0215 2868 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:54:01.0246 2868 RDPWD - ok
08:54:01.0286 2868 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:54:01.0310 2868 RemoteAccess - ok
08:54:01.0397 2868 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:54:01.0419 2868 RemoteRegistry - ok
08:54:01.0436 2868 RimUsb - ok
08:54:01.0498 2868 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
08:54:01.0521 2868 RimVSerPort - ok
08:54:01.0584 2868 [ 6A0CF73B019CBC9255E23C9192EC3702 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
08:54:01.0607 2868 ROOTMODEM - ok
08:54:01.0656 2868 RoxLiveShare9 - ok
08:54:01.0716 2868 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
08:54:01.0731 2868 RpcLocator - ok
08:54:01.0911 2868 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
08:54:01.0941 2868 RpcSs - ok
08:54:01.0982 2868 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:54:01.0992 2868 rspndr - ok
08:54:02.0107 2868 [ 4E821C740A675F6D040BE41D59A62B1D ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
08:54:02.0115 2868 RTHDMIAzAudService - ok
08:54:02.0223 2868 [ A4F4325D4619E412269776A8F0B96B9F ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
08:54:02.0247 2868 RTL8169 - ok
08:54:02.0284 2868 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
08:54:02.0285 2868 SamSs - ok
08:54:02.0332 2868 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:54:02.0347 2868 sbp2port - ok
08:54:02.0472 2868 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
08:54:02.0489 2868 SBSDWSCService - ok
08:54:02.0531 2868 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:54:02.0559 2868 SCardSvr - ok
08:54:02.0698 2868 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
08:54:02.0717 2868 Schedule - ok
08:54:02.0752 2868 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
08:54:02.0762 2868 SCPolicySvc - ok
08:54:02.0794 2868 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:54:02.0805 2868 SDRSVC - ok
08:54:02.0839 2868 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:54:02.0853 2868 secdrv - ok
08:54:02.0898 2868 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
08:54:02.0907 2868 seclogon - ok
08:54:02.0939 2868 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
08:54:02.0960 2868 SENS - ok
08:54:03.0006 2868 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:54:03.0017 2868 Serenum - ok
08:54:03.0074 2868 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:54:03.0085 2868 Serial - ok
08:54:03.0134 2868 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:54:03.0145 2868 sermouse - ok
08:54:03.0185 2868 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
08:54:03.0195 2868 SessionEnv - ok
08:54:03.0228 2868 [ 541B32F8D6B2DCB92EC43BAB267E79EA ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:54:03.0242 2868 sffdisk - ok
08:54:03.0280 2868 [ 446E7CCA3325C7E0AE0FDE7F73CDD9C2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:54:03.0295 2868 sffp_mmc - ok
08:54:03.0312 2868 [ 67EDC221348911E895AF51C57D9A3725 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:54:03.0327 2868 sffp_sd - ok
08:54:03.0351 2868 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:54:03.0366 2868 sfloppy - ok
08:54:03.0436 2868 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:54:03.0447 2868 SharedAccess - ok
08:54:03.0517 2868 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:54:03.0530 2868 ShellHWDetection - ok
08:54:03.0571 2868 [ 08DDA16573FA44F8B13AFE74597AD2E5 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
08:54:03.0592 2868 SiSRaid2 - ok
08:54:03.0626 2868 [ C52259E9DAAF3890D572D87FFEE0979E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:54:03.0644 2868 SiSRaid4 - ok
08:54:03.0790 2868 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
08:54:03.0831 2868 slsvc - ok
08:54:03.0898 2868 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
08:54:03.0925 2868 SLUINotify - ok
08:54:03.0977 2868 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:54:03.0988 2868 Smb - ok
08:54:04.0022 2868 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:54:04.0036 2868 SNMPTRAP - ok
08:54:04.0073 2868 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
08:54:04.0084 2868 spldr - ok
08:54:04.0119 2868 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
08:54:04.0147 2868 Spooler - ok
08:54:04.0349 2868 [ 582F8B13E1042C49A4A5A7BB52F518E4 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
08:54:04.0388 2868 SQLWriter - ok
08:54:04.0449 2868 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
08:54:04.0459 2868 srv - ok
08:54:04.0497 2868 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:54:04.0505 2868 srv2 - ok
08:54:04.0550 2868 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:54:04.0558 2868 srvnet - ok
08:54:04.0604 2868 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:54:04.0615 2868 SSDPSRV - ok
08:54:04.0681 2868 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:54:04.0692 2868 SstpSvc - ok
08:54:04.0752 2868 [ 14B4DB4381E4A55F570D8BB699B791D6 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
08:54:04.0812 2868 StillCam - ok
08:54:04.0945 2868 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
08:54:05.0027 2868 stisvc - ok
08:54:05.0063 2868 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
08:54:05.0086 2868 swenum - ok
08:54:05.0249 2868 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
08:54:05.0262 2868 SwitchBoard - ok
08:54:05.0344 2868 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
08:54:05.0411 2868 swprv - ok
08:54:05.0435 2868 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
08:54:05.0474 2868 Symc8xx - ok
08:54:05.0501 2868 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
08:54:05.0531 2868 Sym_hi - ok
08:54:05.0561 2868 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
08:54:05.0591 2868 Sym_u3 - ok
08:54:05.0646 2868 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
08:54:05.0703 2868 SysMain - ok
08:54:05.0747 2868 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:54:05.0771 2868 TabletInputService - ok
08:54:05.0834 2868 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:54:05.0855 2868 TapiSrv - ok
08:54:05.0911 2868 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
08:54:05.0928 2868 TBS - ok
08:54:06.0084 2868 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:54:06.0132 2868 Tcpip - ok
08:54:06.0153 2868 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
08:54:06.0161 2868 Tcpip6 - ok
08:54:06.0205 2868 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:54:06.0217 2868 tcpipreg - ok
08:54:06.0308 2868 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:54:06.0329 2868 TDPIPE - ok
08:54:06.0424 2868 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:54:06.0437 2868 TDTCP - ok
08:54:06.0474 2868 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:54:06.0487 2868 tdx - ok
08:54:06.0530 2868 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
08:54:06.0548 2868 TermDD - ok
08:54:06.0595 2868 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
08:54:06.0667 2868 TermService - ok
08:54:06.0691 2868 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
08:54:06.0715 2868 Themes - ok
08:54:06.0756 2868 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
08:54:06.0790 2868 THREADORDER - ok
08:54:06.0827 2868 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
08:54:06.0847 2868 TrkWks - ok
08:54:06.0925 2868 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:54:06.0943 2868 TrustedInstaller - ok
08:54:06.0994 2868 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:54:07.0019 2868 tssecsrv - ok
08:54:07.0053 2868 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
08:54:07.0069 2868 tunmp - ok
08:54:07.0113 2868 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:54:07.0146 2868 tunnel - ok
08:54:07.0190 2868 [ E4722DFBD6232ACF17543EF2C2DCE8D2 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:54:07.0221 2868 uagp35 - ok
08:54:07.0251 2868 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:54:07.0271 2868 udfs - ok
08:54:07.0316 2868 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:54:07.0337 2868 UI0Detect - ok
08:54:07.0357 2868 [ 5663D7696ABBE71F8C9D915C5374118A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:54:07.0381 2868 uliagpkx - ok
08:54:07.0413 2868 [ 6030B68E86A30D1B315B51C4D7778B16 ] uliahci C:\Windows\system32\drivers\uliahci.sys
08:54:07.0450 2868 uliahci - ok
08:54:07.0487 2868 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
08:54:07.0537 2868 UlSata - ok
08:54:07.0596 2868 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
08:54:07.0627 2868 ulsata2 - ok
08:54:07.0674 2868 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:54:07.0708 2868 umbus - ok
08:54:07.0771 2868 [ 01ABE05C401E70795B43A8933B44831E ] UMPass C:\Windows\system32\DRIVERS\umpass.sys
08:54:07.0790 2868 UMPass - ok
08:54:07.0827 2868 [ DC5E34F189B827199B9CC8481C648269 ] UmRdpService C:\Windows\System32\umrdp.dll
08:54:07.0873 2868 UmRdpService - ok
08:54:07.0922 2868 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
08:54:07.0937 2868 upnphost - ok
08:54:07.0986 2868 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
08:54:08.0019 2868 USBAAPL64 - ok
08:54:08.0106 2868 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:54:08.0159 2868 usbccgp - ok
08:54:08.0207 2868 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:54:08.0244 2868 usbcir - ok
08:54:08.0311 2868 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:54:08.0335 2868 usbehci - ok
08:54:08.0408 2868 [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
08:54:08.0422 2868 usbfilter - ok
08:54:08.0452 2868 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:54:08.0476 2868 usbhub - ok
08:54:08.0524 2868 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
08:54:08.0550 2868 usbohci - ok
08:54:08.0587 2868 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:54:08.0619 2868 usbprint - ok
08:54:08.0669 2868 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
08:54:08.0681 2868 usbscan - ok
08:54:08.0720 2868 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:54:08.0771 2868 USBSTOR - ok
08:54:08.0830 2868 [ 7BF55D2538740B25936E93553E5D190D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
08:54:08.0863 2868 usbuhci - ok
08:54:08.0910 2868 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
08:54:08.0937 2868 UxSms - ok
08:54:09.0014 2868 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
08:54:09.0024 2868 VClone - ok
08:54:09.0067 2868 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
08:54:09.0141 2868 vds - ok
08:54:09.0201 2868 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:54:09.0224 2868 vga - ok
08:54:09.0273 2868 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
08:54:09.0306 2868 VgaSave - ok
08:54:09.0327 2868 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
08:54:09.0350 2868 viaide - ok
08:54:09.0390 2868 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:54:09.0414 2868 volmgr - ok
08:54:09.0504 2868 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:54:09.0605 2868 volmgrx - ok
08:54:09.0695 2868 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:54:09.0791 2868 volsnap - ok
08:54:09.0818 2868 [ 410AE2C141142C58BC617FC2C677F8B0 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:54:09.0834 2868 vsmraid - ok
08:54:10.0276 2868 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
08:54:10.0322 2868 VSS - ok
08:54:10.0433 2868 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
08:54:10.0474 2868 W32Time - ok
08:54:10.0521 2868 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:54:10.0562 2868 WacomPen - ok
08:54:10.0651 2868 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
08:54:10.0669 2868 Wanarp - ok
08:54:10.0681 2868 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:54:10.0682 2868 Wanarpv6 - ok
08:54:10.0926 2868 [ 48EEE289DF9E4989128B2283F3EEACC6 ] wbengine C:\Windows\system32\wbengine.exe
08:54:10.0967 2868 wbengine - ok
08:54:11.0134 2868 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:54:11.0165 2868 wcncsvc - ok
08:54:11.0229 2868 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:54:11.0245 2868 WcsPlugInService - ok
08:54:11.0285 2868 [ 59B501B0A04C9672142B7FFA2BDBF663 ] Wd C:\Windows\system32\drivers\wd.sys
08:54:11.0300 2868 Wd - ok
08:54:11.0417 2868 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
08:54:11.0430 2868 WDC_SAM - ok
08:54:11.0573 2868 [ FA24FBE15A8036387ECC013D06094F3D ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
08:54:11.0577 2868 WDDMService - ok
08:54:11.0959 2868 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:54:11.0966 2868 Wdf01000 - ok
08:54:12.0031 2868 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:54:12.0047 2868 WdiServiceHost - ok
08:54:12.0059 2868 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:54:12.0062 2868 WdiSystemHost - ok
08:54:12.0253 2868 [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
08:54:12.0263 2868 WDSmartWareBackgroundService - ok
08:54:12.0390 2868 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
08:54:12.0418 2868 WebClient - ok
08:54:12.0505 2868 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:54:12.0511 2868 Wecsvc - ok
08:54:12.0566 2868 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:54:12.0589 2868 wercplsupport - ok
08:54:12.0616 2868 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
08:54:12.0628 2868 WerSvc - ok
08:54:12.0652 2868 WinDefend - ok
08:54:12.0667 2868 WinHttpAutoProxySvc - ok
08:54:12.0864 2868 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:54:12.0925 2868 Winmgmt - ok
08:54:13.0169 2868 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
08:54:13.0244 2868 WinRM - ok
08:54:13.0364 2868 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
08:54:13.0387 2868 Wlansvc - ok
08:54:13.0435 2868 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
08:54:13.0459 2868 WmiAcpi - ok
08:54:13.0544 2868 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:54:13.0628 2868 wmiApSrv - ok
08:54:13.0702 2868 WMPNetworkSvc - ok
08:54:13.0800 2868 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:54:13.0818 2868 WPCSvc - ok
08:54:13.0933 2868 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:54:13.0956 2868 WPDBusEnum - ok
08:54:14.0062 2868 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
08:54:14.0181 2868 WpdUsb - ok
08:54:14.0712 2868 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:54:14.0728 2868 WPFFontCache_v0400 - ok
08:54:14.0741 2868 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:54:14.0766 2868 ws2ifsl - ok
08:54:14.0818 2868 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
08:54:14.0847 2868 wscsvc - ok
08:54:14.0852 2868 WSearch - ok
08:54:15.0418 2868 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
08:54:15.0433 2868 wuauserv - ok
08:54:15.0499 2868 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:54:15.0599 2868 WudfPf - ok
08:54:15.0737 2868 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:54:15.0864 2868 WUDFRd - ok
08:54:15.0949 2868 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:54:16.0021 2868 wudfsvc - ok
08:54:16.0085 2868 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
08:54:16.0111 2868 ZTEusbmdm6k - ok
08:54:16.0131 2868 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
08:54:16.0153 2868 ZTEusbnmea - ok
08:54:16.0203 2868 [ FF5A03A65B68DB7E02A12880399D40D4 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
08:54:16.0219 2868 ZTEusbser6k - ok
08:54:16.0254 2868 ================ Scan global ===============================
08:54:16.0279 2868 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
08:54:16.0530 2868 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
08:54:16.0709 2868 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
08:54:16.0899 2868 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
08:54:16.0990 2868 [Global] - ok
08:54:16.0990 2868 ================ Scan MBR ==================================
08:54:17.0049 2868 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
08:54:17.0991 2868 \Device\Harddisk0\DR0 - ok
08:54:17.0996 2868 [ 41DCBFD92DB40F30277AE569A950D0D7 ] \Device\Harddisk1\DR1
08:54:18.0003 2868 \Device\Harddisk1\DR1 - ok
08:54:18.0004 2868 ================ Scan VBR ==================================
08:54:18.0042 2868 [ 429BCAE7D2A14BF7DE05F836A3155E00 ] \Device\Harddisk0\DR0\Partition1
08:54:18.0133 2868 \Device\Harddisk0\DR0\Partition1 - ok
08:54:18.0138 2868 [ 9A3C3901D6D79860305978FDACB45788 ] \Device\Harddisk1\DR1\Partition1
08:54:18.0141 2868 \Device\Harddisk1\DR1\Partition1 - ok
08:54:18.0141 2868 ============================================================
08:54:18.0141 2868 Scan finished
08:54:18.0141 2868 ============================================================
08:54:18.0151 5160 Detected object count: 1
08:54:18.0151 5160 Actual detected object count: 1
08:58:17.0337 5160 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
08:58:17.0337 5160 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
Good Morning,
The log got cut off, the end is missing, can you copy and paste the whole thing again for me please
girlie100
2013-04-11, 10:01
Morning Ken,
I had to split the report up due to length, hope thats OK.
It only found one threat 'Akamai' which I think is a douwnloader for Autodesk so I didn't remove it thought I would check with you first.
girlie100
2013-04-11, 10:02
Good Morning,
The log got cut off, the end is missing, can you copy and paste the whole thing again for me please
It should be there over 3 posts
OK, missed your last post but have it now. Akamai is ok.
Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
girlie100
2013-04-12, 12:29
Morning Ken,
I have had to leave the scanner running as it crashed a couple of times, I'm away the weekend so won't be back at PC till Monday when hopefully I will have a log file for you. please don't shut the thread down
Not to worry, enjoy your weekend, see ya when you get back
girlie100
2013-04-15, 11:27
Morning Ken,
ESET scanner only gets to about 30% and then the PC crashes? have tried to run it about 6 times now :sad:
OK, lets do this
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
girlie100
2013-04-15, 14:22
ComboFix 13-04-15.01 - User 15/04/2013 12:56:49.1.4 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.5886.3440 [GMT 1:00]
Running from: c:\users\User\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\AppData\Local\assembly\tmp
c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\plot.log
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-03-15 to 2013-04-15 )))))))))))))))))))))))))))))))
.
.
2013-04-15 12:15 . 2013-04-15 12:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-15 07:49 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72A0A98D-1EEB-430E-BE34-A3B43B64FFD1}\mpengine.dll
2013-04-11 08:39 . 2013-04-11 08:39 -------- d-----w- c:\program files (x86)\ESET
2013-04-10 09:07 . 2013-04-10 09:07 -------- d-----w- C:\0616e544c9bbc6c846cbb05ddc1dc9
2013-04-10 08:14 . 2013-03-05 01:57 2774016 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 08:14 . 2013-03-08 04:18 451072 ----a-w- c:\windows\system32\winsrv.dll
2013-04-10 08:14 . 2013-03-08 04:17 2425344 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 08:14 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-10 07:42 . 2013-04-10 07:42 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2013-04-10 07:41 . 2013-04-10 07:41 -------- d-----w- c:\programdata\Malwarebytes
2013-04-10 07:41 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-10 07:41 . 2013-04-10 07:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-09 11:58 . 2013-04-09 11:58 -------- d-----w- c:\windows\ERUNT
2013-04-09 11:58 . 2013-04-09 11:58 -------- d-----w- C:\JRT
2013-04-09 11:29 . 2013-04-09 11:29 278 ----a-w- c:\windows\DeleteOnReboot.bat
2013-03-25 09:37 . 2013-02-12 02:18 19456 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 09:07 . 2006-11-02 12:35 72702784 ----a-w- c:\windows\system32\mrt.exe
2013-04-02 12:16 . 2011-10-11 10:19 236248 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2013-03-14 08:37 . 2012-04-04 10:13 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-14 08:37 . 2011-05-25 10:22 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 00:10 . 2010-06-03 15:52 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-07 12:31 . 2013-03-07 12:31 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-07 12:31 . 2012-05-03 14:22 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-07 12:31 . 2010-06-08 08:56 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-01 21:05 129624 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 138240]
"Akamai NetSession Interface"="c:\users\User\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Amazon Cloud Drive"="c:\users\User\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe" [2012-11-12 646528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-25 98304]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]
"DVD or CD Sharing"="c:\program files (x86)\DVD or CD Sharing\ODSAgent.exe" [2008-02-20 619832]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-12-18 39136]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-12-18 825560]
"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2111296]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2010-4-5 494920]
Wireless Utility.lnk - c:\program files (x86)\EDIMAX\Common\RaUI.exe [2010-10-26 1040384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_Dlls"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-14 12:33]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-14 12:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-01 21:06 170584 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ShellEx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-22 8116256]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-01-27 57928]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jfgl1xfx.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - ExtSQL: 2013-04-03 11:54; torntv2@torntv.com; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jfgl1xfx.default\extensions\torntv2@torntv.com.xpi
FF - ExtSQL: !HIDDEN! 2010-06-01 13:52; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\05\1c\11-\0b?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-04-15 13:19:47
ComboFix-quarantined-files.txt 2013-04-15 12:19
.
Pre-Run: 182,735,478,784 bytes free
Post-Run: 185,974,099,968 bytes free
.
- - End Of File - - F79B2FA43E49DC395C93A3605E02ECD0
Hi, We have tried to run a few scanners, some work and some dont but the ones that do run are not showing any signs of malware
How is your system behaving now ?
girlie100
2013-04-16, 10:03
Thanks Ken,
My computer bluescreened a couple of times whilst trying to run the ESET scanner, but combofix ran fine and it didn't crash after that. I know Vista isn't the best OS around and I need to upgrade soon. Thanks for all your help :thanks:
When we ran RKill, it checks and will stop malware from running that may be preventing some of our tools to run and it found nothing to stop.
Try this other free online virus scanner
Running TrendMicro HouseCall:
Click Download HouseCall (http://go.trendmicro.com/housecall7/HousecallLauncher.exe) to begin. Please note that HouseCall requires a small download before it can scan your computer.
Download it to your desktop
Double click HousecallLauncher.exe
Select the Full Scan option.
Let the scan run then post the results to this thread.
girlie100
2013-04-16, 14:21
ok I downloaded from the link above, it started updating and then bluescreened my PC, so I restarted ran again and then got an error msg that there was a newer version which took me to the website where I downloaded the new one and ran it, scan finished with no threats found.
Good,
I think your good to go, you may want to post in a windows forum and ask about your frequent blue screens.
This site like Safer is free but you will need to join, you also can link them to this thread so they can see what we have done
http://forums.whatthetech.com/index.php?showforum=119
Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
Malwarebytes is the free version and yours to keep and will not be removed
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
girlie100
2013-04-17, 10:05
Thank you Ken for looking over everything :bigthumb::thanks:
Your more than welcome,
Take care,
Ken :)