-
computer acting as if it's a 200 baud modem; I.E. very, very, very slowly
Hi there. Yep even opening the explorer window to try and run farbar had not finished opening up after about 5 minutes, so I have had to run it and aswMBR from safe mode with networking switched on, so if the log reports do not show all the services that would run normally, I apologise. Yes, the computer is running very slow. The start up programs haven't even loaded up after about half an hour. I also thought there might be a problem with spybot updates as the log said files were missing and would be installed on the next update, but it later says "is missing and will be installed on next update (version xxxxxx)". it later says it has downloaded and extracted the files, so I think spybot is fully and properly updated, but again I could only run it under safe mode, so it may not have captured everything. I have got it down to about 8 malware.
I am running windows vista home basic edition. As we speak I am just running a full scan with aswMBR in the hope that it might pick something up. I have already done a full scan with Bullguard and it picked up about 6 malware cookie txts which I removed. But afterwards I did a sytem restore and didn't know whether the files had been put back, so I did another full scan, after doing an update, just in case the system restore had put it back to the state it was in at the point of backup. Does system restore do this?
I'm wondering if this is a specific rogue program that hasn't been got by you or other virus checker vendors, as I did find an .exe file with a very long number in the startup menu as the computer was reporting a dll missing. There's also a couple of other actions that are dubious: I had not initialised a copy command, but a dialouge came up saying "the c:\users\luciomags\appdata\roaming\macromedia\flash p...\setting.sol folder does not exist the file may have been moved or deleted. Also windows blocks a program called search results cleaner from running but a command prompt directory search with search*.exe reveals nothing. Could there possibly be hidden files in the startup, or indeed, anywhere else that are malicious? I have never seen this blocker program before. Isn't that the whole point of vista asking whether you want to run a program or not? Windows defender threw up an error but after research this is down to the virus checker; although I have tried to disable windows defender service with msconfig to no avail. Last of all a program (a tool to aid in the developing services for windowsNT) starts on the taskbar requesting permission to run, but you have to click the program icon in order for windows to ask whether you want it to run or not.
It's a mystery and any help would be greatly appreciated. Logs in next post
I have just tried to post this from the infected computer and it suddenly came up with connection problems/couldn't connect. My friend that I'm fixing the computer for said that he had that problem quite often himself; particularly on username/password webpages. Anyway here are the logs, posted from a decent machine; I.E. Linux based.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-10-2014
Ran by LucioMags (administrator) on LUCIOMAGS-PC on 23-10-2014 15:21:51
Running from C:\Users\LucioMags\Downloads
Loaded Profile: LucioMags (Available profiles: LucioMags)
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3810304 2008-11-17] (Dell Inc.)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM\...\Run: [DellSupportCenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [1735760 2009-01-09] (Dell Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [288040 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ApnUpdater] => "C:\Program Files\Ask.com\Updater\Updater.exe"
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1118544 2014-10-23] (BullGuard Ltd.)
HKLM\...\Run: [BullGuardUpdate2] => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2325328 2014-10-23] (BullGuard Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre7\bin\jusched.exe"
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2387892739-269016217-2709116024-1000\...\Run: [DellSupportCenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKU\S-1-5-21-2387892739-269016217-2709116024-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [25623336 2009-10-09] (Skype Technologies S.A.)
HKU\S-1-5-21-2387892739-269016217-2709116024-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-30] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2387892739-269016217-2709116024-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2387892739-269016217-2709116024-1000\...\MountPoints2: {70f5aeff-4192-11df-af5e-0023ae29e258} - E:\AutoRun.exe
HKU\S-1-5-21-2387892739-269016217-2709116024-1000\...\MountPoints2: {bd9c3e7e-3ce9-11df-854b-0023ae29e258} - E:\AutoRun.exe
HKU\S-1-5-21-2387892739-269016217-2709116024-1000\...409d6c4515e9\InprocServer32: [Default-shell32] <==== ATTENTION!
AppInit_DLLs: c:\PROGRA~1\BULLGU~1\BULLGU~1\BgAgent.dll => c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll [86712 2014-10-23] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm167^YYA^gb&si=MDUK13&ptb=4E00FDAF-0D29-4C12-82F1-8BAC207FC96D&ind=2014061514&n=780c23ca&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm167^YYA^gb&si=MDUK13&ptb=4E00FDAF-0D29-4C12-82F1-8BAC207FC96D&ind=2014061514&n=780c23ca&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {3729F2E5-EF82-43F3-A5DA-0654CB94E9FE} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=%5EU3&apn_dtid=%5EOSJ000%5EYY%5EGB&apn_uid=00F02D99-9361-4B22-8A4D-6E8C8DD3AB6E&apn_sauid=703DD0B0-69A8-42F9-8DF5-63EA6DA640A5
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm167^YYA^gb&si=MDUK13&ptb=4E00FDAF-0D29-4C12-82F1-8BAC207FC96D&ind=2014061514&n=780c23ca&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={searchTerms}
SearchScopes: HKCU - {FA923E8B-A06E-4ACC-8729-D52EE8E386AA} URL = http://www.google.com/search?q={searchTerms}
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
Winsock: Catalog9 02 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
Winsock: Catalog9 03 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
Winsock: Catalog9 04 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
Winsock: Catalog9 05 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
Winsock: Catalog9 06 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
Winsock: Catalog9 07 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
Winsock: Catalog9 08 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
Winsock: Catalog9 09 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
Winsock: Catalog9 10 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
Winsock: Catalog9 21 C:\Windows\system32\BGLsp.dll [64336] (BullGuard Ltd.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-02-08]
FF HKLM\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard
FF Extension: BullGuard Safe Browsing - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard [2014-03-12]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\LucioMags\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\LucioMags\AppData\Local\Google\Chrome\User Data\Default
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [624464 2014-10-23] (BullGuard Ltd.)
S2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [513360 2014-10-23] (BullGuard Ltd.)
S2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [130896 2014-10-23] (BullGuard Ltd.)
S2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [356176 2014-10-23] (BullGuard Ltd.)
S2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [634192 2014-10-23] (BullGuard Ltd.)
S2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [589648 2014-10-23] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [436048 2014-10-23] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [239952 2014-10-23] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [330576 2014-10-23] (BullGuard Ltd.)
S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-30] (Garmin Ltd or its subsidiaries)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-14] (SupportSoft, Inc.)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-11-17] (Dell Inc.) [File not signed]
S2 Websteroids; "C:\ProgramData\Websteroids\WebsteroidsService.exe" "C:\ProgramData\Websteroids\Websteroids.exe"
S2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [35024 2014-09-08] (Agnitum Ltd.)
S3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [340688 2014-09-08] (Agnitum Ltd.)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-11-17] (Broadcom Corporation)
S1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [98608 2014-06-18] (BullGuard Ltd.)
S1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [63584 2013-11-06] (BullGuard Ltd.)
S1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [261360 2014-10-13] (BullGuard Ltd.)
S1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [21888 2014-10-13] (BullGuard Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [343456 2013-12-18] (BitDefender S.R.L.)
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-23 15:21 - 2014-10-23 15:22 - 00015577 _____ () C:\Users\LucioMags\Downloads\FRST.txt
2014-10-23 15:21 - 2014-10-23 15:21 - 00000512 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2014-10-23 15:21 - 2014-10-23 15:21 - 00000000 ____D () C:\FRST
2014-10-23 15:05 - 2014-10-23 15:05 - 01103360 _____ (Farbar) C:\Users\LucioMags\Downloads\FRST.exe
2014-10-23 14:59 - 2014-10-23 14:59 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LUCIOMAGS-PC-Microsoft®-Windows-Vista™-Home-Basic-(32-bit).dat
2014-10-23 14:58 - 2014-10-23 14:58 - 00000000 ____D () C:\RegBackup
2014-10-23 14:56 - 2014-10-23 14:56 - 00001976 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-10-23 14:56 - 2014-10-23 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-10-23 14:56 - 2014-10-23 14:56 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-10-23 14:55 - 2014-10-23 14:55 - 04215584 _____ () C:\Users\LucioMags\Downloads\tweaking.com_registry_backup_setup.exe
2014-10-22 13:45 - 2014-10-22 13:45 - 00000000 _____ () C:\Users\LucioMags\AppData\Local\{1F03DFAB-CC2F-4F2B-9055-8E5F4C324CBA}
2014-10-19 18:37 - 2014-10-19 18:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-19 18:37 - 2014-10-19 18:37 - 00000000 _____ () C:\Windows\setupact.log
2014-10-19 16:24 - 2014-10-19 16:24 - 00000000 ____D () C:\Users\LucioMags\AppData\Roaming\SpeedMaxPc
2014-10-19 16:22 - 2014-10-22 11:34 - 00000000 ____D () C:\ProgramData\SpeedMaxPc
2014-10-19 10:12 - 2014-10-19 10:26 - 06000640 _____ () C:\Program Files\GUT1BCA.tmp
2014-10-18 09:37 - 2014-10-18 09:37 - 00000000 ____D () C:\Users\LucioMags\AppData\Roaming\ParetoLogic
2014-10-18 09:35 - 2014-10-18 11:26 - 00000394 _____ () C:\Windows\Tasks\RegCure Pro.job
2014-10-18 09:35 - 2014-10-18 10:07 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-10-18 09:35 - 2014-10-18 09:35 - 00000000 ____D () C:\Program Files\ParetoLogic
2014-10-17 19:14 - 2014-10-17 19:14 - 00000107 _____ () C:\Windows\wininit.ini
2014-10-17 17:51 - 2014-10-17 20:55 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-10-17 17:50 - 2014-10-23 15:08 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-10-17 17:50 - 2014-10-17 20:55 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-10-17 17:50 - 2014-10-17 17:50 - 00001930 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-10-17 17:50 - 2014-10-17 17:50 - 00001918 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-10-17 17:50 - 2014-10-17 17:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-10-17 17:49 - 2014-10-17 17:55 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-10-17 17:49 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-10-17 17:25 - 2014-10-23 11:53 - 00001656 _____ () C:\Windows\PFRO.log
2014-10-15 08:13 - 2014-06-15 23:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 08:13 - 2014-06-13 19:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 08:13 - 2014-06-13 19:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 08:03 - 2014-09-28 00:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 03:11 - 2014-10-15 03:12 - 00000000 ____D () C:\005afd5fb2bcdc987e
2014-10-15 03:11 - 2014-09-05 00:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-15 03:05 - 2014-10-15 03:11 - 00000000 ____D () C:\2d5f852583b292c82e2aaad67c63
2014-10-15 03:04 - 2014-09-16 17:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 22:03 - 2014-09-19 23:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 22:03 - 2014-09-19 23:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 22:03 - 2014-09-19 23:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 22:03 - 2014-09-19 23:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 22:03 - 2014-09-19 23:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 22:03 - 2014-09-19 23:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 22:03 - 2014-09-19 23:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-14 22:03 - 2014-09-19 23:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 22:03 - 2014-09-19 23:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 22:03 - 2014-09-19 23:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 22:03 - 2014-09-19 23:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-14 22:03 - 2014-09-19 23:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 22:03 - 2014-09-19 23:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 22:03 - 2014-09-19 23:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-14 22:03 - 2014-09-19 23:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 22:03 - 2014-09-19 23:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 22:03 - 2014-09-19 23:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 22:03 - 2014-09-19 23:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 22:03 - 2014-09-19 23:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-14 22:03 - 2014-09-19 23:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-14 22:03 - 2014-09-19 23:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-25 03:04 - 2014-09-09 07:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-23 15:20 - 2012-03-08 08:13 - 00000000 ____D () C:\ProgramData\BullGuard
2014-10-23 15:09 - 2010-02-14 12:06 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-23 15:08 - 2012-03-08 08:26 - 00000268 _____ () C:\Windows\system32\config\afw_hm.conf
2014-10-23 15:08 - 2012-03-08 08:26 - 00000004 _____ () C:\Windows\system32\config\afw_db.conf
2014-10-23 15:08 - 2006-11-02 13:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-23 15:08 - 2006-11-02 13:45 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-23 15:08 - 2006-11-02 13:45 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-23 14:30 - 2008-01-21 02:38 - 01055954 _____ () C:\Windows\WindowsUpdate.log
2014-10-23 14:30 - 2006-11-02 13:58 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-23 14:04 - 2013-05-18 22:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-23 12:41 - 2006-11-02 13:44 - 00228936 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-23 11:21 - 2014-01-22 12:40 - 00140280 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll
2014-10-23 11:21 - 2013-11-18 12:17 - 00064336 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll
2014-10-22 13:42 - 2010-02-06 20:10 - 00000000 ____D () C:\Users\LucioMags
2014-10-22 13:42 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2014-10-22 13:42 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-10-22 13:42 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-10-22 13:42 - 2006-11-02 11:22 - 41943040 _____ () C:\Windows\system32\config\components_previous
2014-10-22 13:42 - 2006-11-02 11:22 - 36700160 _____ () C:\Windows\system32\config\software_previous
2014-10-22 13:42 - 2006-11-02 11:22 - 20447232 _____ () C:\Windows\system32\config\system_previous
2014-10-22 13:42 - 2006-11-02 11:22 - 04980736 _____ () C:\Windows\system32\config\default_previous
2014-10-22 13:42 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-10-22 13:42 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-10-22 10:40 - 2010-02-19 16:21 - 00000000 ____D () C:\Users\LucioMags\AppData\Roaming\Skype
2014-10-19 10:32 - 2010-02-14 12:06 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-17 19:14 - 2011-11-28 14:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-17 17:25 - 2011-11-28 14:32 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-10-15 09:47 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-15 03:25 - 2013-07-16 12:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 03:12 - 2006-11-02 11:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-13 23:19 - 2013-11-28 14:23 - 00261360 _____ (BullGuard Ltd.) C:\Windows\system32\Drivers\NSKernel.sys
2014-10-13 23:19 - 2013-11-28 14:23 - 00021888 _____ (BullGuard Ltd.) C:\Windows\system32\Drivers\NSNetmon.sys
2014-09-25 11:23 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-09-24 09:03 - 2013-05-18 22:57 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 09:03 - 2013-05-18 22:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\LucioMags\AppData\Local\Temp\DataCard_Setup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-23 14:22
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-10-2014
Ran by LucioMags at 2014-10-23 15:23:16
Running from C:\Users\LucioMags\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: BullGuard Antivirus (Enabled - Up to date) {EDBB5818-2352-E06B-028A-4E6873B92CC5}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: BullGuard Antispyware (Enabled - Up to date) {56DAB9FC-0568-EFE5-383A-751A083E6678}
FW: BullGuard Firewall (Disabled) {D580D93D-693D-E133-29D5-E75D8D6A6BBE}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.25.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.6.36191 - Ask.com) <==== ATTENTION
BullGuard Internet Security (HKLM\...\BullGuard) (Version: 14.0 - BullGuard Ltd.)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.0.0.0 - Dell Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1007.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
Elevated Installer (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM\...\{0904cc72-1b29-426a-b0f0-228d2744a4f6}) (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{00FE2935-FB56-4410-AB5F-D6E70C1771D2}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 10.63.3.3 - Marvell)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
QuickSet (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 9.2.17 - Dell Inc.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20113 - Realtek Semiconductor Corp.)
Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 4.1 (HKLM\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.1.179 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{9E385F0A-0BA2-430C-96AA-4399C5E40F6C}\localserver32 -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{DCA74850-096D-40CD-BB81-17034E51ACB6}\localserver32 -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2387892739-269016217-2709116024-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
==================== Restore Points =========================
07-10-2014 08:19:21 Scheduled Checkpoint
07-10-2014 22:58:03 Scheduled Checkpoint
08-10-2014 20:58:31 Scheduled Checkpoint
10-10-2014 17:39:36 Scheduled Checkpoint
11-10-2014 09:03:12 Scheduled Checkpoint
12-10-2014 00:46:12 Scheduled Checkpoint
13-10-2014 21:07:19 Scheduled Checkpoint
14-10-2014 23:09:27 Scheduled Checkpoint
15-10-2014 02:02:08 Windows Update
15-10-2014 06:58:30 Windows Update
15-10-2014 22:14:54 Scheduled Checkpoint
16-10-2014 13:34:30 Scheduled Checkpoint
17-10-2014 20:54:01 Scheduled Checkpoint
19-10-2014 10:17:36 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2011-11-28 15:05 - 00438691 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1028AC08-DF1F-4CAD-9061-859E60CB5949} - System32\Tasks\Foresight Software Update3 => C:\Program Files\Common Files\Foresight Software\UUS3\Update3.exe
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {29903ACF-87C4-464D-B58F-6D699677B78B} - System32\Tasks\{B396E731-7D20-4CDE-BB89-A62509736AFA} => C:\Program Files\Skype\Phone\Skype.exe [2009-10-09] (Skype Technologies S.A.)
Task: {40E8453A-48F3-49C0-92F7-3C8944948675} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {51AAAB3F-252A-49F5-AE09-772AF2FB073B} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {5C25A634-7539-4A84-9460-518B16A1B42B} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {89598E38-AA49-42F9-9DEC-014210DB848B} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {899C572A-9D41-47B9-ADB6-6C9156FB18C1} - System32\Tasks\RegCure Pro => C:\Program Files\ParetoLogic\RegCure Pro\RegCurePro.exe [2012-10-22] (ParetoLogic, Inc.)
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {8EFB6D16-5CF2-4E22-8E44-61F5731D12F2} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {900B69D2-8C96-4E98-BCAE-48412DB4E78E} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {9A6405EB-A69A-416B-9890-6CBA381E67D9} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {9B656C5D-B5A3-4F24-ABDD-2EB6987F7027} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {9F390455-BBC7-43BE-B928-C164FAB3A7F7} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {A6D6CB0D-9D60-4B27-8AEC-2C4591EBA869} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {C70E1EA0-24DC-489A-8691-7081F960E0E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {E2332E14-7E28-45C8-8290-131397E2AEE6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\RegCure Pro.job => C:\Program Files\ParetoLogic\RegCure Pro\RegCurePro.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
==================== Loaded Modules (whitelisted) =============
2013-10-02 16:48 - 2014-10-23 11:21 - 00491344 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll
2013-10-02 16:48 - 2014-10-23 11:21 - 00074064 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
2013-10-02 16:48 - 2014-10-23 11:21 - 00560464 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
2013-10-02 16:48 - 2014-10-23 11:21 - 00056656 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2013-10-02 16:48 - 2014-10-23 11:21 - 00074064 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
2013-10-02 16:48 - 2014-10-23 11:21 - 00560464 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
========================= Accounts: ==========================
Administrator (S-1-5-21-2387892739-269016217-2709116024-500 - Administrator - Disabled)
Guest (S-1-5-21-2387892739-269016217-2709116024-501 - Limited - Disabled)
LucioMags (S-1-5-21-2387892739-269016217-2709116024-1000 - Administrator - Enabled) => C:\Users\LucioMags
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/23/2014 03:21:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/23/2014 03:20:21 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (10/23/2014 03:16:01 PM) (Source: PerfDisk) (EventID: 1000) (User: )
Description:
Error: (10/23/2014 03:15:55 PM) (Source: PerfDisk) (EventID: 1000) (User: )
Description:
Error: (10/23/2014 03:15:50 PM) (Source: PerfDisk) (EventID: 1000) (User: )
Description:
Error: (10/23/2014 03:15:40 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PerfDiskC:\Windows\System32\perfdisk.dll4
Error: (10/23/2014 03:15:36 PM) (Source: PerfDisk) (EventID: 1000) (User: )
Description:
Error: (10/23/2014 02:51:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/23/2014 02:50:50 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (10/23/2014 02:28:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application SDScan.exe, version 2.4.40.181, time stamp 0x535a5179, faulting module SDScanLibrary.dll_unloaded, version 0.0.0.0, time stamp 0x535a510a, exception code 0xc0000005, fault offset 0x04c3f6e2,
process id 0x1780, application start time 0xSDScan.exe0.
System errors:
=============
Error: (10/23/2014 03:21:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: BdAgent
BdSpy
NovaShieldFilterDriver
NovaShieldTDIDriver
spldr
Wanarpv6
Error: (10/23/2014 03:21:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer BrowserServer%%1068
Error: (10/23/2014 03:20:24 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (10/23/2014 03:20:24 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (10/23/2014 03:20:21 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (10/23/2014 03:20:14 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (10/23/2014 03:07:54 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 2) (User: NT AUTHORITY)
Description: 0
Error: (10/23/2014 02:51:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: BdAgent
BdSpy
NovaShieldFilterDriver
NovaShieldTDIDriver
spldr
Wanarpv6
Error: (10/23/2014 02:51:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Computer BrowserServer%%1068
Error: (10/23/2014 02:51:18 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084wcncsvc{375FF001-DD27-11D9-8F9C-0002B3988E81}
Microsoft Office Sessions:
=========================
Error: (10/23/2014 03:21:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/23/2014 03:20:21 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (10/23/2014 03:16:01 PM) (Source: PerfDisk) (EventID: 1000) (User: )
Description:
Error: (10/23/2014 03:15:55 PM) (Source: PerfDisk) (EventID: 1000) (User: )
Description:
Error: (10/23/2014 03:15:50 PM) (Source: PerfDisk) (EventID: 1000) (User: )
Description:
Error: (10/23/2014 03:15:40 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PerfDiskC:\Windows\System32\perfdisk.dll4
Error: (10/23/2014 03:15:36 PM) (Source: PerfDisk) (EventID: 1000) (User: )
Description:
Error: (10/23/2014 02:51:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/23/2014 02:50:50 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (10/23/2014 02:28:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SDScan.exe2.4.40.181535a5179SDScanLibrary.dll_unloaded0.0.0.0535a510ac000000504c3f6e2178001cfeec3f29a7a5c
CodeIntegrity Errors:
===================================
Date: 2014-05-11 22:46:14.990
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BullGuard Ltd\BullGuard\BgWsc.exe because the set of per-page image hashes could not be found on the system.
Date: 2014-05-04 09:36:26.104
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BullGuard Ltd\BullGuard\BgWsc.exe because the set of per-page image hashes could not be found on the system.
Date: 2014-05-03 09:52:09.519
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BullGuard Ltd\BullGuard\BgWsc.exe because the set of per-page image hashes could not be found on the system.
Date: 2014-04-28 08:30:23.380
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BullGuard Ltd\BullGuard\BgWsc.exe because the set of per-page image hashes could not be found on the system.
Date: 2014-04-23 20:50:11.020
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BullGuard Ltd\BullGuard\BgWsc.exe because the set of per-page image hashes could not be found on the system.
Date: 2014-04-23 08:36:19.096
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BullGuard Ltd\BullGuard\BgWsc.exe because the set of per-page image hashes could not be found on the system.
Date: 2014-04-21 09:01:08.709
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BullGuard Ltd\BullGuard\BgWsc.exe because the set of per-page image hashes could not be found on the system.
Date: 2014-04-16 17:21:59.147
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BullGuard Ltd\BullGuard\BgWsc.exe because the set of per-page image hashes could not be found on the system.
Date: 2014-03-25 06:42:20.034
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BullGuard Ltd\BullGuard\BgWsc.exe because the set of per-page image hashes could not be found on the system.
Date: 2014-03-17 07:31:09.100
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\BullGuard Ltd\BullGuard\BgWsc.exe because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Genuine Intel(R) CPU 585 @ 2.16GHz
Percentage of memory in use: 55%
Total physical RAM: 985.63 MB
Available physical RAM: 439.48 MB
Total Pagefile: 2241.6 MB
Available Pagefile: 1782.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1909.27 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:149.01 GB) (Free:104.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: E3641CF3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
==================== End Of Log ============================
aswMBR version 1.0.1.2161 Copyright(c) 2014 AVAST Software
Run date: 2014-10-23 15:32:32
-----------------------------
15:32:32.367 OS Version: Windows 6.0.6002 Service Pack 2
15:32:32.367 Number of processors: 1 586 0xF0D
15:32:32.367 ComputerName: LUCIOMAGS-PC UserName: LucioMags
15:32:35.268 Initialize success
15:32:35.284 VM: driver load error: 2
15:35:12.579 AVAST engine defs: 14102300
15:35:26.744 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:35:26.744 Disk 0 Vendor: FUJITSU_MHZ2160BH_G2 00850009 Size: 152627MB BusType: 3
15:35:26.853 Disk 0 MBR read successfully
15:35:26.868 Disk 0 MBR scan
15:35:27.071 Disk 0 Windows VISTA default MBR code
15:35:27.071 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
15:35:27.118 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152586 MB offset 81920
15:35:27.212 Disk 0 scanning sectors +312578048
15:35:27.524 Disk 0 scanning C:\Windows\system32\drivers
15:35:47.679 Service scanning
15:36:20.423 Modules scanning
15:36:31.062 Disk 0 trace - called modules:
15:36:31.125 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
15:36:31.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x845f0320]
15:36:31.140 3 CLASSPNP.SYS[863a28b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83b1db98]
15:36:33.184 AVAST engine scan C:\Windows
15:36:37.318 AVAST engine scan C:\Windows\system32
15:40:40.148 AVAST engine scan C:\Windows\system32\drivers
15:40:56.060 AVAST engine scan C:\Users\LucioMags
15:42:49.721 AVAST engine scan C:\ProgramData
15:45:24.130 Disk 0 statistics 2444897/0/0 @ 3.24 MB/s
15:45:24.146 Scan finished successfully
15:46:24.206 Disk 0 MBR has been saved successfully to "C:\Users\LucioMags\Downloads\MBR.dat"
15:46:24.252 The log file has been saved successfully to "C:\Users\LucioMags\Downloads\aswMBR.txt"
Last edited by tashi; 2014-10-23 at 21:01.
Reason: Merged two posts
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
