|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
January 5th, 2013, 01:06 PM
|
|||
|
|||
|
hjt check please
could someone please check my log laptop not working to good thanks hank
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:04:19, on 05/01/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 5_502_135_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file) R3 - URLSearchHook: (no name) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file) R3 - URLSearchHook: (no name) - - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Samsung BHO Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Ladbrokes Casino - {15653C41-A753-40E4-90F7-BAEF11D6F043} - C:\Microgaming\Casino\Ladbrokes\casinogame.exe (HKCU) O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1. dll c:\windows\syswow64\nvinit.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Intel® Centrino® Bluetooth 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Norton Safe Web Lite (NSL) - Unknown owner - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Samsung UPD Service - Unknown owner - C:\windows\System32\SUPDSvc.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11491 bytes 
|
|
#2
January 6th, 2013, 12:45 AM
|
||||
|
||||
|
Hello hank1966,
May have two antivirus programs installed there, which can cripple things. Let's get a more detailed look. The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool. And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed. ------- Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please. ----------- Click here and download the installer for Gmer to your desktop, then click that file to run Gmer. Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. ----------- Download aswMBR ( 511KB ) to your desktop.
A lot, but comprehensive, and will make sure we get a good view of everything.
|
|
#3
January 6th, 2013, 01:11 AM
|
|||
|
|||
|
OTL logfile created on: 05/01/2013 23:51:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\hank\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.92 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 48.05% Memory free 7.83 Gb Paging File | 5.62 Gb Available in Paging File | 71.82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 177.00 Gb Total Space | 107.48 Gb Free Space | 60.72% Space Free | Partition Type: NTFS Drive D: | 265.20 Gb Total Space | 44.46 Gb Free Space | 16.77% Space Free | Partition Type: NTFS Computer Name: HANK-PC | User Name: hank | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/01/05 23:50:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hank\Desktop\OTL.exe PRC - [2012/12/11 20:49:00 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 5_502_135_ActiveX.exe PRC - [2012/10/30 22:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/10/30 22:50:56 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe PRC - [2012/08/27 08:17:45 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe PRC - [2012/08/12 14:40:39 | 000,307,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe PRC - [2011/06/15 12:14:06 | 007,057,488 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe PRC - [2011/05/19 00:16:48 | 000,995,392 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011/05/19 00:16:46 | 001,335,360 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2011/05/19 00:16:36 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2011/05/19 00:16:34 | 000,839,744 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe PRC - [2011/05/05 12:44:54 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011/05/05 12:44:52 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011/04/17 08:07:16 | 001,757,264 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2011/04/14 11:38:50 | 000,727,120 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung Control Center\EasySpeedUpManager.exe PRC - [2011/03/29 04:15:54 | 004,399,696 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe PRC - [2011/03/07 03:46:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010/08/27 01:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe PRC - [2010/04/02 09:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2008/05/12 12:38:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe ========== Modules (No Company Name) ========== MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010/10/25 12:44:50 | 001,973,760 | ---- | M] () -- C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010/05/07 14:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2012/10/30 22:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV:64bit: - [2011/04/21 08:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011/04/21 07:42:50 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2010/08/09 19:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service) SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/12/11 21:50:19 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/08/27 08:17:45 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6) SRV - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011/05/19 00:16:48 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011/05/19 00:16:46 | 001,335,360 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011/05/19 00:16:36 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2011/05/05 12:44:54 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011/05/05 12:44:52 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011/03/07 03:46:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/05/12 12:38:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/10/30 22:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012/10/30 22:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012/10/30 22:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012/10/30 22:51:55 | 000,262,656 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2) DRV:64bit: - [2012/10/30 22:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012/10/30 22:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:64bit: - [2012/10/30 22:51:53 | 000,132,864 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswFW.sys -- (aswFW) DRV:64bit: - [2012/10/30 22:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012/10/15 16:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012/09/21 09:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis) DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/08/17 07:19:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2011/08/08 23:38:05 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\0200000.010\cc Setx64.sys -- (ccSet_NST) DRV:64bit: - [2011/07/20 12:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2011/07/19 17:54:06 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2011/07/19 14:13:42 | 000,282,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011/07/11 00:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV:64bit: - [2011/07/06 05:16:24 | 000,289,704 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011/05/19 00:17:04 | 000,053,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011/05/19 00:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio) DRV:64bit: - [2011/05/01 05:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011/04/22 10:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/04/21 08:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011/04/21 08:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/07 03:46:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011/02/17 23:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/12/17 02:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/12 22:23:38 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010/10/20 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/10/15 09:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 00:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/14 00:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/28 06:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV - [2012/02/10 05:35:59 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport) DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear...}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src...q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src...q={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com/ IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.co.uk/ IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={search...00b8030508d072 IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\..\SearchScopes\{0F8E0370-4E1F-7D9C-4D69-62E079F561F2}: "URL" = http://isearch.avg.com/search?cid={C...a&d=2012-06-04 13:07:36&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\..\SearchScopes\{29CAACD0-C2AC-46B8-A170-DC359C219294}: "URL" = http://websearch.ask.com/redirect?cl...8-5D01ADFCB183 IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src...q={searchTerms} IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\..\SearchScopes\{D7F8319F-0E21-46DA-AA70-03BE6973B7C2}: "URL" = http://search.conduit.com/ResultsExt...ctid=CT3196716 IE - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_50 2_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_50 2_135.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@ei.BetterCareerSearc h_2b.com/Plugin: C:\Program Files (x86)\BetterCareerSearch_2bEI\Installr\1.bin\NP2bE ISB.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/26 06:49:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST\ [2012/07/29 08:21:37 | 000,000,000 | ---D | M] [2012/10/19 18:31:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hank\AppData\Roaming\Mozilla\Firefox\exte nsions O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKU\S-1-5-21-887285577-1908728387-2409366433-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-887285577-1908728387-2409366433-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-887285577-1908728387-2409366433-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableInstallerDetection = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableSecureUIAPaths = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableVirtualization = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: shutdownwithoutlogon = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: undockwithoutlogon = 1 () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 () O7 - HKU\S-1-5-21-887285577-1908728387-2409366433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{38EA1AED-2CF4-4AFF-823C-1A33F1C2EE61}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\linkscanner - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1 .dll) - File not found O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
|
|
#4
January 6th, 2013, 01:13 AM
|
|||
|
|||
|
========== Files/Folders - Created Within 30 Days ==========
[2013/01/05 23:50:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\hank\Desktop\OTL.exe [2013/01/05 19:47:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CasinoOnNet [2013/01/02 22:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2013/01/02 20:50:26 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\COMDLG32.OCX [2013/01/02 20:50:26 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSCMCFR.DLL [2013/01/02 20:50:26 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\VB6FR.DLL [2013/01/02 20:50:26 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\VB6STKIT.DLL [2013/01/02 20:50:26 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CMDLGFR.DLL [2013/01/02 20:50:26 | 000,000,000 | ---D | C] -- C:\Users\hank\AppData\Roaming\TFP [2013/01/02 20:50:00 | 000,000,000 | ---D | C] -- C:\Users\hank\AppData\Local\Torch [2013/01/02 12:42:21 | 000,132,864 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFW.sys [2013/01/02 12:42:03 | 000,262,656 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswNdis2.sys [2013/01/02 12:42:02 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\windows\SysNative\drivers\aswNdis.sys [2013/01/02 12:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security [2013/01/01 19:57:25 | 000,000,000 | ---D | C] -- C:\Users\hank\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Games [2013/01/01 19:57:25 | 000,000,000 | ---D | C] -- C:\Users\hank\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\888casino [2013/01/01 19:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\888casino [2013/01/01 19:57:11 | 000,000,000 | ---D | C] -- C:\Users\hank\AppData\Roaming\CasinoOnNet [2012/12/22 10:05:48 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll [2012/12/22 10:05:48 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll [2012/12/22 10:05:47 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll [2012/12/22 10:05:46 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll [2012/12/18 11:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft [2012/12/18 11:38:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2012/12/18 11:38:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012/12/18 11:35:01 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSSTDFMT.DLL [2012/12/13 18:23:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012/12/13 18:23:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012/12/13 18:23:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012/12/13 18:23:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012/12/13 18:23:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012/12/13 18:23:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012/12/13 18:23:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012/12/13 18:23:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012/12/13 18:23:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012/12/13 18:23:13 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012/12/13 18:23:13 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012/12/13 18:23:12 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2012/12/13 18:23:08 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012/12/13 18:23:08 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012/12/13 18:23:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2012/12/12 15:33:15 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll [2012/12/12 15:33:15 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll [2012/12/12 15:33:15 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe [2012/12/12 15:33:15 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll [2012/12/12 15:33:14 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll [2012/12/12 15:33:14 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll [2012/12/12 15:33:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe [2012/12/12 15:33:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll [2012/12/12 15:33:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll [2012/12/12 15:33:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll [2012/12/12 15:33:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe [2012/12/12 15:33:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012/12/12 15:33:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012/12/12 15:33:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012/12/12 15:33:13 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll [2012/12/12 15:33:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/12 15:33:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/12 15:33:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012/12/12 15:33:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012/12/12 15:33:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012/12/12 15:33:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/12 15:33:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012/12/12 15:33:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/12 15:33:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012/12/12 15:33:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/12 15:33:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/12 15:33:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/12 15:33:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/12 15:33:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012/12/12 15:33:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012/12/12 15:33:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/12 15:33:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012/12/12 15:33:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012/12/12 15:33:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012/12/12 15:33:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/12 15:33:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012/12/12 15:33:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012/12/12 15:33:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012/12/12 15:33:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/12 15:33:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012/12/12 15:33:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/12 15:33:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/12 15:33:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/12 15:33:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012/12/12 15:33:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012/12/12 15:33:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012/12/12 15:33:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012/12/12 15:33:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012/12/12 15:33:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012/12/12 15:33:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012/12/12 15:33:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/12 15:33:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/12 15:33:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012/12/12 15:33:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012/12/12 15:33:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012/12/12 15:33:06 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012/12/12 15:33:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012/12/12 15:33:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012/12/12 15:33:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012/12/12 15:33:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012/12/12 15:33:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012/12/12 15:33:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012/12/12 15:33:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012/12/12 15:33:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012/12/12 15:33:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012/12/12 15:33:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012/12/12 15:33:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012/12/12 15:33:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012/12/12 15:33:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe [2012/12/12 15:32:55 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll [2012/12/12 15:32:55 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll [2012/12/08 13:01:45 | 000,370,288 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys [2012/12/08 13:01:45 | 000,059,728 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys [2012/12/08 13:01:45 | 000,054,072 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys [2012/12/08 13:01:45 | 000,025,232 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys [2012/12/08 13:01:44 | 000,984,144 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys [2012/12/08 13:01:44 | 000,071,600 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys [2012/12/08 13:01:31 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe [2012/12/08 13:01:31 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr [1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/01/05 23:50:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hank\Desktop\OTL.exe [2013/01/05 23:48:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/01/05 23:39:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/05 19:47:53 | 000,001,988 | ---- | M] () -- C:\Users\hank\Application Data\Microsoft\Internet Explorer\Quick Launch\888casino.lnk [2013/01/05 19:47:53 | 000,001,970 | ---- | M] () -- C:\Users\hank\Desktop\888casino.lnk [2013/01/05 17:39:00 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/05 14:00:43 | 000,028,848 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/05 14:00:43 | 000,028,848 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/05 13:52:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/01/05 13:52:49 | 4204,314,624 | -HS- | M] () -- C:\hiberfil.sys [2013/01/05 12:04:19 | 000,011,493 | ---- | M] () -- C:\Users\hank\Desktop\1 [2013/01/04 10:31:00 | 000,170,554 | ---- | M] () -- C:\Users\hank\Desktop\cas.png [2013/01/04 10:30:21 | 000,234,648 | ---- | M] () -- C:\Users\hank\Desktop\untitled.png [2013/01/03 17:56:36 | 000,049,858 | ---- | M] () -- C:\Users\hank\Desktop\551085_314625788657253_20864 86760_n.jpg [2013/01/02 12:42:03 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2013/01/02 12:41:12 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2012/12/31 10:51:00 | 000,727,182 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/12/31 10:51:00 | 000,628,904 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/12/31 10:51:00 | 000,110,798 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/12/22 21:03:04 | 000,416,688 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/12/22 14:28:59 | 001,048,576 | ---- | M] () -- C:\Users\hank\Desktop\TP_PROG.dbs [2012/12/18 11:38:53 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Watch.lnk [2012/12/18 11:38:53 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2012/12/16 17:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll [2012/12/16 14:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll [2012/12/16 14:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll [2012/12/16 14:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll [2012/12/11 21:50:19 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012/12/11 21:50:19 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012/12/08 14:20:19 | 000,019,225 | ---- | M] () -- C:\Users\hank\Desktop\156904_292285420891499_43247 7167_n.jpg [2012/12/08 12:54:18 | 001,261,538 | ---- | M] () -- C:\Users\hank\AVGInstLog.cab [2012/12/07 22:47:15 | 000,002,620 | ---- | M] () -- C:\Users\hank\Desktop\IMG-20120907-00299 - Shortcut.lnk [1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/01/05 19:47:53 | 000,001,970 | ---- | C] () -- C:\Users\hank\Desktop\888casino.lnk [2013/01/05 12:04:19 | 000,011,493 | ---- | C] () -- C:\Users\hank\Desktop\1 [2013/01/04 10:31:00 | 000,170,554 | ---- | C] () -- C:\Users\hank\Desktop\cas.png [2013/01/03 17:57:47 | 000,049,858 | ---- | C] () -- C:\Users\hank\Desktop\551085_314625788657253_20864 86760_n.jpg [2013/01/02 12:41:12 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2013/01/01 19:57:25 | 000,001,988 | ---- | C] () -- C:\Users\hank\Application Data\Microsoft\Internet Explorer\Quick Launch\888casino.lnk [2012/12/22 14:28:59 | 001,048,576 | ---- | C] () -- C:\Users\hank\Desktop\TP_PROG.dbs [2012/12/18 11:38:53 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Watch.lnk [2012/12/18 11:38:53 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2012/12/08 14:21:04 | 000,019,225 | ---- | C] () -- C:\Users\hank\Desktop\156904_292285420891499_43247 7167_n.jpg [2012/12/08 12:54:18 | 001,261,538 | ---- | C] () -- C:\Users\hank\AVGInstLog.cab [2012/12/07 22:47:15 | 000,002,620 | ---- | C] () -- C:\Users\hank\Desktop\IMG-20120907-00299 - Shortcut.lnk [2012/10/26 15:51:52 | 000,074,703 | ---- | C] () -- C:\windows\SysWow64\mfc45.dll [2012/09/12 12:47:53 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat [2012/09/12 11:13:24 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2012/07/02 10:56:51 | 000,735,230 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/11/26 00:22:38 | 000,258,864 | ---- | C] () -- C:\windows\SUPDRun.exe [2011/11/26 00:21:47 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011/11/26 00:21:45 | 000,207,376 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011/11/26 00:21:45 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2011/11/25 09:21:09 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2011/11/25 08:29:38 | 000,002,558 | ---- | C] () -- C:\windows\HotFixList.ini [2011/11/25 08:11:17 | 000,142,128 | ---- | C] () -- C:\windows\wiainst64.exe ========== ZeroAccess Check ========== [2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:5C321E34 < End of report >
|
|
#5
January 6th, 2013, 01:14 AM
|
|||
|
|||
|
OTL Extras logfile created on: 05/01/2013 23:51:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\hank\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.92 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 48.05% Memory free 7.83 Gb Paging File | 5.62 Gb Available in Paging File | 71.82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 177.00 Gb Total Space | 107.48 Gb Free Space | 60.72% Space Free | Partition Type: NTFS Drive D: | 265.20 Gb Total Space | 44.46 Gb Free Space | 16.77% Space Free | Partition Type: NTFS Computer Name: HANK-PC | User Name: hank | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 -- () 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile] "EnableFirewall" = 1 -- () "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile] "EnableFirewall" = 1 -- () "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile] "EnableFirewall" = 1 -- () "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{28AA36F2-78CC-4C03-8D3C-2ED87228F724}" = lport=445 | protocol=6 | dir=in | app=system | "{2D983D8B-C7F8-469A-AB85-DC098E9096C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2F25B54F-98D0-46C8-A7B4-D39CCEBB53E0}" = rport=445 | protocol=6 | dir=out | app=system | "{371B08D5-F59A-49D1-92CD-6CE3F8CAD94D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4F509AD6-DD81-4D95-A020-36082D49F8CF}" = lport=138 | protocol=17 | dir=in | app=system | "{5F2C4024-9A32-40C9-A8E1-A23DA8BE2882}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{60461F78-9B84-4E10-A62F-FDD21344BB28}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{701EB6C2-AA23-4F68-A8AE-AF1D570150C8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{74A99D0A-F668-41CA-B860-0D61FBFFBE07}" = lport=137 | protocol=17 | dir=in | app=system | "{7CDDAA19-3944-4D87-BB21-D39602FF8A1E}" = rport=138 | protocol=17 | dir=out | app=system | "{B53014AC-B1B5-41D3-B809-1614893D8615}" = rport=139 | protocol=6 | dir=out | app=system | "{B8BA7B50-8A2F-4D3F-99CB-7C1C85AFE9C0}" = lport=139 | protocol=6 | dir=in | app=system | "{C72E6BC1-7570-4930-8FA3-664F270C3271}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CB3C06DB-FEF5-4466-9AD2-3F6CB8BD40B9}" = rport=137 | protocol=17 | dir=out | app=system | "{F5926496-F89D-40B4-B40E-62515484A1C9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{027203E4-5C0F-4B56-A761-CF2BA27D58C5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{16D356C7-7ADB-4CDF-AB3F-250E212183D6}" = dir=in | app=c:\program files (x86)\protected search\protectedsearch.exe | "{1CFA766E-AC98-45F0-8F7D-12DEF6C0F2B3}" = dir=in | app=c:\program files (x86)\protected search\protectedsearch.exe | "{205F8BD3-8164-408B-8D8C-C4BEF10411BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{33E9A98D-8633-4120-A24D-11669114068D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{35A362D3-7E2D-4F05-99F8-C8FB2B410103}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{35F8EBA2-D6A1-47F3-8700-1D9C10957A30}" = dir=out | app=c:\program files (x86)\protected search\protectedsearch.exe | "{3BEDADC0-F6FA-4EEA-BA6F-6CECB116662D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{4F14831D-A2A2-46CB-94EA-6D90646314F7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{58963A5C-3C1B-4E86-9EA9-92B4D64A1488}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe | "{5E3E27A5-5604-47BE-AABD-CD0D6C41B72E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{62524A7E-FF3E-4455-8C55-3FE5162A5228}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{64C87442-1E2D-4DDA-A5FF-6EF2FE9BB039}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6578BCB2-A5FD-44CF-9F6C-E385C670D489}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe | "{67F8BD4B-33C0-41B2-BFFD-AD5F21FCA63C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{6C00F669-AC2B-4252-B921-7C056B774165}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{721DFDD3-029E-495D-947F-B210C0ABE93C}" = protocol=6 | dir=in | app=c:\users\hank\appdata\local\directdownloader\d irectdownloader.exe | "{7874AE9C-62A6-49A0-9053-B8F54613DB2E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{84DB00FD-7BCF-4F15-8A33-A97EBB7E33A2}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe | "{8D239215-0626-4CC0-A4A5-146C2A99115F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{9275AD51-2964-4BDD-9F50-3DEA8D1E07B6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{993D67EF-CAAC-4072-A6BC-6EB9B8FAD297}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{9ACC77C4-B002-4D8D-A351-2FF56BAF1F12}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe | "{A0D5758C-C0A3-4449-BFF7-EA2F688BDAA7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{C1D83ECA-0A99-4DBC-B0A2-83C2CFD4DAF5}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe | "{C6F449DF-A558-41BC-A016-82F5BFC8BB73}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{CF88A920-F0DA-414E-8EF5-A951AE7A194B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D5A1C27B-F24A-4715-9011-B722396C00DB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{ED132840-F0C4-432E-845B-FD1E08E75361}" = protocol=17 | dir=in | app=c:\users\hank\appdata\local\directdownloader\d irectdownloader.exe | "{F2D89E48-EC61-45FE-A35F-96513D50153D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F85C9F36-637D-40A6-A93E-0B3506104954}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe | "{FA168A12-FD72-45B2-BDD9-C4E050B4EF50}" = dir=out | app=c:\program files (x86)\protected search\protectedsearch.exe | "{FD60C3D1-18E1-4399-BC7E-C95C881C25CD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "TCP Query User{8567C7F3-AB68-4DA0-9FA3-0001967AFB24}C:\windows\microsoft.net\framework\v2 .0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\ vbc.exe | "TCP Query User{F63AB8C3-3177-4762-B0F1-7A339E7AD770}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{20562C2C-7502-4D4C-89DE-39EBAD8FC98E}C:\windows\microsoft.net\framework\v2 .0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\ vbc.exe | "UDP Query User{DB1A0B3B-7859-419B-B9D6-5CA4C01F9197}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.54 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Elantech" = ETDWare PS/2-X64 8.0.7.2_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64) "{139C1D95-9037-3AB3-F5F4-4A79BF6831EC}" = WordCaptureX Pro "{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5 "{16880765-677F-440B-B16A-BFD9B9C00012}" = EasyFileShare "{17283B95-21A8-4996-97DA-547A48DB266F}" = Samsung Control Center "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37 "{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share "{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print "{331ECF61-69AF-4F57-AC35-AFED610231C3}" = Multimedia POP "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F50512F-53DF-46B1-8CCB-6C7E638CADD6}" = PhoneShare "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" = "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{915C56D7-1EFD-4BF3-9FBE-2B0D39F36525}" = calibre "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{CB383BE9-7518-4ABD-826E-8FC4695F7D52}" = Interactive Guide "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}" = SamsungMovie "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FDAE128F-A355-42B1-8422-1AF3ACEE34F4}" = SISShortcut "888casino" = 888casino "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AU10_is1" = Advanced Uninstaller PRO - Version 10 "AU11_is1" = Advanced Uninstaller PRO - Version 11 "avast" = avast! Internet Security "Canon MP280 series User Registration" = Canon MP280 series User Registration "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "ProInst" = Intel PROSet Wireless "Protected Search_is1" = Protected Search 1.1 "Samsung Printer Live Update" = Samsung Printer Live Update "Samsung Universal Print Driver" = Samsung Universal Print Driver "Samsung Universal Scan Driver" = Samsung Universal Scan Driver "Vid-Saver" = Vid-Saver ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/10/2012 11:40:42 | Computer Name = hank-PC | Source = Windows Search Service | ID = 1006 Description = Error - 11/10/2012 11:44:32 | Computer Name = hank-PC | Source = Windows Search Service | ID = 1006 Description = Error - 11/10/2012 11:44:36 | Computer Name = hank-PC | Source = Windows Search Service | ID = 1006 Description = Error - 11/10/2012 12:25:48 | Computer Name = hank-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 5e4 Start Time: 01cda7c858ed896b Termination Time: 70 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: Error - 11/10/2012 12:29:39 | Computer Name = hank-PC | Source = Windows Search Service | ID = 1006 Description = Error - 11/10/2012 12:29:46 | Computer Name = hank-PC | Source = Windows Search Service | ID = 1006 Description = Error - 11/10/2012 12:29:47 | Computer Name = hank-PC | Source = Windows Search Service | ID = 1006 Description = Error - 11/10/2012 12:30:55 | Computer Name = hank-PC | Source = Windows Search Service | ID = 1006 Description = Error - 11/10/2012 12:30:57 | Computer Name = hank-PC | Source = Windows Search Service | ID = 1006 Description = Error - 11/10/2012 12:36:57 | Computer Name = hank-PC | Source = Windows Search Service | ID = 1006 Description = Error - 11/10/2012 12:36:59 | Computer Name = hank-PC | Source = Windows Search Service | ID = 1006 Description = [ System Events ] Error - 05/01/2013 09:54:35 | Computer Name = hank-PC | Source = Service Control Manager | ID = 7031 Description = The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 05/01/2013 09:54:35 | Computer Name = hank-PC | Source = Service Control Manager | ID = 7031 Description = The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error - 05/01/2013 09:54:35 | Computer Name = hank-PC | Source = Service Control Manager | ID = 7031 Description = The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 05/01/2013 09:54:35 | Computer Name = hank-PC | Source = Service Control Manager | ID = 7031 Description = The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 05/01/2013 09:54:35 | Computer Name = hank-PC | Source = Service Control Manager | ID = 7031 Description = The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error - 05/01/2013 09:55:35 | Computer Name = hank-PC | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: %%1056 Error - 05/01/2013 09:55:35 | Computer Name = hank-PC | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: %%1056 Error - 05/01/2013 09:56:35 | Computer Name = hank-PC | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: %%1056 Error - 05/01/2013 09:56:35 | Computer Name = hank-PC | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: %%1056 Error - 05/01/2013 09:56:35 | Computer Name = hank-PC | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: %%1056 < End of report >
|
|
#6
January 6th, 2013, 01:19 AM
|
|||
|
|||
|
MER 2.0.18327 - http://www.gmer.net
Rootkit scan 2013-01-06 00:18:51 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST500LM0 rev.2AR1 465.76GB Running: bityv5kf.exe; Driver: C:\Users\hank\AppData\Local\Temp\kxldipoc.sys ---- Threads - GMER 2.0 ---- Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1464] 0000000077c22e25 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1468] 000000007392345e Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1480] 00000000760f7587 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1484] 00000000735b8d60 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1560] 00000000733b6fe0 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1564] 00000000733b6900 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:2040] 00000000733ac220 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:2044] 00000000733ac220 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:492] 00000000733ac220 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1076] 00000000733ad470 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1120] 00000000733aca80 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1132] 00000000733c86a0 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1144] 00000000733c7480 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1136] 00000000733c7850 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1152] 00000000733ae780 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1188] 00000000733ae780 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1192] 00000000733ae780 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1256] 00000000716d12f0 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1260] 00000000716d2c10 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1320] 00000000716d2c10 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1348] 00000000716b1070 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1344] 000000007392345e Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1380] 000000007392345e Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1408] 0000000071671010 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1488] 00000000716512f0 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1500] 0000000071631000 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1688] 00000000733b7b60 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1712] 00000000733ae280 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:480] 000000007392345e Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1736] 00000000734c5400 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1512] 00000000735b4290 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1904] 000000007392345e Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1828] 00000000735b8650 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1300] 00000000735c28c0 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1296] 00000000735c6680 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1292] 00000000735b9280 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1288] 00000000735bb070 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1280] 00000000735bb070 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1272] 00000000735bb070 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1264] 00000000735bb070 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1268] 00000000735bb070 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1992] 00000000735c0a60 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1996] 000000007392345e Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1228] 0000000077c23e45 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:4840] 000000007392345e Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1404] 000000007392345e Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:4884] 00000000716b16a0 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:3176] 0000000071e76120 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:3844] 0000000071631280 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1888] 00000000730e1670 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:3336] 00000000730e1840 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:4932] 00000000739232ce Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:5872] 00000000739232ce Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:4580] 00000000739232ce Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:4188] 00000000739232ce Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:5864] 00000000739232ce Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:5168] 00000000739232ce Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:5344] 00000000739232ce Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:472] 00000000739232ce Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:5472] 00000000739232ce Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:3196] 00000000739232ce Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1400] 00000000739232ce Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:1472] 00000000709b24c7 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:4548] 00000000714c62ee Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:5932] 0000000077c23e45 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:5732] 0000000077c23e45 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:504] 0000000077c23e45 Thread C:\Program Files\AVAST Software\Avast\AvastSvc.exe [1444:4568] 0000000077c23e45 ---- Processes - GMER 2.0 ---- Library ? (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [4480] 000007fefe570000 Library ? (*** suspicious ***) @ C:\windows\System32\svchost.exe [1900] 000007fef0ef0000 ---- EOF - GMER 2.0 ----
|
|
#7
January 6th, 2013, 01:20 AM
|
|||
|
|||
|
ER 2.0.18327 - http://www.gmer.net
Rootkit scan 2013-01-06 00:19:12 Windows 6.1.7601 Service Pack 1 x64 Running: bityv5kf.exe ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Paramet ers\Keys\002454f1dec2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Paramet ers\Keys\b8030508d076 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Paramet ers\Keys\b8030508d076@58170c35c667 0x74 0x68 0x17 0x78 ... Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Paramet ers\Keys\dca971076042 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Paramet ers\Keys\dca9710821f3 (not active ControlSet) Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\002454f1dec2 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\b8030508d076 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\b8030508d076@58170c35c667 0x74 0x68 0x17 0x78 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\dca971076042 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\dca9710821f3 Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Paramet ers\Keys\002454f1dec2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Paramet ers\Keys\b8030508d076 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Paramet ers\Keys\b8030508d076@58170c35c667 0x74 0x68 0x17 0x78 ... Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Paramet ers\Keys\dca971076042 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Paramet ers\Keys\dca9710821f3 (not active ControlSet) ---- EOF - GMER 2.0 ----
|
|
#8
January 6th, 2013, 01:30 AM
|
|||
|
|||
|
swMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-06 00:25:41 ----------------------------- 00:25:41.633 OS Version: Windows x64 6.1.7601 Service Pack 1 00:25:41.633 Number of processors: 2 586 0x2A07 00:25:41.634 ComputerName: HANK-PC UserName: hank 00:25:44.616 Initialize success 00:25:44.863 AVAST engine defs: 13010501 00:25:47.041 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 00:25:47.043 Disk 0 Vendor: ST500LM0 2AR1 Size: 476940MB BusType: 3 00:25:47.083 Disk 0 MBR read successfully 00:25:47.085 Disk 0 MBR scan 00:25:47.088 Disk 0 unknown MBR code 00:25:47.113 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 00:25:47.137 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 181248 MB offset 206848 00:25:47.140 Disk 0 Partition - 00 0F Extended LBA 271568 MB offset 371402752 00:25:47.180 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 24023 MB offset 927574016 00:25:47.270 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 271567 MB offset 371404800 00:25:47.340 Disk 0 scanning C:\windows\system32\drivers 00:25:56.147 Service scanning 00:26:22.315 Modules scanning 00:26:22.334 Disk 0 trace - called modules: 00:26:22.371 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 00:26:22.382 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800681a400] 00:26:22.393 3 CLASSPNP.SYS[fffff88001b9943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a3d050] 00:26:22.877 AVAST engine scan C:\windows 00:26:27.381 AVAST engine scan C:\windows\system32 00:29:07.224 AVAST engine scan C:\windows\system32\drivers 00:29:15.710 AVAST engine scan C:\Users\hank 00:29:38.328 Disk 0 MBR has been saved successfully to "C:\Users\hank\Desktop\MBR.dat" 00:29:38.333 The log file has been saved successfully to "C:\Users\hank\Desktop\aswMBR.txt" here you go jintan
|
|
#9
January 6th, 2013, 02:16 AM
|
||||
|
||||
|
Be sure to continue to temporarily disable any protective software when running the scan tools we use here.
Click here and download Kaspersky's TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller. In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot (Reboot Now) if requested. When the scan completes it will create a log file on your C drive. Similar in name to this: C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt Your copy will be different - some of those numbers will reflect the date/time it was just run by you there. Copy/paste those contents back here please. If it does locate malware, but does not prompt for a reboot, go ahead and do reboot. ----------- Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/) to your desktop. Click the RogueKiller icon next to: (Download link) : Lien de téléchargement  .Close all open programs Remember to right click -> run as administrator, and click the downloaded file. When prompted, type 1, and press Enter. A RKreport.txt will be created in the same location as the RogueKiller file. If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again. Please post the contents of the RKreport.txt.
|
|
#10
January 6th, 2013, 01:11 PM
|
|||
|
|||
|
2:05:21.0850 1304 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:05:22.0150 1304 ================================================== ========== 12:05:22.0150 1304 Current date / time: 2013/01/06 12:05:22.0150 12:05:22.0150 1304 SystemInfo: 12:05:22.0150 1304 12:05:22.0150 1304 OS Version: 6.1.7601 ServicePack: 1.0 12:05:22.0150 1304 Product type: Workstation 12:05:22.0150 1304 ComputerName: HANK-PC 12:05:22.0150 1304 UserName: hank 12:05:22.0150 1304 Windows directory: C:\windows 12:05:22.0150 1304 System windows directory: C:\windows 12:05:22.0150 1304 Running under WOW64 12:05:22.0150 1304 Processor architecture: Intel x64 12:05:22.0150 1304 Number of processors: 2 12:05:22.0150 1304 Page size: 0x1000 12:05:22.0150 1304 Boot type: Normal boot 12:05:22.0150 1304 ================================================== ========== 12:05:22.0554 1304 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:05:22.0558 1304 ================================================== ========== 12:05:22.0558 1304 \Device\Harddisk0\DR0: 12:05:22.0558 1304 MBR partitions: 12:05:22.0558 1304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 12:05:22.0558 1304 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x16200000 12:05:22.0576 1304 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x16233000, BlocksNum 0x21267800 12:05:22.0576 1304 ================================================== ========== 12:05:22.0611 1304 C: <-> \Device\Harddisk0\DR0\Partition2 12:05:22.0666 1304 D: <-> \Device\Harddisk0\DR0\Partition3 12:05:22.0666 1304 ================================================== ========== 12:05:22.0666 1304 Initialize success 12:05:22.0666 1304 ================================================== ========== 12:05:27.0448 4824 ================================================== ========== 12:05:27.0448 4824 Scan started 12:05:27.0448 4824 Mode: Manual; 12:05:27.0448 4824 ================================================== ========== 12:05:27.0797 4824 ================ Scan system memory ======================== 12:05:27.0797 4824 System memory - ok 12:05:27.0798 4824 ================ Scan services ============================= 12:05:27.0992 4824 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys 12:05:27.0999 4824 1394ohci - ok 12:05:28.0090 4824 [ 10A1C82D74BF6B4CECFF4C303469A75F ] aawservice C:\Program Files (x86)\Lavasoft\Ad-Aware\aawservice.exe 12:05:28.0102 4824 aawservice - ok 12:05:28.0178 4824 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys 12:05:28.0186 4824 ACPI - ok 12:05:28.0206 4824 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys 12:05:28.0207 4824 AcpiPmi - ok 12:05:28.0272 4824 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 12:05:28.0274 4824 AdobeARMservice - ok 12:05:28.0428 4824 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe 12:05:28.0433 4824 AdobeFlashPlayerUpdateSvc - ok 12:05:28.0491 4824 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys 12:05:28.0500 4824 adp94xx - ok 12:05:28.0512 4824 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys 12:05:28.0519 4824 adpahci - ok 12:05:28.0527 4824 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys 12:05:28.0530 4824 adpu320 - ok 12:05:28.0558 4824 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll 12:05:28.0560 4824 AeLookupSvc - ok 12:05:28.0618 4824 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys 12:05:28.0630 4824 AFD - ok 12:05:28.0656 4824 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys 12:05:28.0658 4824 agp440 - ok 12:05:28.0735 4824 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe 12:05:28.0738 4824 ALG - ok 12:05:28.0753 4824 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys 12:05:28.0755 4824 aliide - ok 12:05:28.0777 4824 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys 12:05:28.0779 4824 amdide - ok 12:05:28.0786 4824 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys 12:05:28.0788 4824 AmdK8 - ok 12:05:28.0795 4824 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys 12:05:28.0797 4824 AmdPPM - ok 12:05:28.0832 4824 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys 12:05:28.0835 4824 amdsata - ok 12:05:28.0870 4824 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys 12:05:28.0874 4824 amdsbs - ok 12:05:28.0948 4824 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys 12:05:28.0949 4824 amdxata - ok 12:05:28.0987 4824 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPAL C:\windows\system32\DRIVERS\AMPPAL.sys 12:05:28.0996 4824 AMPPAL - ok 12:05:29.0007 4824 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPALP C:\windows\system32\DRIVERS\amppal.sys 12:05:29.0012 4824 AMPPALP - ok 12:05:29.0171 4824 [ 83A0E7BA4AE616D3654E700D9C5FF9DB ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe 12:05:29.0190 4824 AMPPALR3 - ok 12:05:29.0219 4824 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys 12:05:29.0222 4824 AppID - ok 12:05:29.0256 4824 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll 12:05:29.0258 4824 AppIDSvc - ok 12:05:29.0264 4824 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll 12:05:29.0267 4824 Appinfo - ok 12:05:29.0340 4824 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys 12:05:29.0343 4824 arc - ok 12:05:29.0368 4824 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys 12:05:29.0371 4824 arcsas - ok 12:05:29.0410 4824 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys 12:05:29.0411 4824 aswFsBlk - ok 12:05:29.0459 4824 [ 9FFC732E12FF53E05FE9E02C8C00CE87 ] aswFW C:\windows\system32\drivers\aswFW.sys 12:05:29.0462 4824 aswFW - ok 12:05:29.0581 4824 [ 6B91E6D483AADB3FC4E13E2355200611 ] aswKbd C:\windows\system32\drivers\aswKbd.sys 12:05:29.0583 4824 aswKbd - ok 12:05:29.0638 4824 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys 12:05:29.0641 4824 aswMonFlt - ok 12:05:29.0688 4824 [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis C:\windows\system32\DRIVERS\aswNdis.sys 12:05:29.0689 4824 aswNdis - ok 12:05:29.0803 4824 [ 5A832BBB1B563B6B3FDA46239B630037 ] aswNdis2 C:\windows\system32\drivers\aswNdis2.sys 12:05:29.0811 4824 aswNdis2 - ok 12:05:29.0839 4824 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\windows\System32\Drivers\aswrdr2.sys 12:05:29.0841 4824 aswRdr - ok 12:05:29.0893 4824 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\windows\system32\drivers\aswSnx.sys 12:05:29.0905 4824 aswSnx - ok 12:05:29.0943 4824 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\windows\system32\drivers\aswSP.sys 12:05:29.0947 4824 aswSP - ok 12:05:30.0040 4824 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\windows\system32\drivers\aswTdi.sys 12:05:30.0042 4824 aswTdi - ok 12:05:30.0084 4824 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 12:05:30.0086 4824 AsyncMac - ok 12:05:30.0117 4824 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys 12:05:30.0118 4824 atapi - ok 12:05:30.0185 4824 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll 12:05:30.0200 4824 AudioEndpointBuilder - ok 12:05:30.0216 4824 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll 12:05:30.0224 4824 AudioSrv - ok 12:05:30.0292 4824 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 12:05:30.0294 4824 avast! Antivirus - ok 12:05:30.0320 4824 [ BC0E07A768A0A14C48E3CE1875F2C377 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe 12:05:30.0323 4824 avast! Firewall - ok 12:05:30.0366 4824 [ F823D184B8E8FFB8DA3EAD45DBF5BD6A ] AVGIDSEH C:\windows\system32\DRIVERS\AVGIDSEH.Sys 12:05:30.0367 4824 AVGIDSEH - ok 12:05:30.0418 4824 [ 6699ECE24FE4B3F752A66C66A602EE86 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe 12:05:30.0423 4824 avgwd - ok 12:05:30.0464 4824 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll 12:05:30.0469 4824 AxInstSV - ok 12:05:30.0509 4824 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys 12:05:30.0517 4824 b06bdrv - ok 12:05:30.0531 4824 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys 12:05:30.0536 4824 b57nd60a - ok 12:05:30.0554 4824 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll 12:05:30.0556 4824 BDESVC - ok 12:05:30.0565 4824 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys 12:05:30.0566 4824 Beep - ok 12:05:30.0588 4824 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll 12:05:30.0597 4824 BFE - ok 12:05:30.0645 4824 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll 12:05:30.0655 4824 BITS - ok 12:05:30.0721 4824 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys 12:05:30.0723 4824 blbdrive - ok 12:05:30.0821 4824 [ 5FF7B9916A10E8E69E7C0D16F0B4787A ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe 12:05:30.0835 4824 Bluetooth Device Monitor - ok 12:05:30.0869 4824 [ E43D73CAF1023976EFBA1D0F0E69E271 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe 12:05:30.0880 4824 Bluetooth Media Service - ok 12:05:30.0910 4824 [ 20427929646784A482DF34EF8C4FED23 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe 12:05:30.0917 4824 Bluetooth OBEX Service - ok 12:05:30.0951 4824 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys 12:05:30.0953 4824 bowser - ok 12:05:30.0985 4824 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys 12:05:30.0987 4824 BrFiltLo - ok 12:05:30.0994 4824 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys 12:05:30.0996 4824 BrFiltUp - ok 12:05:31.0024 4824 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll 12:05:31.0027 4824 Browser - ok 12:05:31.0062 4824 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys 12:05:31.0068 4824 Brserid - ok 12:05:31.0074 4824 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys 12:05:31.0076 4824 BrSerWdm - ok 12:05:31.0082 4824 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys 12:05:31.0084 4824 BrUsbMdm - ok 12:05:31.0090 4824 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys 12:05:31.0091 4824 BrUsbSer - ok 12:05:31.0113 4824 [ 9D95F74875491CECBF9E10A5936A570E ] BtFilter C:\windows\system32\DRIVERS\btfilter.sys 12:05:31.0116 4824 BtFilter - ok 12:05:31.0208 4824 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys 12:05:31.0211 4824 BthEnum - ok 12:05:31.0220 4824 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys 12:05:31.0223 4824 BTHMODEM - ok 12:05:31.0250 4824 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys 12:05:31.0251 4824 BthPan - ok 12:05:31.0296 4824 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys 12:05:31.0305 4824 BTHPORT - ok 12:05:31.0384 4824 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll 12:05:31.0388 4824 bthserv - ok 12:05:31.0416 4824 [ A5B3E8B2B78C7B3DA56A0DE490E6718C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe 12:05:31.0417 4824 BTHSSecurityMgr - ok 12:05:31.0440 4824 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys 12:05:31.0443 4824 BTHUSB - ok 12:05:31.0472 4824 [ 274E47BD9C1367BDBFA9DF10C2E6C544 ] btmaudio C:\windows\system32\drivers\btmaud.sys 12:05:31.0474 4824 btmaudio - ok 12:05:31.0549 4824 [ 75EAB5AAF6E9F83739249CE60B4B9C39 ] btmaux C:\windows\system32\DRIVERS\btmaux.sys 12:05:31.0552 4824 btmaux - ok 12:05:31.0574 4824 [ 0B1CC2221DC5990E4557A78CE9AFAD4F ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys 12:05:31.0581 4824 btmhsf - ok 12:05:31.0622 4824 [ A8AD33C9DD88C810CAC00ACC7F4329FB ] ccSet_NST C:\windows\system32\drivers\NSTx64\0200000.010\ccS etx64.sys 12:05:31.0625 4824 ccSet_NST - ok 12:05:31.0660 4824 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys 12:05:31.0663 4824 cdfs - ok 12:05:31.0734 4824 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys 12:05:31.0738 4824 cdrom - ok 12:05:31.0767 4824 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll 12:05:31.0770 4824 CertPropSvc - ok 12:05:31.0777 4824 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys 12:05:31.0780 4824 circlass - ok 12:05:31.0803 4824 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys 12:05:31.0810 4824 CLFS - ok 12:05:31.0940 4824 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe 12:05:31.0944 4824 clr_optimization_v2.0.50727_32 - ok 12:05:32.0022 4824 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\ms corsvw.exe 12:05:32.0027 4824 clr_optimization_v2.0.50727_64 - ok 12:05:32.0130 4824 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe 12:05:32.0154 4824 clr_optimization_v4.0.30319_32 - ok 12:05:32.0194 4824 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\ms corsvw.exe 12:05:32.0197 4824 clr_optimization_v4.0.30319_64 - ok 12:05:32.0222 4824 [ E13A438F9E51DD034730678E33B73290 ] clwvd C:\windows\system32\DRIVERS\clwvd.sys 12:05:32.0223 4824 clwvd - ok 12:05:32.0233 4824 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys 12:05:32.0234 4824 CmBatt - ok 12:05:32.0261 4824 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys 12:05:32.0262 4824 cmdide - ok 12:05:32.0301 4824 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys 12:05:32.0311 4824 CNG - ok 12:05:32.0381 4824 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys 12:05:32.0382 4824 Compbatt - ok 12:05:32.0390 4824 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys 12:05:32.0393 4824 CompositeBus - ok 12:05:32.0398 4824 COMSysApp - ok 12:05:32.0418 4824 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys 12:05:32.0420 4824 crcdisk - ok 12:05:32.0475 4824 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll 12:05:32.0478 4824 CryptSvc - ok 12:05:32.0627 4824 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 12:05:32.0643 4824 cvhsvc - ok 12:05:32.0688 4824 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll 12:05:32.0700 4824 DcomLaunch - ok 12:05:32.0730 4824 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll 12:05:32.0736 4824 defragsvc - ok 12:05:32.0760 4824 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys 12:05:32.0763 4824 DfsC - ok 12:05:32.0786 4824 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll 12:05:32.0792 4824 Dhcp - ok 12:05:32.0809 4824 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys 12:05:32.0810 4824 discache - ok 12:05:32.0822 4824 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys 12:05:32.0824 4824 Disk - ok 12:05:32.0861 4824 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll 12:05:32.0866 4824 Dnscache - ok 12:05:32.0875 4824 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll 12:05:32.0881 4824 dot3svc - ok 12:05:32.0945 4824 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll 12:05:32.0950 4824 DPS - ok 12:05:32.0978 4824 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 12:05:32.0979 4824 drmkaud - ok 12:05:33.0024 4824 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys 12:05:33.0039 4824 DXGKrnl - ok 12:05:33.0051 4824 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll 12:05:33.0054 4824 EapHost - ok 12:05:33.0117 4824 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys 12:05:33.0170 4824 ebdrv - ok 12:05:33.0215 4824 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe 12:05:33.0221 4824 EFS - ok 12:05:33.0285 4824 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe 12:05:33.0298 4824 ehRecvr - ok 12:05:33.0311 4824 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe 12:05:33.0315 4824 ehSched - ok 12:05:33.0366 4824 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys 12:05:33.0378 4824 elxstor - ok 12:05:33.0399 4824 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys 12:05:33.0400 4824 ErrDev - ok 12:05:33.0493 4824 [ 9D8739A2A2173C9D27C499A3FC6EDA3F ] ETD C:\windows\system32\DRIVERS\ETD.sys 12:05:33.0496 4824 ETD - ok 12:05:33.0553 4824 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll 12:05:33.0564 4824 EventSystem - ok 12:05:33.0588 4824 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys 12:05:33.0593 4824 exfat - ok 12:05:33.0611 4824 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys 12:05:33.0617 4824 fastfat - ok 12:05:33.0649 4824 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe 12:05:33.0665 4824 Fax - ok 12:05:33.0694 4824 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys 12:05:33.0696 4824 fdc - ok 12:05:33.0709 4824 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll 12:05:33.0712 4824 fdPHost - ok 12:05:33.0725 4824 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll 12:05:33.0728 4824 FDResPub - ok 12:05:33.0743 4824 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys 12:05:33.0745 4824 FileInfo - ok 12:05:33.0760 4824 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys 12:05:33.0762 4824 Filetrace - ok 12:05:33.0767 4824 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys 12:05:33.0768 4824 flpydisk - ok 12:05:33.0794 4824 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 12:05:33.0799 4824 FltMgr - ok 12:05:33.0845 4824 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll 12:05:33.0858 4824 FontCache - ok 12:05:33.0895 4824 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe 12:05:33.0899 4824 FontCache3.0.0.0 - ok 12:05:33.0916 4824 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys 12:05:33.0919 4824 FsDepends - ok 12:05:33.0959 4824 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 12:05:33.0961 4824 Fs_Rec - ok 12:05:33.0996 4824 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys 12:05:34.0001 4824 fvevol - ok 12:05:34.0021 4824 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys 12:05:34.0024 4824 gagp30kx - ok 12:05:34.0070 4824 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll 12:05:34.0083 4824 gpsvc - ok 12:05:34.0130 4824 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 12:05:34.0132 4824 gupdate - ok 12:05:34.0141 4824 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 12:05:34.0144 4824 gupdatem - ok 12:05:34.0190 4824 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 12:05:34.0192 4824 gusvc - ok 12:05:34.0256 4824 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys 12:05:34.0259 4824 hcw85cir - ok 12:05:34.0286 4824 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys 12:05:34.0294 4824 HdAudAddService - ok 12:05:34.0311 4824 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys 12:05:34.0313 4824 HDAudBus - ok 12:05:34.0332 4824 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys 12:05:34.0333 4824 HidBatt - ok 12:05:34.0339 4824 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys 12:05:34.0341 4824 HidBth - ok 12:05:34.0357 4824 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys 12:05:34.0359 4824 HidIr - ok 12:05:34.0393 4824 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll 12:05:34.0396 4824 hidserv - ok 12:05:34.0416 4824 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys 12:05:34.0417 4824 HidUsb - ok 12:05:34.0444 4824 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll 12:05:34.0448 4824 hkmsvc - ok 12:05:34.0522 4824 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll 12:05:34.0532 4824 HomeGroupListener - ok 12:05:34.0575 4824 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll 12:05:34.0586 4824 HomeGroupProvider - ok 12:05:34.0609 4824 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys 12:05:34.0613 4824 HpSAMD - ok 12:05:34.0696 4824 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys 12:05:34.0713 4824 HTTP - ok 12:05:34.0734 4824 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys 12:05:34.0736 4824 hwpolicy - ok 12:05:34.0742 4824 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys 12:05:34.0744 4824 i8042prt - ok 12:05:34.0780 4824 [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys 12:05:34.0785 4824 iaStor - ok 12:05:34.0863 4824 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys 12:05:34.0873 4824 iaStorV - ok 12:05:34.0898 4824 [ 8A4EC1C3F10385181B1066120C610AE5 ] iBtFltCoex C:\windows\system32\DRIVERS\iBtFltCoex.sys 12:05:34.0899 4824 iBtFltCoex - ok 12:05:34.0957 4824 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 12:05:34.0976 4824 idsvc - ok 12:05:35.0218 4824 [ 8CB8667F5A3B5515F2585F3254F3AAF7 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys 12:05:35.0426 4824 igfx - ok 12:05:35.0454 4824 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys 12:05:35.0456 4824 iirsp - ok 12:05:35.0561 4824 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll 12:05:35.0575 4824 IKEEXT - ok 12:05:35.0667 4824 [ 65F70696BE5ABC11634FCF96AF7D7896 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys 12:05:35.0688 4824 IntcAzAudAddService - ok 12:05:35.0720 4824 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys 12:05:35.0728 4824 IntcDAud - ok 12:05:35.0789 4824 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys 12:05:35.0791 4824 intelide - ok 12:05:35.0822 4824 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys 12:05:35.0824 4824 intelppm - ok 12:05:35.0839 4824 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll 12:05:35.0844 4824 IPBusEnum - ok 12:05:35.0860 4824 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 12:05:35.0862 4824 IpFilterDriver - ok 12:05:35.0918 4824 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll 12:05:35.0931 4824 iphlpsvc - ok 12:05:35.0937 4824 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys 12:05:35.0939 4824 IPMIDRV - ok 12:05:35.0946 4824 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys 12:05:35.0948 4824 IPNAT - ok 12:05:35.0985 4824 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys 12:05:35.0986 4824 IRENUM - ok 12:05:36.0007 4824 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys 12:05:36.0009 4824 isapnp - ok 12:05:36.0036 4824 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys 12:05:36.0042 4824 iScsiPrt - ok 12:05:36.0055 4824 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys 12:05:36.0056 4824 kbdclass - ok 12:05:36.0075 4824 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys 12:05:36.0076 4824 kbdhid - ok 12:05:36.0144 4824 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe 12:05:36.0150 4824 KeyIso - ok 12:05:36.0175 4824 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys 12:05:36.0179 4824 KSecDD - ok 12:05:36.0218 4824 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys 12:05:36.0222 4824 KSecPkg - ok 12:05:36.0244 4824 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys 12:05:36.0246 4824 ksthunk - ok 12:05:36.0341 4824 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll 12:05:36.0355 4824 KtmRm - ok 12:05:36.0396 4824 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll 12:05:36.0407 4824 LanmanServer - ok 12:05:36.0440 4824 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll 12:05:36.0449 4824 LanmanWorkstation - ok 12:05:36.0470 4824 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys 12:05:36.0472 4824 lltdio - ok 12:05:36.0508 4824 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll 12:05:36.0517 4824 lltdsvc - ok 12:05:36.0580 4824 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll 12:05:36.0586 4824 lmhosts - ok 12:05:36.0625 4824 [ F4A17DCAB576267C85663E64F3ACE5A4 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 12:05:36.0631 4824 LMS - ok 12:05:36.0651 4824 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys 12:05:36.0655 4824 LSI_FC - ok 12:05:36.0680 4824 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys 12:05:36.0683 4824 LSI_SAS - ok 12:05:36.0742 4824 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys 12:05:36.0744 4824 LSI_SAS2 - ok 12:05:36.0759 4824 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys 12:05:36.0764 4824 LSI_SCSI - ok 12:05:36.0786 4824 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys 12:05:36.0789 4824 luafv - ok 12:05:36.0825 4824 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll 12:05:36.0828 4824 Mcx2Svc - ok 12:05:36.0841 4824 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys 12:05:36.0843 4824 megasas - ok 12:05:36.0875 4824 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys 12:05:36.0879 4824 MegaSR - ok 12:05:36.0910 4824 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys 12:05:36.0911 4824 MEIx64 - ok 12:05:37.0037 4824 Microsoft SharePoint Workspace Audit Service - ok 12:05:37.0074 4824 [ E40E80D0304A73E8D269F7141D77250B ]
|
|
#11
January 6th, 2013, 01:12 PM
|
|||
|
|||
|
MMCSS C:\windows\system32\mmcss.dll
12:05:37.0080 4824 MMCSS - ok 12:05:37.0098 4824 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys 12:05:37.0100 4824 Modem - ok 12:05:37.0117 4824 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys 12:05:37.0118 4824 monitor - ok 12:05:37.0189 4824 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys 12:05:37.0191 4824 mouclass - ok 12:05:37.0214 4824 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys 12:05:37.0217 4824 mouhid - ok 12:05:37.0226 4824 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys 12:05:37.0229 4824 mountmgr - ok 12:05:37.0253 4824 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys 12:05:37.0257 4824 mpio - ok 12:05:37.0264 4824 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys 12:05:37.0267 4824 mpsdrv - ok 12:05:37.0296 4824 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll 12:05:37.0308 4824 MpsSvc - ok 12:05:37.0330 4824 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys 12:05:37.0332 4824 MRxDAV - ok 12:05:37.0362 4824 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys 12:05:37.0365 4824 mrxsmb - ok 12:05:37.0380 4824 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys 12:05:37.0384 4824 mrxsmb10 - ok 12:05:37.0445 4824 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys 12:05:37.0449 4824 mrxsmb20 - ok 12:05:37.0479 4824 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys 12:05:37.0480 4824 msahci - ok 12:05:37.0500 4824 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys 12:05:37.0505 4824 msdsm - ok 12:05:37.0519 4824 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe 12:05:37.0527 4824 MSDTC - ok 12:05:37.0555 4824 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys 12:05:37.0557 4824 Msfs - ok 12:05:37.0574 4824 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys 12:05:37.0575 4824 mshidkmdf - ok 12:05:37.0594 4824 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys 12:05:37.0595 4824 msisadrv - ok 12:05:37.0626 4824 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll 12:05:37.0630 4824 MSiSCSI - ok 12:05:37.0634 4824 msiserver - ok 12:05:37.0652 4824 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 12:05:37.0653 4824 MSKSSRV - ok 12:05:37.0663 4824 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 12:05:37.0664 4824 MSPCLOCK - ok 12:05:37.0685 4824 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys 12:05:37.0686 4824 MSPQM - ok 12:05:37.0707 4824 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys 12:05:37.0713 4824 MsRPC - ok 12:05:37.0743 4824 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys 12:05:37.0744 4824 mssmbios - ok 12:05:37.0812 4824 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys 12:05:37.0814 4824 MSTEE - ok 12:05:37.0829 4824 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys 12:05:37.0831 4824 MTConfig - ok 12:05:37.0836 4824 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys 12:05:37.0838 4824 Mup - ok 12:05:37.0868 4824 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll 12:05:37.0879 4824 napagent - ok 12:05:37.0903 4824 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys 12:05:37.0909 4824 NativeWifiP - ok 12:05:37.0948 4824 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys 12:05:37.0961 4824 NDIS - ok 12:05:37.0990 4824 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys 12:05:37.0992 4824 NdisCap - ok 12:05:38.0004 4824 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 12:05:38.0006 4824 NdisTapi - ok 12:05:38.0077 4824 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 12:05:38.0080 4824 Ndisuio - ok 12:05:38.0100 4824 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 12:05:38.0105 4824 NdisWan - ok 12:05:38.0114 4824 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys 12:05:38.0117 4824 NDProxy - ok 12:05:38.0127 4824 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 12:05:38.0130 4824 NetBIOS - ok 12:05:38.0144 4824 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys 12:05:38.0148 4824 NetBT - ok 12:05:38.0163 4824 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe 12:05:38.0166 4824 Netlogon - ok 12:05:38.0246 4824 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll 12:05:38.0260 4824 Netman - ok 12:05:38.0275 4824 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll 12:05:38.0284 4824 netprofm - ok 12:05:38.0308 4824 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 12:05:38.0310 4824 NetTcpPortSharing - ok 12:05:38.0509 4824 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys 12:05:38.0668 4824 NETwNs64 - ok 12:05:38.0703 4824 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys 12:05:38.0705 4824 nfrd960 - ok 12:05:38.0717 4824 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll 12:05:38.0722 4824 NlaSvc - ok 12:05:38.0796 4824 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys 12:05:38.0799 4824 Npfs - ok 12:05:38.0830 4824 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll 12:05:38.0837 4824 nsi - ok 12:05:38.0850 4824 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys 12:05:38.0851 4824 nsiproxy - ok 12:05:38.0856 4824 NSL - ok 12:05:38.0936 4824 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys 12:05:38.0961 4824 Ntfs - ok 12:05:39.0007 4824 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys 12:05:39.0010 4824 Null - ok 12:05:39.0284 4824 [ 7328528DAF9B8A486E16595A35043DB0 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys 12:05:39.0515 4824 nvlddmkm - ok 12:05:39.0534 4824 [ 8AE5A124F3B65C3EC531D251A3E9C87F ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys 12:05:39.0535 4824 nvpciflt - ok 12:05:39.0556 4824 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys 12:05:39.0559 4824 nvraid - ok 12:05:39.0573 4824 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys 12:05:39.0576 4824 nvstor - ok 12:05:39.0617 4824 [ CEA3416907C17BB6623D9CB1E015B3C4 ] NVSvc C:\windows\system32\nvvsvc.exe 12:05:39.0629 4824 NVSvc - ok 12:05:39.0774 4824 [ 741688E5A65CC43567BCC329AE130075 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 12:05:39.0788 4824 nvUpdatusService - ok 12:05:39.0808 4824 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys 12:05:39.0811 4824 nv_agp - ok 12:05:39.0881 4824 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys 12:05:39.0884 4824 ohci1394 - ok 12:05:39.0919 4824 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 12:05:39.0923 4824 ose - ok 12:05:40.0063 4824 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E 12:05:40.0173 4824 osppsvc - ok 12:05:40.0204 4824 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll 12:05:40.0210 4824 p2pimsvc - ok 12:05:40.0236 4824 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll 12:05:40.0244 4824 p2psvc - ok 12:05:40.0261 4824 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys 12:05:40.0263 4824 Parport - ok 12:05:40.0300 4824 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys 12:05:40.0302 4824 partmgr - ok 12:05:40.0381 4824 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll 12:05:40.0390 4824 PcaSvc - ok 12:05:40.0405 4824 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys 12:05:40.0408 4824 pci - ok 12:05:40.0423 4824 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys 12:05:40.0425 4824 pciide - ok 12:05:40.0438 4824 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys 12:05:40.0441 4824 pcmcia - ok 12:05:40.0445 4824 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys 12:05:40.0446 4824 pcw - ok 12:05:40.0478 4824 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys 12:05:40.0486 4824 PEAUTH - ok 12:05:40.0603 4824 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe 12:05:40.0609 4824 PerfHost - ok 12:05:40.0675 4824 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll 12:05:40.0696 4824 pla - ok 12:05:40.0785 4824 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll 12:05:40.0802 4824 PlugPlay - ok 12:05:40.0829 4824 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll 12:05:40.0834 4824 PNRPAutoReg - ok 12:05:40.0859 4824 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll 12:05:40.0866 4824 PNRPsvc - ok 12:05:40.0952 4824 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll 12:05:40.0966 4824 PolicyAgent - ok 12:05:40.0993 4824 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll 12:05:40.0999 4824 Power - ok 12:05:41.0029 4824 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 12:05:41.0031 4824 PptpMiniport - ok 12:05:41.0114 4824 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys 12:05:41.0118 4824 Processor - ok 12:05:41.0158 4824 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll 12:05:41.0169 4824 ProfSvc - ok 12:05:41.0180 4824 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe 12:05:41.0185 4824 ProtectedStorage - ok 12:05:41.0203 4824 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys 12:05:41.0205 4824 Psched - ok 12:05:41.0311 4824 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys 12:05:41.0337 4824 ql2300 - ok 12:05:41.0355 4824 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys 12:05:41.0358 4824 ql40xx - ok 12:05:41.0396 4824 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll 12:05:41.0409 4824 QWAVE - ok 12:05:41.0435 4824 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys 12:05:41.0437 4824 QWAVEdrv - ok 12:05:41.0453 4824 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 12:05:41.0454 4824 RasAcd - ok 12:05:41.0485 4824 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys 12:05:41.0486 4824 RasAgileVpn - ok 12:05:41.0574 4824 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll 12:05:41.0583 4824 RasAuto - ok 12:05:41.0605 4824 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 12:05:41.0609 4824 Rasl2tp - ok 12:05:41.0651 4824 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll 12:05:41.0665 4824 RasMan - ok 12:05:41.0674 4824 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 12:05:41.0678 4824 RasPppoe - ok 12:05:41.0688 4824 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys 12:05:41.0692 4824 RasSstp - ok 12:05:41.0711 4824 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys 12:05:41.0716 4824 rdbss - ok 12:05:41.0731 4824 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys 12:05:41.0733 4824 rdpbus - ok 12:05:41.0750 4824 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys 12:05:41.0751 4824 RDPCDD - ok 12:05:41.0769 4824 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys 12:05:41.0770 4824 RDPENCDD - ok 12:05:41.0780 4824 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys 12:05:41.0781 4824 RDPREFMP - ok 12:05:41.0811 4824 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys 12:05:41.0815 4824 RDPWD - ok 12:05:41.0822 4824 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys 12:05:41.0826 4824 rdyboost - ok 12:05:41.0860 4824 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll 12:05:41.0867 4824 RemoteAccess - ok 12:05:41.0959 4824 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll 12:05:41.0969 4824 RemoteRegistry - ok 12:05:42.0001 4824 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys 12:05:42.0006 4824 RFCOMM - ok 12:05:42.0013 4824 RimUsb - ok 12:05:42.0050 4824 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\windows\system32\DRIVERS\RimSerial_AMD64.sys 12:05:42.0052 4824 RimVSerPort - ok 12:05:42.0081 4824 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\windows\system32\Drivers\RootMdm.sys 12:05:42.0085 4824 ROOTMODEM - ok 12:05:42.0110 4824 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll 12:05:42.0116 4824 RpcEptMapper - ok 12:05:42.0134 4824 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe 12:05:42.0137 4824 RpcLocator - ok 12:05:42.0243 4824 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll 12:05:42.0258 4824 RpcSs - ok 12:05:42.0271 4824 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys 12:05:42.0273 4824 rspndr - ok 12:05:42.0310 4824 [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys 12:05:42.0314 4824 RTL8167 - ok 12:05:42.0357 4824 [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport C:\windows\SysWOW64\drivers\rtport.sys 12:05:42.0360 4824 rtport - ok 12:05:42.0398 4824 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\windows\system32\Drivers\SABI.sys 12:05:42.0399 4824 SABI - ok 12:05:42.0411 4824 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe 12:05:42.0415 4824 SamSs - ok 12:05:42.0498 4824 [ D641337B75B9A9D5AE10687AA1097755 ] Samsung UPD Service C:\windows\System32\SUPDSvc.exe 12:05:42.0510 4824 Samsung UPD Service - ok 12:05:42.0545 4824 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys 12:05:42.0548 4824 sbp2port - ok 12:05:42.0577 4824 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll 12:05:42.0585 4824 SCardSvr - ok 12:05:42.0646 4824 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys 12:05:42.0649 4824 scfilter - ok 12:05:42.0683 4824 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll 12:05:42.0705 4824 Schedule - ok 12:05:42.0738 4824 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll 12:05:42.0739 4824 SCPolicySvc - ok 12:05:42.0817 4824 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll 12:05:42.0827 4824 SDRSVC - ok 12:05:42.0859 4824 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys 12:05:42.0861 4824 secdrv - ok 12:05:42.0880 4824 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll 12:05:42.0889 4824 seclogon - ok 12:05:42.0905 4824 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll 12:05:42.0910 4824 SENS - ok 12:05:42.0932 4824 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll 12:05:42.0937 4824 SensrSvc - ok 12:05:42.0957 4824 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys 12:05:42.0959 4824 Serenum - ok 12:05:42.0981 4824 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys 12:05:42.0984 4824 Serial - ok 12:05:42.0989 4824 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys 12:05:42.0991 4824 sermouse - ok 12:05:43.0018 4824 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll 12:05:43.0022 4824 SessionEnv - ok 12:05:43.0026 4824 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys 12:05:43.0027 4824 sffdisk - ok 12:05:43.0031 4824 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys 12:05:43.0033 4824 sffp_mmc - ok 12:05:43.0036 4824 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys 12:05:43.0038 4824 sffp_sd - ok 12:05:43.0041 4824 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys 12:05:43.0043 4824 sfloppy - ok 12:05:43.0072 4824 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys 12:05:43.0077 4824 Sftfs - ok 12:05:43.0198 4824 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 12:05:43.0208 4824 sftlist - ok 12:05:43.0243 4824 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys 12:05:43.0249 4824 Sftplay - ok 12:05:43.0263 4824 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys 12:05:43.0265 4824 Sftredir - ok 12:05:43.0288 4824 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys 12:05:43.0289 4824 Sftvol - ok 12:05:43.0302 4824 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 12:05:43.0305 4824 sftvsa - ok 12:05:43.0366 4824 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll 12:05:43.0378 4824 SharedAccess - ok 12:05:43.0465 4824 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll 12:05:43.0480 4824 ShellHWDetection - ok 12:05:43.0497 4824 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys 12:05:43.0499 4824 SiSRaid2 - ok 12:05:43.0527 4824 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys 12:05:43.0529 4824 SiSRaid4 - ok 12:05:43.0607 4824 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 12:05:43.0611 4824 SkypeUpdate - ok 12:05:43.0632 4824 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys 12:05:43.0636 4824 Smb - ok 12:05:43.0660 4824 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe 12:05:43.0669 4824 SNMPTRAP - ok 12:05:43.0697 4824 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys 12:05:43.0698 4824 spldr - ok 12:05:43.0793 4824 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe 12:05:43.0811 4824 Spooler - ok 12:05:43.0916 4824 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe 12:05:43.0976 4824 sppsvc - ok 12:05:44.0012 4824 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll 12:05:44.0017 4824 sppuinotify - ok 12:05:44.0050 4824 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys 12:05:44.0056 4824 srv - ok 12:05:44.0071 4824 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys 12:05:44.0076 4824 srv2 - ok 12:05:44.0094 4824 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys 12:05:44.0097 4824 srvnet - ok 12:05:44.0127 4824 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll 12:05:44.0133 4824 SSDPSRV - ok 12:05:44.0148 4824 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll 12:05:44.0153 4824 SstpSvc - ok 12:05:44.0178 4824 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys 12:05:44.0180 4824 stexstor - ok 12:05:44.0260 4824 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys 12:05:44.0262 4824 StillCam - ok 12:05:44.0312 4824 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll 12:05:44.0332 4824 stisvc - ok 12:05:44.0344 4824 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys 12:05:44.0345 4824 swenum - ok 12:05:44.0387 4824 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll 12:05:44.0397 4824 swprv - ok 12:05:44.0492 4824 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll 12:05:44.0518 4824 SysMain - ok 12:05:44.0552 4824 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll 12:05:44.0559 4824 TabletInputService - ok 12:05:44.0621 4824 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll 12:05:44.0636 4824 TapiSrv - ok 12:05:44.0670 4824 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll 12:05:44.0680 4824 TBS - ok 12:05:44.0752 4824 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys 12:05:44.0774 4824 Tcpip - ok 12:05:44.0800 4824 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys 12:05:44.0814 4824 TCPIP6 - ok 12:05:44.0832 4824 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys 12:05:44.0833 4824 tcpipreg - ok 12:05:44.0860 4824 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys 12:05:44.0861 4824 TDPIPE - ok 12:05:44.0896 4824 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys 12:05:44.0899 4824 TDTCP - ok 12:05:44.0940 4824 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys 12:05:44.0944 4824 tdx - ok 12:05:44.0952 4824 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys 12:05:44.0955 4824 TermDD - ok 12:05:45.0000 4824 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll 12:05:45.0021 4824 TermService - ok 12:05:45.0030 4824 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll 12:05:45.0034 4824 Themes - ok 12:05:45.0049 4824 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll 12:05:45.0052 4824 THREADORDER - ok 12:05:45.0071 4824 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll 12:05:45.0076 4824 TrkWks - ok 12:05:45.0110 4824 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe 12:05:45.0112 4824 TrustedInstaller - ok 12:05:45.0182 4824 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys 12:05:45.0185 4824 tssecsrv - ok 12:05:45.0208 4824 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys 12:05:45.0212 4824 TsUsbFlt - ok 12:05:45.0236 4824 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys 12:05:45.0239 4824 TsUsbGD - ok 12:05:45.0263 4824 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys 12:05:45.0267 4824 tunnel - ok 12:05:45.0334 4824 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys 12:05:45.0337 4824 uagp35 - ok 12:05:45.0355 4824 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys 12:05:45.0364 4824 udfs - ok 12:05:45.0398 4824 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe 12:05:45.0403 4824 UI0Detect - ok 12:05:45.0407 4824 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys 12:05:45.0409 4824 uliagpkx - ok 12:05:45.0419 4824 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys 12:05:45.0421 4824 umbus - ok 12:05:45.0425 4824 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys 12:05:45.0427 4824 UmPass - ok 12:05:45.0614 4824 [ DB641944F7E4B14C13C3FEFC89843F69 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 12:05:45.0648 4824 UNS - ok 12:05:45.0685 4824 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll 12:05:45.0699 4824 upnphost - ok 12:05:45.0732 4824 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys 12:05:45.0734 4824 USBAAPL64 - ok 12:05:45.0759 4824 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys 12:05:45.0761 4824 usbccgp - ok 12:05:45.0789 4824 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys 12:05:45.0791 4824 usbcir - ok 12:05:45.0866 4824 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys 12:05:45.0869 4824 usbehci - ok 12:05:45.0893 4824 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys 12:05:45.0899 4824 usbhub - ok 12:05:45.0920 4824 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys 12:05:45.0922 4824 usbohci - ok 12:05:45.0939 4824 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys 12:05:45.0941 4824 usbprint - ok 12:05:45.0974 4824 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys 12:05:45.0976 4824 usbscan - ok 12:05:45.0989 4824 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS 12:05:45.0992 4824 USBSTOR - ok 12:05:46.0008 4824 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys 12:05:46.0010 4824 usbuhci - ok 12:05:46.0043 4824 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys 12:05:46.0047 4824 usbvideo - ok 12:05:46.0133 4824 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll 12:05:46.0142 4824 UxSms - ok 12:05:46.0161 4824 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe 12:05:46.0165 4824 VaultSvc - ok 12:05:46.0183 4824 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys 12:05:46.0184 4824 vdrvroot - ok 12:05:46.0207 4824 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe 12:05:46.0220 4824 vds - ok 12:05:46.0286 4824 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys 12:05:46.0289 4824 vga - ok 12:05:46.0311 4824 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys 12:05:46.0314 4824 VgaSave - ok 12:05:46.0337 4824 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys 12:05:46.0344 4824 vhdmp - ok 12:05:46.0359 4824 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys 12:05:46.0361 4824 viaide - ok 12:05:46.0378 4824 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys 12:05:46.0380 4824 volmgr - ok 12:05:46.0400 4824 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys 12:05:46.0406 4824 volmgrx - ok 12:05:46.0443 4824 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys 12:05:46.0448 4824 volsnap - ok 12:05:46.0465 4824 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys 12:05:46.0469 4824 vsmraid - ok 12:05:46.0584 4824 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe 12:05:46.0618 4824 VSS - ok 12:05:46.0701 4824 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe 12:05:46.0713 4824 vToolbarUpdater12.2.6 - ok 12:05:46.0732 4824 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys 12:05:46.0734 4824 vwifibus - ok 12:05:46.0763 4824 [ 13A0DECD1794DE60A8427862C8669D27 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys 12:05:46.0765 4824 vwififlt - ok 12:05:46.0801 4824 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll 12:05:46.0809 4824 W32Time - ok 12:05:46.0832 4824 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys 12:05:46.0833 4824 WacomPen - ok 12:05:46.0901 4824 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys 12:05:46.0907 4824 WANARP - ok 12:05:46.0914 4824 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys 12:05:46.0917 4824 Wanarpv6 - ok 12:05:47.0002 4824 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe 12:05:47.0028 4824 WatAdminSvc - ok 12:05:47.0091 4824 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe 12:05:47.0114 4824 wbengine - ok 12:05:47.0137 4824 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll 12:05:47.0143 4824 WbioSrvc - ok 12:05:47.0155 4824 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll 12:05:47.0163 4824 wcncsvc - ok 12:05:47.0173 4824 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll 12:05:47.0178 4824 WcsPlugInService - ok 12:05:47.0196 4824 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys 12:05:47.0197 4824 Wd - ok 12:05:47.0297 4824 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys 12:05:47.0309 4824 Wdf01000 - ok 12:05:47.0326 4824 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll 12:05:47.0332 4824 WdiServiceHost - ok 12:05:47.0336 4824 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll 12:05:47.0340 4824 WdiSystemHost - ok 12:05:47.0356 4824 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll 12:05:47.0364 4824 WebClient - ok 12:05:47.0442 4824 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll 12:05:47.0448 4824 Wecsvc - ok 12:05:47.0460 4824 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll 12:05:47.0463 4824 wercplsupport - ok 12:05:47.0478 4824 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll 12:05:47.0482 4824 WerSvc - ok 12:05:47.0495 4824 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys 12:05:47.0496 4824 WfpLwf - ok 12:05:47.0516 4824 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys 12:05:47.0517 4824 WIMMount - ok 12:05:47.0561 4824 WinDefend - ok 12:05:47.0566 4824 WinHttpAutoProxySvc - ok 12:05:47.0678 4824 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll 12:05:47.0685 4824 Winmgmt - ok 12:05:47.0754 4824 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll 12:05:47.0781 4824 WinRM - ok 12:05:47.0836 4824 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys 12:05:47.0838 4824 WinUsb - ok 12:05:47.0936 4824 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll 12:05:47.0962 4824 Wlansvc - ok 12:05:47.0982 4824 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys 12:05:47.0984 4824 WmiAcpi - ok 12:05:48.0015 4824 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe 12:05:48.0018 4824 wmiApSrv - ok 12:05:48.0101 4824 WMPNetworkSvc - ok 12:05:48.0118 4824 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll 12:05:48.0129 4824 WPCSvc - ok 12:05:48.0147 4824 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll 12:05:48.0153 4824 WPDBusEnum - ok 12:05:48.0171 4824 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys 12:05:48.0173 4824 ws2ifsl - ok 12:05:48.0249 4824 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll 12:05:48.0260 4824 wscsvc - ok 12:05:48.0268 4824 WSearch - ok 12:05:48.0367 4824 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll 12:05:48.0394 4824 wuauserv - ok 12:05:48.0434 4824 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys 12:05:48.0436 4824 WudfPf - ok 12:05:48.0450 4824 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys 12:05:48.0454 4824 WUDFRd - ok 12:05:48.0487 4824 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll 12:05:48.0493 4824 wudfsvc - ok 12:05:48.0516 4824 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll 12:05:48.0523 4824 WwanSvc - ok 12:05:48.0537 4824 ================ Scan global =============================== 12:05:48.0584 4824 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll 12:05:48.0621 4824 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll 12:05:48.0632 4824 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll 12:05:48.0663 4824 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll 12:05:48.0691 4824 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe 12:05:48.0698 4824 [Global] - ok 12:05:48.0699 4824 ================ Scan MBR ================================== 12:05:48.0712 4824 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0 12:05:48.0938 4824 \Device\Harddisk0\DR0 - ok 12:05:48.0939 4824 ================ Scan VBR ================================== 12:05:48.0942 4824 [ CF683E1DBDAD90052A1A11DE8FEE45FD ] \Device\Harddisk0\DR0\Partition1 12:05:48.0943 4824 \Device\Harddisk0\DR0\Partition1 - ok 12:05:48.0954 4824 [ 3B2C2A9BCAD7024C84B9B1710BDAEDE9 ] \Device\Harddisk0\DR0\Partition2 12:05:48.0956 4824 \Device\Harddisk0\DR0\Partition2 - ok 12:05:48.0987 4824 [ B93C97BDF2FDFD6CD0CA949F1C6112FE ] \Device\Harddisk0\DR0\Partition3 12:05:48.0990 4824 \Device\Harddisk0\DR0\Partition3 - ok 12:05:48.0991 4824 ================================================== ========== 12:05:48.0991 4824 Scan finished 12:05:48.0991 4824 ================================================== ========== 12:05:49.0010 4400 Detected object count: 0 12:05:49.0010 4400 Actual detected object count: 0 12:06:37.0439 5464 Deinitialize success
|
|
#12
January 6th, 2013, 01:26 PM
|
|||
|
|||
|
RogueKiller V8.4.2 [Jan 6 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : hank [Admin rights] Mode : Scan -- Date : 01/06/2013 12:25:22 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND [TASK][ROGUE ST] 4599 : wscript.exe C:\Users\hank\AppData\Local\Temp\launchie.vbs //B -> FOUND [TASK][SUSP PATH] VisualBeeRecovery : C:\Users\hank\AppData\Local\VisualBeeExe\VisualBee Recovery.exe /s -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST500LM012 HN-M500MBB +++++ --- User --- [MBR] 3de4fa2baa490802165839dccee7ea29 [BSP] 3b160a79ba9ff0b6cfafb6ecf0e0173e : KIWI Image system MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 181248 Mo 2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 371402752 | Size: 271568 Mo 3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 927574016 | Size: 24023 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_S_01062013_02d1225.txt >> RKreport[1]_S_01062013_02d1221.txt ; RKreport[2]_S_01062013_02d1225.txt
|
|
#13
January 6th, 2013, 11:02 PM
|
||||
|
||||
|
Nothing in TDSSKiller.
Run RogueKiller again. •Please quit all programs •Run RogueKiller •Wait until the Prescan finishes •Press: Scan •On the RogueKiller console, click the Registry tab. •Make sure the entries there are checked. •Then, press the [Delete] button. Please post the RKreport (Mode: Delete) created on the Desktop. --------- ownload ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
|
|
#14
January 6th, 2013, 11:13 PM
|
|||
|
|||
|
RogueKiller V8.4.2 [Jan 6 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : hank [Admin rights] Mode : Remove -- Date : 01/06/2013 22:11:38 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤ [TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> DELETED [TASK][ROGUE ST] 4599 : wscript.exe C:\Users\hank\AppData\Local\Temp\launchie.vbs //B -> DELETED [TASK][SUSP PATH] VisualBeeRecovery : C:\Users\hank\AppData\Local\VisualBeeExe\VisualBee Recovery.exe /s -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST500LM012 HN-M500MBB +++++ --- User --- [MBR] 3de4fa2baa490802165839dccee7ea29 [BSP] 3b160a79ba9ff0b6cfafb6ecf0e0173e : KIWI Image system MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 181248 Mo 2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 371402752 | Size: 271568 Mo 3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 927574016 | Size: 24023 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_01062013_02d2211.txt >> RKreport[1]_S_01062013_02d2209.txt ; RKreport[2]_D_01062013_02d2211.txt
|
|
#15
January 6th, 2013, 11:29 PM
|
|||
|
|||
|
ComboFix 13-01-05.01 - hank 06/01/2013 22:17:12.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4010.2677 [GMT 0:00] Running from: c:\users\hank\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\CasinoOnNet\Unwise.exe c:\program files (x86)\Vid-Saver c:\program files (x86)\Vid-Saver\Uninstall.exe c:\program files (x86)\Vid-Saver\Vid-Saver.exe c:\program files (x86)\Vid-Saver\Vid-Saver.ico c:\program files (x86)\Vid-Saver\Vid-Saver.ini c:\program files (x86)\Vid-Saver\Vid-SaverGui.exe c:\program files (x86)\Vid-Saver\Vid-SaverInstaller.log c:\users\hank\AppData\Local\Vid-Saver c:\users\hank\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx . . ((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 ))))))))))))))))))))))))))))))) . . 2013-01-05 19:47 . 2013-01-06 22:25 -------- d-----w- c:\program files (x86)\CasinoOnNet 2013-01-04 10:25 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EAA178D-3147-419A-A55F-5C4959C5C02F}\mpengine.dll 2013-01-02 22:48 . 2013-01-02 22:48 -------- d-----w- c:\programdata\Browser Manager 2013-01-02 20:50 . 2013-01-02 20:50 -------- d-----w- c:\users\hank\AppData\Roaming\TFP 2013-01-02 20:50 . 2012-05-11 15:47 32768 ----a-w- c:\windows\SysWow64\CMDLGFR.DLL 2013-01-02 20:50 . 2012-05-11 15:47 152848 ----a-w- c:\windows\SysWow64\COMDLG32.OCX 2013-01-02 20:50 . 2012-05-11 15:47 141312 ----a-w- c:\windows\SysWow64\MSCMCFR.DLL 2013-01-02 20:50 . 2012-05-11 15:47 119568 ----a-w- c:\windows\SysWow64\VB6FR.DLL 2013-01-02 20:50 . 2012-05-11 15:47 101888 ----a-w- c:\windows\SysWow64\VB6STKIT.DLL 2013-01-02 20:50 . 2013-01-02 20:54 -------- d-----w- c:\users\hank\AppData\Local\Torch 2013-01-02 12:42 . 2012-10-30 22:51 132864 ----a-w- c:\windows\system32\drivers\aswFW.sys 2013-01-02 12:42 . 2012-10-30 22:51 262656 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2013-01-02 12:42 . 2012-09-21 09:26 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys 2013-01-01 19:57 . 2013-01-01 20:16 -------- d-----w- c:\users\hank\AppData\Roaming\CasinoOnNet 2012-12-22 10:05 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-22 10:05 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-22 10:05 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-22 10:05 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-18 11:38 . 2012-12-18 11:38 -------- d-----w- c:\program files (x86)\Lavasoft 2012-12-18 11:38 . 2012-12-18 11:38 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2012-12-18 11:35 . 2005-08-25 19:18 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL 2012-12-13 18:22 . 2012-11-14 07:06 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-12-13 18:22 . 2012-11-14 06:32 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-12-12 15:32 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-12 15:32 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-12-08 13:01 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-12-08 13:01 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-12-08 13:01 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-12-08 13:01 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-12-08 13:01 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-12-08 13:01 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-12-08 13:01 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr 2012-12-08 13:01 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2012-12-13 18:26 . 2012-07-29 14:54 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-11 21:50 . 2012-05-02 16:23 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-11 21:50 . 2012-05-02 16:23 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-17 10:09 . 2012-11-17 10:09 0 ----a-w- c:\windows\SysWow64\shoB5A4.tmp 2012-10-30 22:51 . 2012-08-21 10:31 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-10-30 22:50 . 2012-07-21 20:09 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-26 15:51 . 2012-10-26 15:51 74703 ----a-w- c:\windows\SysWow64\mfc45.dll 2012-10-18 12:16 . 2012-10-18 12:16 388096 ----a-r- c:\users\hank\AppData\Roaming\Microsoft\Installer\ {45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-10-16 08:38 . 2012-11-27 19:16 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 19:16 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-27 19:16 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 18:17 . 2012-11-16 11:10 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-16 11:10 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-16 11:10 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-16 11:10 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2012-04-28 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run] "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice] @="Service" . R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-04-21 294912] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfi lter.sys [2011-07-06 289704] R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-27 1255736] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-09-21 12368] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGI DSEH.Sys [2011-07-11 26704] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpc iflt.sys [2011-03-07 25960] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NSTx64\0200000 .010\ccSetx64.sys [2011-08-08 167048] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824] S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2012-10-30 71600] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-10-30 133912] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664] S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-05-05 2656536] S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\pro gram files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-08-27 722528] S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-04-21 294912] S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-05-19 53248] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.s ys [2011-07-19 282624] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-08-17 31216] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024] S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\ iBtFltCoex.sys [2011-07-19 59904] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sy s [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftpla ylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftr edirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh .sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . Contents of the 'Scheduled Tasks' folder . 2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2012-05-02 21:50] . 2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-28 11:11] . 2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-28 11:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.co.uk/ uDefault_Search_URL = mDefault_Search_URL = mStart Page = mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = mSearch Bar = mSearchAssistant = IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file) URLSearchHooks-{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file) Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file) WebBrowser-{3BBD3C14-4C16-4989-8366-95BC9179779D} - (no file) WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file) WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe AddRemove-888casino - c:\progra~2\CASINO~1\UNWISE.EXE AddRemove-Vid-Saver - c:\program files (x86)\Vid-Saver\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\N SL] "ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macrome d\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUt il64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PC W\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-06 22:28:44 ComboFix-quarantined-files.txt 2013-01-06 22:28 . Pre-Run: 114,993,381,376 bytes free Post-Run: 114,715,279,360 bytes free . - - End Of File - - B1C6199EBD3C6B850CF12060B357FF57
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| Systems check...good, internet check- unable to connect | KDAWG650 | Networking | 8 | November 2nd, 2005 04:50 AM |
| Please check my HJT log | Crissy | Malware Removal | 6 | May 13th, 2005 12:03 AM |
| Just a check plz check asap think i might have to fix something | Meangean | Malware Removal | 4 | April 29th, 2004 09:36 PM |
| Health Check... plz check asap... | Meangean | Malware Removal | 1 | February 12th, 2004 03:40 AM |
All times are GMT +1. The time now is 08:13 AM.