Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all! We have been experiencing an issue on site where threads have been missing the latest postings. The platform host Vanilla are working on this issue. A workaround that has been used by some is to navigate back from 1 to 10+ pages to re-sync the thread and this will then show the latest posts. Thanks, Mike.
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
Trojan found - please help
-
31-12-2013 2:48amHi Jsa112,
I would appreciate VERY MUCH if you could help me to remove viruses from my laptop.
It is old and I should buy a new one, but it will take a while...
It is slow and Firefox keeps crashing (Flash plug in problem) + last week it shows odd date time on start up.
Yesterday, AVG detected Trojan and I run Malwarebytes which removed it.
I did it twice as first time I only removed Trojan, next time I removed all.
Today I run it again and another Trojan was found, which I removed.
I am posting you all 3 logs in the next 3 posts.
I see that someone with the same problem run OTL so I run it as well. I just downloaded it and click "Run Scan" - logs are in the 4th and 5th post.
Thank you so much in advance.0
Comments
-
Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org/
Database version: v2013.12.29.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Laptop :: LAPTOP-PC [administrator]
30/12/2013 23:34:49
mbam-log-2013-12-30 (23-34-49).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210112
Time elapsed: 43 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hemxccapeaj.exe (Trojan.VBInject) -> Delete on reboot.
(end)0 -
Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org/
Database version: v2013.12.29.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Laptop :: LAPTOP-PC [administrator]
30/12/2013 02:08:01
mbam-log-2013-12-30 (02-08-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208333
Time elapsed: 16 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 12
HKCR\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\PriceFactorIE.PriceGongBHO.1 (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\PriceFactorIE.PriceGongBHO (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\PriceGongIE.PriceGongCtrl.1 (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\PriceGongIE.PriceGongCtrl (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\AppID\PriceGongIE.DLL (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
(end)0 -
Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org/
Database version: v2013.12.29.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Laptop :: LAPTOP-PC [administrator]
30/12/2013 00:17:50
mbam-log-2013-12-30 (00-17-50).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206092
Time elapsed: 31 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PUP.Optional.PriceGong.A) -> No action taken.
Registry Keys Detected: 12
HKCR\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} (PUP.Optional.PriceGong.A) -> No action taken.
HKCR\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71} (PUP.Optional.PriceGong.A) -> No action taken.
HKCR\CLSID\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> No action taken.
HKCR\PriceFactorIE.PriceGongBHO.1 (PUP.Optional.PriceGong.A) -> No action taken.
HKCR\PriceFactorIE.PriceGongBHO (PUP.Optional.PriceGong.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> No action taken.
HKCR\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB} (PUP.Optional.PriceGong.A) -> No action taken.
HKCR\PriceGongIE.PriceGongCtrl.1 (PUP.Optional.PriceGong.A) -> No action taken.
HKCR\PriceGongIE.PriceGongCtrl (PUP.Optional.PriceGong.A) -> No action taken.
HKCR\AppID\PriceGongIE.DLL (PUP.Optional.PriceGong.A) -> No action taken.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)0 -
OTL logfile created on: 31/12/2013 00:56:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laptop\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
984.18 Mb Total Physical Memory | 287.48 Mb Available Physical Memory | 29.21% Memory free
2.18 Gb Paging File | 0.83 Gb Available in Paging File | 37.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.31 Gb Total Space | 80.28 Gb Free Space | 58.04% Space Free | Partition Type: NTFS
Drive | 25.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive S: | 1.46 Gb Total Space | 1.30 Gb Free Space | 88.83% Space Free | Partition Type: NTFS
Computer Name: LAPTOP-PC | User Name: Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/12/30 23:14:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Laptop\Downloads\OTL.exe
PRC - [2013/12/15 21:20:57 | 002,471,448 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/12/15 21:20:56 | 001,771,544 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
PRC - [2013/12/15 21:20:56 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
PRC - [2013/11/18 21:59:36 | 000,590,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013/10/28 23:24:02 | 000,729,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2013/10/28 23:17:36 | 000,892,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/06/06 21:06:35 | 000,114,688 | ---- | M] () -- C:\Program Files\Broadband to go\Broadband to go.exe
PRC - [2010/11/16 13:37:38 | 000,264,704 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2010/11/16 13:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010/07/12 20:47:40 | 000,098,304 | ---- | M] () -- C:\Program Files\Mobilni Internet\ModemListener.exe
PRC - [2010/06/17 16:09:02 | 000,040,960 | ---- | M] () -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/13 12:06:44 | 000,414,720 | ---- | M] (ODM) -- C:\Program Files\OEM\OSD_1.2\osd.exe
PRC - [2008/05/07 16:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/22 08:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) -- C:\Program Files\OEM\OSD_1.2\OsdService.exe
PRC - [2007/11/28 15:43:08 | 000,042,824 | ---- | M] () -- C:\Program Files\Spare Messaging\MessagingApp.exe
========== Modules (No Company Name) ==========
MOD - [2013/12/15 21:20:57 | 002,471,448 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/12/15 21:20:57 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\log4cplusU.dll
MOD - [2013/10/19 02:26:18 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
MOD - [2013/08/15 20:02:40 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/08/15 19:58:55 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/11 19:42:34 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2013/06/06 21:06:35 | 000,114,688 | ---- | M] () -- C:\Program Files\Broadband to go\Broadband to go.exe
MOD - [2010/07/12 20:47:40 | 000,098,304 | ---- | M] () -- C:\Program Files\Mobilni Internet\ModemListener.exe
MOD - [2009/04/15 09:32:22 | 000,135,168 | ---- | M] () -- C:\Program Files\Broadband to go\LocaleMgrPlugin.dll
MOD - [2009/04/15 09:31:30 | 000,159,744 | ---- | M] () -- C:\Program Files\Broadband to go\SMSPlugin.dll
MOD - [2009/04/15 09:30:10 | 000,032,768 | ---- | M] () -- C:\Program Files\Broadband to go\NotifyServicePlugin.dll
MOD - [2009/04/15 09:26:14 | 000,057,344 | ---- | M] () -- C:\Program Files\Broadband to go\ConfigFilePlugin.dll
MOD - [2009/04/15 09:24:16 | 000,098,304 | ---- | M] () -- C:\Program Files\Broadband to go\DeviceMgrPlugin.dll
MOD - [2009/04/15 09:20:46 | 000,118,784 | ---- | M] () -- C:\Program Files\Broadband to go\NetInfoPlugin.dll
MOD - [2009/04/15 09:17:36 | 000,086,016 | ---- | M] () -- C:\Program Files\Broadband to go\DialUpPlugin.dll
MOD - [2009/04/15 09:16:22 | 000,159,744 | ---- | M] () -- C:\Program Files\Broadband to go\DeviceMgrUIPlugin.dll
MOD - [2009/04/15 09:06:26 | 000,856,064 | ---- | M] () -- C:\Program Files\Broadband to go\NDISAPI.dll
MOD - [2008/11/08 14:15:44 | 000,061,440 | ---- | M] () -- C:\Program Files\Broadband to go\XCodec.dll
MOD - [2008/11/08 14:15:40 | 000,061,440 | ---- | M] () -- C:\Program Files\Broadband to go\DeviceOperate.dll
MOD - [2008/11/08 14:15:34 | 000,151,552 | ---- | M] () -- C:\Program Files\Broadband to go\DetectDev.dll
MOD - [2008/11/08 14:15:28 | 000,552,960 | ---- | M] () -- C:\Program Files\Broadband to go\atcomm.dll
MOD - [2007/11/28 15:43:08 | 000,042,824 | ---- | M] () -- C:\Program Files\Spare Messaging\MessagingApp.exe
MOD - [2007/08/23 15:39:30 | 000,014,848 | ---- | M] () -- C:\Program Files\Broadband to go\isaputrace.dll
MOD - [2007/07/31 14:50:04 | 000,090,112 | ---- | M] () -- C:\Program Files\Broadband to go\FileManager.dll
========== Services (SafeList) ==========
SRV - [2013/12/21 01:26:09 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/15 21:20:56 | 001,771,544 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe -- (vToolbarUpdater17.2.0)
SRV - [2013/12/10 22:11:05 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/02/28 17:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/11/16 13:37:38 | 000,264,704 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010/06/17 16:09:02 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe -- (DeviceManager)
SRV - [2008/02/22 08:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) [Auto | Running] -- C:\Program Files\OEM\OSD_1.2\OsdService.exe -- (OsdService)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swumx20.sys -- (SWUMX20)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - [2013/11/10 14:41:57 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/11/05 21:50:48 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/11/04 21:57:30 | 000,209,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/10/31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/10/31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/10/24 22:28:32 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/10/01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/09/17 00:57:26 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/01 15:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/01/13 10:54:18 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2011/01/13 10:54:16 | 000,089,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/01/13 10:54:16 | 000,073,344 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/01/13 10:54:16 | 000,064,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2010/07/27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/06/17 16:09:00 | 000,103,552 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcusbser.sys -- (qcusbser)
DRV - [2009/07/22 16:44:18 | 000,148,992 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumxa3.sys -- (SWUMXA3)
DRV - [2009/07/22 16:44:04 | 000,197,504 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV - [2009/02/17 19:38:12 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2008/12/30 10:57:54 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008/12/13 10:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/07/15 08:20:24 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/07/10 10:36:06 | 000,331,776 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2008/05/21 16:46:48 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\directport.sys -- (GpdDevDPort)
DRV - [2008/05/02 13:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/22 18:06:56 | 000,008,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\kbfiltr.sys -- (GpdKbFilter)
DRV - [2008/01/21 02:23:26 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2007/08/23 10:22:08 | 001,201,312 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.askaboutmoney.com/forum [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4186E915-6684-410A-A99C-66AF1C7C2FBF}: "URL" = http://search.avg.com/?d=4e04ea29&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGI_en-GBIE398
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={67DB2C4F-1BD0-4C23-B6F8-F82FB2E5F196}&mid=358a021a42c7445281ced87b11c35f73-3be0ba691d70878c46ba264f8cdaedd3a1cfb76e&lang=en&ds=AVG&pr=fr&d=2013-09-25 22:48:34&v=15.4.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledAddons: %7Bda8bd68d-8e90-41cd-8345-a71b294e72e6%7D:2.0.16.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5 [2013/05/21 00:13:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/21 01:25:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2010/12/18 23:40:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/21 01:25:35 | 000,000,000 | ---D | M]
[2010/12/27 20:07:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Extensions
[2013/11/05 01:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions
[2011/04/06 19:47:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/08/15 20:57:51 | 000,380,223 | ---- | M] () (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions\izer@camelcamelcamel.com.xpi
[2013/11/05 01:45:22 | 000,454,725 | ---- | M] () (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi
[2013/12/21 01:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/21 01:25:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/21 01:25:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/12/21 01:25:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/12/21 01:25:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/12/21 01:25:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/12/21 01:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/21 01:25:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/21 01:26:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/24 20:44:11 | 000,003,715 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Skype Click to Call = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
CHR - Extension: AVG Secure Search = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
CHR - Extension: AVG Secure Search = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak
CHR - Extension: Google Wallet = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ModemListener] C:\Program Files\Mobilni Internet\ModemListener.exe ()
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpareMessaging] C:\Program Files\Spare Messaging\MessagingApp.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: raiffeisenbank.rs ([rol] https in Trusted sites)
O16 - DPF: {73848533-39E1-49F1-9363-28054268C094} https://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll (FileInterface Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} https://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll (SecAPI Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D476B39-5E72-4B60-B1B3-51942DB45C12}: DhcpNameServer = 62.40.32.33 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CB56C1F-01D1-4F60-907E-B6CEEEAD28B3}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B69C798C-C9E4-4294-9585-642735622220}: NameServer = 212.129.64.220 212.129.64.221
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C401496D-850D-4C25-ABE5-409F1360FD22}: DhcpNameServer = 62.40.32.33 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8B8E3FA-BA28-41C2-B622-4E1C8AD58993}: DhcpNameServer = 192.168.1.1 0.0.0.0
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - \AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/03/05 00:34:52 | 000,000,047 | R--- | M] () - \AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{006cfe0c-9fd5-11e0-af22-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{006cfe0c-9fd5-11e0-af22-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{006cfe17-9fd5-11e0-af22-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{006cfe17-9fd5-11e0-af22-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{00d35687-ca62-11df-b236-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{00d35687-ca62-11df-b236-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{026fa62d-b753-11e2-9a2b-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{026fa62d-b753-11e2-9a2b-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{02ff6508-1eb0-11e0-ac9f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{02ff6508-1eb0-11e0-ac9f-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{02ff6514-1eb0-11e0-ac9f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{02ff6514-1eb0-11e0-ac9f-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{02ff651e-1eb0-11e0-ac9f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{02ff651e-1eb0-11e0-ac9f-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0695f0e8-6491-11e0-9ebf-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0695f0e8-6491-11e0-9ebf-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0695f0f4-6491-11e0-9ebf-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0695f0f4-6491-11e0-9ebf-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0695f100-6491-11e0-9ebf-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0695f100-6491-11e0-9ebf-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0939b2a7-1ea5-11e0-bf25-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0939b2a7-1ea5-11e0-bf25-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0a2267a0-03ee-11e1-a00d-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0a2267a0-03ee-11e1-a00d-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0a2267af-03ee-11e1-a00d-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{0a2267af-03ee-11e1-a00d-001e101fabdd}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0a2267ba-03ee-11e1-a00d-001e101faa49}\Shell - "" = AutoRun
O33 - MountPoints2\{0a2267ba-03ee-11e1-a00d-001e101faa49}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0eec8f52-6489-11e0-aa1e-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0eec8f52-6489-11e0-aa1e-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0eec8f68-6489-11e0-aa1e-001e101f3315}\Shell - "" = AutoRun
O33 - MountPoints2\{0eec8f68-6489-11e0-aa1e-001e101f3315}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0eec8f72-6489-11e0-aa1e-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0eec8f72-6489-11e0-aa1e-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{242ead3e-c14d-11e0-8d03-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{242ead3e-c14d-11e0-8d03-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2539b887-1e99-11e0-8ac3-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{2539b887-1e99-11e0-8ac3-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2539b894-1e99-11e0-8ac3-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{2539b894-1e99-11e0-8ac3-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{38a8b4be-648f-11e0-8efe-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{38a8b4be-648f-11e0-8efe-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{3b537968-648c-11e0-aa37-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{3b537968-648c-11e0-aa37-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{465ac59f-03f8-11e1-a3d7-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{465ac59f-03f8-11e1-a3d7-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\Shell - "" = AutoRun
O33 - MountPoints2\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{466348ce-2e4a-11e0-bee8-001e101faa49}\Shell - "" = AutoRun
O33 - MountPoints2\{466348ce-2e4a-11e0-bee8-001e101faa49}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{466348e9-2e4a-11e0-bee8-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{466348e9-2e4a-11e0-bee8-001e101fabdd}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{481150ce-f174-11e1-bd4f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{481150ce-f174-11e1-bd4f-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{499a301b-1ea7-11e0-a36d-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{499a301b-1ea7-11e0-a36d-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{499a3028-1ea7-11e0-a36d-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{499a3028-1ea7-11e0-a36d-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4f0b1204-b756-11e2-9325-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{4f0b1204-b756-11e2-9325-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4f0b1211-b756-11e2-9325-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{4f0b1211-b756-11e2-9325-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{69c5f11b-1e9f-11e0-868b-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{69c5f11b-1e9f-11e0-868b-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{69c5f12a-1e9f-11e0-868b-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{69c5f12a-1e9f-11e0-868b-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{69c5f13e-1e9f-11e0-868b-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{69c5f13e-1e9f-11e0-868b-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6d5406ec-19cd-11e0-b0f2-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{6d5406ec-19cd-11e0-b0f2-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6f33813a-d847-11df-95d3-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{6f33813a-d847-11df-95d3-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{76c69f10-f14f-11e1-acaa-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{76c69f10-f14f-11e1-acaa-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7b1b5a08-1eb3-11e0-983e-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{7b1b5a08-1eb3-11e0-983e-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7b1b5a12-1eb3-11e0-983e-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{7b1b5a12-1eb3-11e0-983e-00030db35011}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7c58bfa6-b758-11e2-ab1c-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{7c58bfa6-b758-11e2-ab1c-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7fde9661-f508-11e0-91fb-001e101f9ae7}\Shell - "" = AutoRun
O33 - MountPoints2\{7fde9661-f508-11e0-91fb-001e101f9ae7}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8520ea88-ceea-11e2-afd9-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{8520ea88-ceea-11e2-afd9-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{886c06e8-ceed-11e2-8c5f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{886c06e8-ceed-11e2-8c5f-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8e96057f-c733-11df-b684-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{8e96057f-c733-11df-b684-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8e96059c-c733-11df-b684-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{8e96059c-c733-11df-b684-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9546dc9b-1e9b-11e0-a353-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{9546dc9b-1e9b-11e0-a353-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9d6fdf07-b75d-11e2-837a-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{9d6fdf07-b75d-11e2-837a-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a0f44d0c-c6fb-11df-9e95-00030db35011}\Shell\AutoRun\command - "" = \Installer.exe
O33 - MountPoints2\{a9206c55-d7e6-11df-906a-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{a9206c55-d7e6-11df-906a-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a97e906d-f16b-11e1-b698-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{a97e906d-f16b-11e1-b698-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a97e9089-f16b-11e1-b698-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{a97e9089-f16b-11e1-b698-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ae939764-ca5f-11df-8d58-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{ae939764-ca5f-11df-8d58-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{b65bfd26-1e9c-11e0-8f17-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{b65bfd26-1e9c-11e0-8f17-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c68188af-898b-11e0-a223-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{c68188af-898b-11e0-a223-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{cd53c7fd-219e-11e0-b785-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{cd53c7fd-219e-11e0-b785-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ced015f1-c815-11df-9386-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{ced015f1-c815-11df-9386-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ced01605-c815-11df-9386-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{ced01605-c815-11df-9386-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{cf18804f-1ea1-11e0-873f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{cf18804f-1ea1-11e0-873f-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{cf188061-1ea1-11e0-873f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{cf188061-1ea1-11e0-873f-00030db35011}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d31bb189-20a9-11e0-a59d-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{d31bb189-20a9-11e0-a59d-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d950778e-b750-11e2-a81a-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{d950778e-b750-11e2-a81a-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d9507797-b750-11e2-a81a-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{d9507797-b750-11e2-a81a-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d981389f-a741-11e0-a149-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{d981389f-a741-11e0-a149-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{daa3ba7c-2336-11e0-968f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{daa3ba7c-2336-11e0-968f-00030db35011}\Shell\AutoRun\command - "" = \WIN\setup.exe
O33 - MountPoints2\{dbb9899d-c12f-11e0-826b-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{dbb9899d-c12f-11e0-826b-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dbe69002-c2bb-11e0-94fd-001e101f534f}\Shell - "" = AutoRun
O33 - MountPoints2\{dbe69002-c2bb-11e0-94fd-001e101f534f}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\Shell - "" = AutoRun
O33 - MountPoints2\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dbe6901b-c2bb-11e0-94fd-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{dbe6901b-c2bb-11e0-94fd-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dbfb9308-4c41-11e1-b324-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{dbfb9308-4c41-11e1-b324-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\Shell - "" = AutoRun
O33 - MountPoints2\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dd25831f-03f4-11e1-adaa-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{dd25831f-03f4-11e1-adaa-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e78bb380-03df-11e1-ad9a-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{e78bb380-03df-11e1-ad9a-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\Shell - "" = AutoRun
O33 - MountPoints2\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{eb6aa39f-03e2-11e1-b34b-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{eb6aa39f-03e2-11e1-b34b-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{eca2cd20-03f0-11e1-93d0-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{eca2cd20-03f0-11e1-93d0-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\Shell - "" = AutoRun
O33 - MountPoints2\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ef7630be-c1f4-11e0-93bd-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{ef7630be-c1f4-11e0-93bd-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f3e878bf-7c08-11e0-97ef-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{f3e878bf-7c08-11e0-97ef-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{fff0d77f-9853-11e0-ac68-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{fff0d77f-9853-11e0-ac68-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/12/30 19:06:12 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\dumps
[2013/12/29 13:03:54 | 000,255,070 | ---- | C] (Flash ) -- C:\Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe
[2013/12/21 01:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/12 02:37:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/12/12 02:37:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/12/12 02:37:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/12/12 02:37:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/12/12 02:37:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/12/12 02:37:39 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/12/12 02:37:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/12/12 02:37:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/12/12 00:33:05 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2013/12/12 00:33:02 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013/12/12 00:33:01 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2013/12/12 00:32:46 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013/12/12 00:32:43 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2013/12/12 00:31:47 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/12/10 10:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2010/11/21 01:03:13 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Laptop\mbam-setup-1.46.exe
[2010/10/04 00:38:21 | 141,707,952 | ---- | C] (AVG Technologies) -- C:\Users\Laptop\avg_free_x86_all_2011_1120a3152.exe
[2010/10/04 00:29:57 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Laptop\avgremover.exe
[2010/09/30 00:17:30 | 001,187,896 | ---- | C] (Piriform Ltd) -- C:\Users\Laptop\ccsetup236.exe
[2010/09/28 23:31:05 | 014,951,776 | ---- | C] (Microsoft Corporation) -- C:\Users\Laptop\word2007-kb974631-fullfile-x86-glb.exe
[2010/09/28 23:04:57 | 019,075,976 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Laptop\SkypeSetupFull.exe
========== Files - Modified Within 30 Days ==========
[2013/12/31 01:05:10 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/31 00:35:20 | 000,634,494 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/31 00:35:20 | 000,120,782 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/31 00:27:42 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/31 00:27:40 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/31 00:27:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/31 00:26:54 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/12/31 00:26:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/31 00:25:42 | 1032,740,864 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/31 00:17:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/30 00:13:30 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/29 13:03:56 | 000,255,070 | ---- | M] (Flash ) -- C:\Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe
[2013/12/29 03:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\RegSERVO.job
[2013/12/10 22:10:48 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/12/10 22:10:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/12/05 21:37:36 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
========== Files Created - No Company Name ==========
[2013/12/30 00:13:30 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/21 00:08:19 | 000,003,714 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2011/07/18 19:53:39 | 000,000,000 | ---- | C] () -- C:\Users\Laptop\AppData\Local\{BB5C1344-8CEB-4AEB-97D3-4FB026A34D40}
[2011/06/23 22:41:55 | 001,529,005 | ---- | C] () -- C:\Users\Laptop\AVGInstLog.cab
[2011/06/09 23:51:11 | 000,000,000 | ---- | C] () -- C:\Users\Laptop\AppData\Local\{DBE900B0-FC28-482C-AE85-F8BD909E858D}
[2010/10/24 22:34:24 | 104,347,466 | ---- | C] () -- C:\Users\Laptop\eclipse-java-helios-SR1-win32.zip
[2010/10/05 00:02:40 | 014,501,192 | ---- | C] () -- C:\Users\Laptop\winzip145.exe
[2010/09/29 00:16:50 | 000,000,132 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\wklnhst.dat
[2010/09/29 00:14:19 | 155,184,736 | ---- | C] () -- C:\Users\Laptop\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe
[2010/09/25 16:26:23 | 000,007,680 | ---- | C] () -- C:\Users\Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >0 -
OTL Extras logfile created on: 31/12/2013 00:56:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laptop\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
984.18 Mb Total Physical Memory | 287.48 Mb Available Physical Memory | 29.21% Memory free
2.18 Gb Paging File | 0.83 Gb Available in Paging File | 37.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.31 Gb Total Space | 80.28 Gb Free Space | 58.04% Space Free | Partition Type: NTFS
Drive | 25.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive S: | 1.46 Gb Total Space | 1.30 Gb Free Space | 88.83% Space Free | Partition Type: NTFS
Computer Name: LAPTOP-PC | User Name: Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe" = C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F686817-827A-4DFA-AF19-81C36FC27388}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{21CBE05C-0319-4E98-BF8D-7AA257B69ABF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{3B4DED64-C94F-4A27-AE93-E6B38A406686}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{3F1CD20C-6E81-4B72-9349-EF848C811427}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{407DB6C9-4DE5-4804-8DA2-D5C46E7DD576}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{487AE651-B21A-48B5-B01B-E321F97B45FF}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{6CD4EEB8-1348-495A-BBB6-907A055D71D0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{766A76AB-DA30-4BAA-B1D7-1CF7AB55B77F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{767BD960-8B8B-427D-A120-43718ECE6987}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{869723A7-0311-48F2-922E-BDC165A0C557}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{8B0787E1-AEAB-4563-9194-2B344D4DF950}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{D9571F73-7711-4AAA-92A2-1904534F687F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{DE041E30-4306-4CBE-B4E4-08A233006137}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1519E84-7C12-49D0-9196-314860169A50}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{E2E90169-84D1-4678-A513-34DA0D40D0C9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{E406489E-3D9B-4953-AE88-1EADABEF257E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{F27DD36F-E1C4-4322-BDCA-33F0AD586FF8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{F28DF785-9674-49DC-BF6A-0AC26936F103}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"TCP Query User{89D4C546-14D8-42E0-9737-98B4F26665EF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{9574B267-CB2F-47DB-913D-CB4B5BC49860}C:\program files\huawei technologies\huawei umts data card\3 usb modem.exe" = protocol=6 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe |
"UDP Query User{6466B0F2-A3ED-40AB-A688-24B2EA618D90}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{815EC70A-B98E-4FDE-B45F-38DEFC6D0668}C:\program files\huawei technologies\huawei umts data card\3 usb modem.exe" = protocol=17 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 39
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{3B97ADB7-3DA1-4964-BC10-68384BA6A66F}" = AVG 2014
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}" = AVG 2014
"{4A65DAD2-E914-4923-9C2A-81B968A68CE2}" = Launch
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73289228-1853-4623-982A-EB17FF0270CA}" = OSD_1.2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C939F015-83C6-432C-B67B-0816AA0B4C17}" = Spare Messaging
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"alotToolbar" = ALOT Toolbar
"AVG" = AVG 2014
"AVG Secure Search" = AVG Security Toolbar
"Broadband to go" = Broadband to go
"CCleaner" = CCleaner
"eircom mobile broadband" = eircom mobile broadband
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Huawei Modems" = Huawei modem
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobilni Internet ALCATEL_is1" = Mobilni Internet
"Mozilla Firefox 26.0 (x86 en-GB)" = Mozilla Firefox 26.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"O2 Broadband" = O2 Broadband
"PriceGong" = PriceGong 2.1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29/12/2013 21:04:06 | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 29/12/2013 21:04:06 | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 29/12/2013 21:04:07 | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 29/12/2013 21:04:07 | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 29/12/2013 21:16:10 | Computer Name = Laptop-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16526, time stamp
0x52855173, faulting module PriceGongIE.dll, version 2.1.0.6, time stamp 0x4baf202a,
exception code 0xc0000005, fault offset 0x000129b7, process id 0x15b0, application
start time 0x01cf04fb3b642b62.
Error - 29/12/2013 22:29:30 | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10
Description =
Error - 23/04/2008 20:02:52 | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10
Description =
Error - 30/12/2013 14:59:24 | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10
Description =
Error - 30/12/2013 17:44:33 | Computer Name = Laptop-PC | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerPlugin_11_9_900_170.exe, version 11.9.900.170,
time stamp 0x529b79bf, faulting module ntdll.dll, version 6.0.6002.18881, time
stamp 0x51da3e27, exception code 0xc000070a, fault offset 0x0008adc5, process id
0x3f38, application start time 0x01cf05a7337ffb5e.
Error - 30/12/2013 20:09:49 | Computer Name = Laptop-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 26.0.0.5087 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 5a64 Start Time: 01cf05bac482419e Termination Time: 1922
Error - 30/12/2013 20:27:35 | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 02/09/2013 15:42:54 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (828.1128)
Error - 02/09/2013 15:42:54 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (828.1129)
Error - 17/09/2013 15:00:15 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (1620.1128)
Error - 17/09/2013 15:00:15 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (1620.1129)
Error - 26/09/2013 22:11:29 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (16768.1128)
Error - 26/09/2013 22:11:29 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (16768.1129)
Error - 02/10/2013 15:37:58 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (2192.1128)
Error - 02/10/2013 15:37:58 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (2192.1129)
Error - 01/11/2013 06:17:23 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (3016.1128)
Error - 01/11/2013 06:17:23 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (3016.1129)
[ System Events ]
Error - 29/12/2013 21:02:45 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 29/12/2013 21:04:16 | Computer Name = Laptop-PC | Source = DCOM | ID = 10010
Description =
Error - 29/12/2013 22:29:30 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23/04/2008 20:02:53 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 30/12/2013 14:59:24 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 30/12/2013 15:17:10 | Computer Name = Laptop-PC | Source = DCOM | ID = 10005
Description =
Error - 30/12/2013 15:17:38 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 30/12/2013 15:17:38 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 30/12/2013 20:23:26 | Computer Name = Laptop-PC | Source = DCOM | ID = 10010
Description =
Error - 30/12/2013 20:27:37 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >0 -
Advertisement
-
download and run adwcleaner
www.bleepingcomputer.com/download/adwcleaner/
post its log
open OTL copy this into the box
:OTL
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
O32 - AutoRun File - [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - \AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/03/05 00:34:52 | 000,000,047 | R--- | M] () - \AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{006cfe0c-9fd5-11e0-af22-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{006cfe0c-9fd5-11e0-af22-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{006cfe17-9fd5-11e0-af22-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{006cfe17-9fd5-11e0-af22-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{00d35687-ca62-11df-b236-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{00d35687-ca62-11df-b236-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{026fa62d-b753-11e2-9a2b-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{026fa62d-b753-11e2-9a2b-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{02ff6508-1eb0-11e0-ac9f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{02ff6508-1eb0-11e0-ac9f-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{02ff6514-1eb0-11e0-ac9f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{02ff6514-1eb0-11e0-ac9f-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{02ff651e-1eb0-11e0-ac9f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{02ff651e-1eb0-11e0-ac9f-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0695f0e8-6491-11e0-9ebf-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0695f0e8-6491-11e0-9ebf-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0695f0f4-6491-11e0-9ebf-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0695f0f4-6491-11e0-9ebf-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0695f100-6491-11e0-9ebf-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0695f100-6491-11e0-9ebf-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0939b2a7-1ea5-11e0-bf25-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0939b2a7-1ea5-11e0-bf25-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0a2267a0-03ee-11e1-a00d-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0a2267a0-03ee-11e1-a00d-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0a2267af-03ee-11e1-a00d-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{0a2267af-03ee-11e1-a00d-001e101fabdd}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0a2267ba-03ee-11e1-a00d-001e101faa49}\Shell - "" = AutoRun
O33 - MountPoints2\{0a2267ba-03ee-11e1-a00d-001e101faa49}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0eec8f52-6489-11e0-aa1e-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0eec8f52-6489-11e0-aa1e-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0eec8f68-6489-11e0-aa1e-001e101f3315}\Shell - "" = AutoRun
O33 - MountPoints2\{0eec8f68-6489-11e0-aa1e-001e101f3315}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0eec8f72-6489-11e0-aa1e-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0eec8f72-6489-11e0-aa1e-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{242ead3e-c14d-11e0-8d03-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{242ead3e-c14d-11e0-8d03-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2539b887-1e99-11e0-8ac3-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{2539b887-1e99-11e0-8ac3-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2539b894-1e99-11e0-8ac3-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{2539b894-1e99-11e0-8ac3-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{38a8b4be-648f-11e0-8efe-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{38a8b4be-648f-11e0-8efe-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{3b537968-648c-11e0-aa37-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{3b537968-648c-11e0-aa37-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{465ac59f-03f8-11e1-a3d7-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{465ac59f-03f8-11e1-a3d7-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\Shell - "" = AutoRun
O33 - MountPoints2\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{466348ce-2e4a-11e0-bee8-001e101faa49}\Shell - "" = AutoRun
O33 - MountPoints2\{466348ce-2e4a-11e0-bee8-001e101faa49}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{466348e9-2e4a-11e0-bee8-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{466348e9-2e4a-11e0-bee8-001e101fabdd}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{481150ce-f174-11e1-bd4f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{481150ce-f174-11e1-bd4f-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{499a301b-1ea7-11e0-a36d-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{499a301b-1ea7-11e0-a36d-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{499a3028-1ea7-11e0-a36d-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{499a3028-1ea7-11e0-a36d-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4f0b1204-b756-11e2-9325-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{4f0b1204-b756-11e2-9325-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4f0b1211-b756-11e2-9325-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{4f0b1211-b756-11e2-9325-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{69c5f11b-1e9f-11e0-868b-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{69c5f11b-1e9f-11e0-868b-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{69c5f12a-1e9f-11e0-868b-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{69c5f12a-1e9f-11e0-868b-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{69c5f13e-1e9f-11e0-868b-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{69c5f13e-1e9f-11e0-868b-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6d5406ec-19cd-11e0-b0f2-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{6d5406ec-19cd-11e0-b0f2-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6f33813a-d847-11df-95d3-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{6f33813a-d847-11df-95d3-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{76c69f10-f14f-11e1-acaa-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{76c69f10-f14f-11e1-acaa-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7b1b5a08-1eb3-11e0-983e-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{7b1b5a08-1eb3-11e0-983e-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7b1b5a12-1eb3-11e0-983e-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{7b1b5a12-1eb3-11e0-983e-00030db35011}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7c58bfa6-b758-11e2-ab1c-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{7c58bfa6-b758-11e2-ab1c-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7fde9661-f508-11e0-91fb-001e101f9ae7}\Shell - "" = AutoRun
O33 - MountPoints2\{7fde9661-f508-11e0-91fb-001e101f9ae7}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8520ea88-ceea-11e2-afd9-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{8520ea88-ceea-11e2-afd9-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{886c06e8-ceed-11e2-8c5f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{886c06e8-ceed-11e2-8c5f-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8e96057f-c733-11df-b684-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{8e96057f-c733-11df-b684-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8e96059c-c733-11df-b684-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{8e96059c-c733-11df-b684-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9546dc9b-1e9b-11e0-a353-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{9546dc9b-1e9b-11e0-a353-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9d6fdf07-b75d-11e2-837a-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{9d6fdf07-b75d-11e2-837a-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a0f44d0c-c6fb-11df-9e95-00030db35011}\Shell\AutoRun\command - "" = \Installer.exe
O33 - MountPoints2\{a9206c55-d7e6-11df-906a-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{a9206c55-d7e6-11df-906a-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a97e906d-f16b-11e1-b698-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{a97e906d-f16b-11e1-b698-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a97e9089-f16b-11e1-b698-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{a97e9089-f16b-11e1-b698-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ae939764-ca5f-11df-8d58-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{ae939764-ca5f-11df-8d58-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{b65bfd26-1e9c-11e0-8f17-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{b65bfd26-1e9c-11e0-8f17-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c68188af-898b-11e0-a223-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{c68188af-898b-11e0-a223-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{cd53c7fd-219e-11e0-b785-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{cd53c7fd-219e-11e0-b785-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ced015f1-c815-11df-9386-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{ced015f1-c815-11df-9386-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ced01605-c815-11df-9386-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{ced01605-c815-11df-9386-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{cf18804f-1ea1-11e0-873f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{cf18804f-1ea1-11e0-873f-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{cf188061-1ea1-11e0-873f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{cf188061-1ea1-11e0-873f-00030db35011}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d31bb189-20a9-11e0-a59d-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{d31bb189-20a9-11e0-a59d-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d950778e-b750-11e2-a81a-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{d950778e-b750-11e2-a81a-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d9507797-b750-11e2-a81a-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{d9507797-b750-11e2-a81a-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d981389f-a741-11e0-a149-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{d981389f-a741-11e0-a149-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{daa3ba7c-2336-11e0-968f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{daa3ba7c-2336-11e0-968f-00030db35011}\Shell\AutoRun\command - "" = \WIN\setup.exe
O33 - MountPoints2\{dbb9899d-c12f-11e0-826b-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{dbb9899d-c12f-11e0-826b-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dbe69002-c2bb-11e0-94fd-001e101f534f}\Shell - "" = AutoRun
O33 - MountPoints2\{dbe69002-c2bb-11e0-94fd-001e101f534f}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\Shell - "" = AutoRun
O33 - MountPoints2\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dbe6901b-c2bb-11e0-94fd-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{dbe6901b-c2bb-11e0-94fd-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dbfb9308-4c41-11e1-b324-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{dbfb9308-4c41-11e1-b324-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\Shell - "" = AutoRun
O33 - MountPoints2\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dd25831f-03f4-11e1-adaa-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{dd25831f-03f4-11e1-adaa-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e78bb380-03df-11e1-ad9a-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{e78bb380-03df-11e1-ad9a-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\Shell - "" = AutoRun
O33 - MountPoints2\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{eb6aa39f-03e2-11e1-b34b-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{eb6aa39f-03e2-11e1-b34b-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{eca2cd20-03f0-11e1-93d0-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{eca2cd20-03f0-11e1-93d0-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\Shell - "" = AutoRun
O33 - MountPoints2\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ef7630be-c1f4-11e0-93bd-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{ef7630be-c1f4-11e0-93bd-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f3e878bf-7c08-11e0-97ef-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{f3e878bf-7c08-11e0-97ef-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{fff0d77f-9853-11e0-ac68-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{fff0d77f-9853-11e0-ac68-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
[2013/12/29 13:03:54 | 000,255,070 | ---- | C] (Flash ) -- C:\Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe
[2013/12/29 13:03:56 | 000,255,070 | ---- | M] (Flash ) -- C:\Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2010/12/18 23:40:06 | 000,000,000 | ---D | M]
:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[EMPTYJAVA]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c
C:\hemxccapeaj.exe /s
C:\Program Files\PriceGong
C:\bjrwzmzisvc.exe /s
click run fix post the log it gives you0 -
Shell I first run adwcleaner and then OTL "Run Fix"? Do you need log from OTL or adwcleaner? Sorry if this is stupid question, but I am not sure if the order matters
Thank you soooo much!!!!0 -
yes do adwcleaner first then otl, then post both their logs that they give you0
-
Adw log is below (I clicked Scan, should I do Clean as well)?
I am going to run OTL now and post the log when it completes.
# AdwCleaner v3.016 - Report created 31/12/2013 at 17:23:08
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Laptop - LAPTOP-PC
# Running from : C:\Users\Laptop\Downloads\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16526
-\\ Mozilla Firefox v26.0 (en-GB)
[ File : C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\prefs.js ]
Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\preferences ]0 -
This is OTL log after restart:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ deleted successfully.
C:\Program Files\alot\bin\BHO\alotBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}\ deleted successfully.
C:\Program Files\alot\bin\alot.dll moved successfully.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
File move failed. \AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{006cfe0c-9fd5-11e0-af22-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006cfe0c-9fd5-11e0-af22-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{006cfe0c-9fd5-11e0-af22-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006cfe0c-9fd5-11e0-af22-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{006cfe17-9fd5-11e0-af22-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006cfe17-9fd5-11e0-af22-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{006cfe17-9fd5-11e0-af22-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006cfe17-9fd5-11e0-af22-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00d35687-ca62-11df-b236-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00d35687-ca62-11df-b236-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00d35687-ca62-11df-b236-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00d35687-ca62-11df-b236-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{026fa62d-b753-11e2-9a2b-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{026fa62d-b753-11e2-9a2b-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{026fa62d-b753-11e2-9a2b-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{026fa62d-b753-11e2-9a2b-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ff6508-1eb0-11e0-ac9f-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ff6508-1eb0-11e0-ac9f-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ff6508-1eb0-11e0-ac9f-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ff6508-1eb0-11e0-ac9f-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ff6514-1eb0-11e0-ac9f-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ff6514-1eb0-11e0-ac9f-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ff6514-1eb0-11e0-ac9f-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ff6514-1eb0-11e0-ac9f-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ff651e-1eb0-11e0-ac9f-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ff651e-1eb0-11e0-ac9f-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ff651e-1eb0-11e0-ac9f-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ff651e-1eb0-11e0-ac9f-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f0e8-6491-11e0-9ebf-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0695f0e8-6491-11e0-9ebf-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f0e8-6491-11e0-9ebf-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0695f0e8-6491-11e0-9ebf-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f0f4-6491-11e0-9ebf-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0695f0f4-6491-11e0-9ebf-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f0f4-6491-11e0-9ebf-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0695f0f4-6491-11e0-9ebf-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f100-6491-11e0-9ebf-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0695f100-6491-11e0-9ebf-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f100-6491-11e0-9ebf-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0695f100-6491-11e0-9ebf-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0939b2a7-1ea5-11e0-bf25-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0939b2a7-1ea5-11e0-bf25-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0939b2a7-1ea5-11e0-bf25-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0939b2a7-1ea5-11e0-bf25-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2267a0-03ee-11e1-a00d-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2267a0-03ee-11e1-a00d-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2267a0-03ee-11e1-a00d-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2267a0-03ee-11e1-a00d-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2267af-03ee-11e1-a00d-001e101fabdd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2267af-03ee-11e1-a00d-001e101fabdd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2267af-03ee-11e1-a00d-001e101fabdd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2267af-03ee-11e1-a00d-001e101fabdd}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2267ba-03ee-11e1-a00d-001e101faa49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2267ba-03ee-11e1-a00d-001e101faa49}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2267ba-03ee-11e1-a00d-001e101faa49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2267ba-03ee-11e1-a00d-001e101faa49}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f52-6489-11e0-aa1e-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f52-6489-11e0-aa1e-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f52-6489-11e0-aa1e-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f52-6489-11e0-aa1e-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f68-6489-11e0-aa1e-001e101f3315}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f68-6489-11e0-aa1e-001e101f3315}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f68-6489-11e0-aa1e-001e101f3315}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f68-6489-11e0-aa1e-001e101f3315}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f72-6489-11e0-aa1e-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f72-6489-11e0-aa1e-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f72-6489-11e0-aa1e-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f72-6489-11e0-aa1e-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{242ead3e-c14d-11e0-8d03-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{242ead3e-c14d-11e0-8d03-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{242ead3e-c14d-11e0-8d03-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{242ead3e-c14d-11e0-8d03-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2539b887-1e99-11e0-8ac3-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2539b887-1e99-11e0-8ac3-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2539b887-1e99-11e0-8ac3-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2539b887-1e99-11e0-8ac3-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2539b894-1e99-11e0-8ac3-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2539b894-1e99-11e0-8ac3-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2539b894-1e99-11e0-8ac3-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2539b894-1e99-11e0-8ac3-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a8b4be-648f-11e0-8efe-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38a8b4be-648f-11e0-8efe-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a8b4be-648f-11e0-8efe-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38a8b4be-648f-11e0-8efe-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b537968-648c-11e0-aa37-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b537968-648c-11e0-aa37-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b537968-648c-11e0-aa37-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b537968-648c-11e0-aa37-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{465ac59f-03f8-11e1-a3d7-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{465ac59f-03f8-11e1-a3d7-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{465ac59f-03f8-11e1-a3d7-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{465ac59f-03f8-11e1-a3d7-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466348ce-2e4a-11e0-bee8-001e101faa49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466348ce-2e4a-11e0-bee8-001e101faa49}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466348ce-2e4a-11e0-bee8-001e101faa49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466348ce-2e4a-11e0-bee8-001e101faa49}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466348e9-2e4a-11e0-bee8-001e101fabdd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466348e9-2e4a-11e0-bee8-001e101fabdd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466348e9-2e4a-11e0-bee8-001e101fabdd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466348e9-2e4a-11e0-bee8-001e101fabdd}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{481150ce-f174-11e1-bd4f-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{481150ce-f174-11e1-bd4f-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{481150ce-f174-11e1-bd4f-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{481150ce-f174-11e1-bd4f-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{499a301b-1ea7-11e0-a36d-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{499a301b-1ea7-11e0-a36d-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{499a301b-1ea7-11e0-a36d-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{499a301b-1ea7-11e0-a36d-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{499a3028-1ea7-11e0-a36d-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{499a3028-1ea7-11e0-a36d-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{499a3028-1ea7-11e0-a36d-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{499a3028-1ea7-11e0-a36d-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f0b1204-b756-11e2-9325-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f0b1204-b756-11e2-9325-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f0b1204-b756-11e2-9325-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f0b1204-b756-11e2-9325-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f0b1211-b756-11e2-9325-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f0b1211-b756-11e2-9325-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f0b1211-b756-11e2-9325-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f0b1211-b756-11e2-9325-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c5f11b-1e9f-11e0-868b-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c5f11b-1e9f-11e0-868b-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c5f11b-1e9f-11e0-868b-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c5f11b-1e9f-11e0-868b-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c5f12a-1e9f-11e0-868b-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c5f12a-1e9f-11e0-868b-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c5f12a-1e9f-11e0-868b-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c5f12a-1e9f-11e0-868b-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c5f13e-1e9f-11e0-868b-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c5f13e-1e9f-11e0-868b-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c5f13e-1e9f-11e0-868b-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c5f13e-1e9f-11e0-868b-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d5406ec-19cd-11e0-b0f2-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d5406ec-19cd-11e0-b0f2-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d5406ec-19cd-11e0-b0f2-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d5406ec-19cd-11e0-b0f2-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f33813a-d847-11df-95d3-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f33813a-d847-11df-95d3-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f33813a-d847-11df-95d3-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f33813a-d847-11df-95d3-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76c69f10-f14f-11e1-acaa-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76c69f10-f14f-11e1-acaa-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76c69f10-f14f-11e1-acaa-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76c69f10-f14f-11e1-acaa-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b1b5a08-1eb3-11e0-983e-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b1b5a08-1eb3-11e0-983e-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b1b5a08-1eb3-11e0-983e-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b1b5a08-1eb3-11e0-983e-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b1b5a12-1eb3-11e0-983e-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b1b5a12-1eb3-11e0-983e-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b1b5a12-1eb3-11e0-983e-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b1b5a12-1eb3-11e0-983e-00030db35011}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c58bfa6-b758-11e2-ab1c-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c58bfa6-b758-11e2-ab1c-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c58bfa6-b758-11e2-ab1c-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c58bfa6-b758-11e2-ab1c-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fde9661-f508-11e0-91fb-001e101f9ae7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fde9661-f508-11e0-91fb-001e101f9ae7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fde9661-f508-11e0-91fb-001e101f9ae7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fde9661-f508-11e0-91fb-001e101f9ae7}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8520ea88-ceea-11e2-afd9-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8520ea88-ceea-11e2-afd9-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8520ea88-ceea-11e2-afd9-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8520ea88-ceea-11e2-afd9-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{886c06e8-ceed-11e2-8c5f-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{886c06e8-ceed-11e2-8c5f-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{886c06e8-ceed-11e2-8c5f-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{886c06e8-ceed-11e2-8c5f-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e96057f-c733-11df-b684-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e96057f-c733-11df-b684-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e96057f-c733-11df-b684-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e96057f-c733-11df-b684-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e96059c-c733-11df-b684-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e96059c-c733-11df-b684-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e96059c-c733-11df-b684-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e96059c-c733-11df-b684-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9546dc9b-1e9b-11e0-a353-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9546dc9b-1e9b-11e0-a353-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9546dc9b-1e9b-11e0-a353-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9546dc9b-1e9b-11e0-a353-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d6fdf07-b75d-11e2-837a-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d6fdf07-b75d-11e2-837a-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d6fdf07-b75d-11e2-837a-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d6fdf07-b75d-11e2-837a-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0f44d0c-c6fb-11df-9e95-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0f44d0c-c6fb-11df-9e95-00030db35011}\ not found.
File \Installer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9206c55-d7e6-11df-906a-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9206c55-d7e6-11df-906a-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9206c55-d7e6-11df-906a-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9206c55-d7e6-11df-906a-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97e906d-f16b-11e1-b698-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a97e906d-f16b-11e1-b698-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97e906d-f16b-11e1-b698-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a97e906d-f16b-11e1-b698-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97e9089-f16b-11e1-b698-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a97e9089-f16b-11e1-b698-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97e9089-f16b-11e1-b698-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a97e9089-f16b-11e1-b698-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae939764-ca5f-11df-8d58-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae939764-ca5f-11df-8d58-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae939764-ca5f-11df-8d58-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae939764-ca5f-11df-8d58-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b65bfd26-1e9c-11e0-8f17-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65bfd26-1e9c-11e0-8f17-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b65bfd26-1e9c-11e0-8f17-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65bfd26-1e9c-11e0-8f17-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c68188af-898b-11e0-a223-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c68188af-898b-11e0-a223-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c68188af-898b-11e0-a223-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c68188af-898b-11e0-a223-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd53c7fd-219e-11e0-b785-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd53c7fd-219e-11e0-b785-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd53c7fd-219e-11e0-b785-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd53c7fd-219e-11e0-b785-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ced015f1-c815-11df-9386-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ced015f1-c815-11df-9386-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ced015f1-c815-11df-9386-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ced015f1-c815-11df-9386-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ced01605-c815-11df-9386-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ced01605-c815-11df-9386-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ced01605-c815-11df-9386-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ced01605-c815-11df-9386-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf18804f-1ea1-11e0-873f-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf18804f-1ea1-11e0-873f-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf18804f-1ea1-11e0-873f-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf18804f-1ea1-11e0-873f-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf188061-1ea1-11e0-873f-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf188061-1ea1-11e0-873f-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf188061-1ea1-11e0-873f-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf188061-1ea1-11e0-873f-00030db35011}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d31bb189-20a9-11e0-a59d-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d31bb189-20a9-11e0-a59d-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d31bb189-20a9-11e0-a59d-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d31bb189-20a9-11e0-a59d-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d950778e-b750-11e2-a81a-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d950778e-b750-11e2-a81a-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d950778e-b750-11e2-a81a-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d950778e-b750-11e2-a81a-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9507797-b750-11e2-a81a-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9507797-b750-11e2-a81a-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9507797-b750-11e2-a81a-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9507797-b750-11e2-a81a-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d981389f-a741-11e0-a149-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d981389f-a741-11e0-a149-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d981389f-a741-11e0-a149-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d981389f-a741-11e0-a149-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa3ba7c-2336-11e0-968f-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{daa3ba7c-2336-11e0-968f-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa3ba7c-2336-11e0-968f-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{daa3ba7c-2336-11e0-968f-00030db35011}\ not found.
File \WIN\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbb9899d-c12f-11e0-826b-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbb9899d-c12f-11e0-826b-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbb9899d-c12f-11e0-826b-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbb9899d-c12f-11e0-826b-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe69002-c2bb-11e0-94fd-001e101f534f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbe69002-c2bb-11e0-94fd-001e101f534f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe69002-c2bb-11e0-94fd-001e101f534f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbe69002-c2bb-11e0-94fd-001e101f534f}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe6901b-c2bb-11e0-94fd-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbe6901b-c2bb-11e0-94fd-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe6901b-c2bb-11e0-94fd-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbe6901b-c2bb-11e0-94fd-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbfb9308-4c41-11e1-b324-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbfb9308-4c41-11e1-b324-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbfb9308-4c41-11e1-b324-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbfb9308-4c41-11e1-b324-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd25831f-03f4-11e1-adaa-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd25831f-03f4-11e1-adaa-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd25831f-03f4-11e1-adaa-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd25831f-03f4-11e1-adaa-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e78bb380-03df-11e1-ad9a-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e78bb380-03df-11e1-ad9a-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e78bb380-03df-11e1-ad9a-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e78bb380-03df-11e1-ad9a-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb6aa39f-03e2-11e1-b34b-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb6aa39f-03e2-11e1-b34b-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb6aa39f-03e2-11e1-b34b-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb6aa39f-03e2-11e1-b34b-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca2cd20-03f0-11e1-93d0-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eca2cd20-03f0-11e1-93d0-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca2cd20-03f0-11e1-93d0-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eca2cd20-03f0-11e1-93d0-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef7630be-c1f4-11e0-93bd-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef7630be-c1f4-11e0-93bd-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef7630be-c1f4-11e0-93bd-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef7630be-c1f4-11e0-93bd-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3e878bf-7c08-11e0-97ef-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3e878bf-7c08-11e0-97ef-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3e878bf-7c08-11e0-97ef-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3e878bf-7c08-11e0-97ef-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fff0d77f-9853-11e0-ac68-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fff0d77f-9853-11e0-ac68-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fff0d77f-9853-11e0-ac68-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fff0d77f-9853-11e0-ac68-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
C:\Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe moved successfully.
File C:\Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe not found.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\ not found.
C:\Program Files\PriceGong\2.1.0\FF\content folder moved successfully.
C:\Program Files\PriceGong\2.1.0\FF\components folder moved successfully.
C:\Program Files\PriceGong\2.1.0\FF folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
User: Laptop
->Temp folder emptied: 448227 bytes
->Temporary Internet Files folder emptied: 232584155 bytes
->Java cache emptied: 1237443 bytes
->FireFox cache emptied: 130934024 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 9362 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10170274 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 358.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Laptop
->Flash cache emptied: 492 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Laptop
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
Error: Unable to interpret < :Files> in the current context!
Error: Unable to interpret < ipconfig /flushdns /c> in the current context!
Error: Unable to interpret < C:\hemxccapeaj.exe /s> in the current context!
Error: Unable to interpret < C:\Program Files\PriceGong> in the current context!
Error: Unable to interpret < C:\bjrwzmzisvc.exe /s> in the current context!
OTL by OldTimer - Version 3.2.69.0 log created on 12312013_173650
Files\Folders moved on Reboot...
File\Folder \AutoRun.exe not found!
File\Folder \AUTORUN.INF not found!
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZC0PGFTE\envelope1[1].eot moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5KU09T2\pool_distilled_ie[11].htm moved successfully.
File\Folder C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5KU09T2\showthread[2].htm not found!
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQQ379GX\xframe-proxy_20130927[1].htm moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPJ37KOD\12[3].htm moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPJ37KOD\pool_distilled_ie[6].htm moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPJ37KOD\showthread[1].htm moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LE6BPX6T\ai[3].htm moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EU2ENB4T\mail-ltr6[1].eot moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXL1YJTD\st[1] moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLBOTGJ6\ai[4].htm moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLBOTGJ6\ai[5].htm moved successfully.
File\Folder C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLBOTGJ6\facebook_com[1].htm not found!
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLBOTGJ6\pool_distilled_ieCA9IISWB.htm moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLBOTGJ6\pool_distilled_ieCARICNHK.htm moved successfully.
File\Folder C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLBOTGJ6\push[1].htm not found!
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54HL3KDW\fc[1].htm moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54HL3KDW\r-csc[1].htm moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54HL3KDW\r-sf[1].htm moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2K6MDFGJ\xframe-proxy_20130927[1].htm moved successfully.
File move failed. C:\Windows\temp\avg_secure_search.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...0 -
Advertisement
-
I don't know if it is relevant - there are some errors in the log about / files not found.
/ is the drive when I run my broadband dongle, and it is not connected on start up. It was running during scan though.
Happy New Year to you!
Do you think it is safe to log in to internet banking?0 -
yeah let adwcleaner clean anything it finds.
don't worry bout the \ drive thing.
yep should be fine to do internet banking
just one more thing, do you have the avg log from when it found something ?0 -
Hi jsa112,
I'll scan and clean with adwcleaner again. I'll post you that log later this evening.
I can't find log from AVG, there is only "Reports" tab with update logs. I'll google or look in help to find if it is hidden somewhere.
Thank you0 -
Hi again,
I managed to find something in AVG. These are not log files, but I got them in History and did "Export" to text files. There were 4 trojans:
Trojan1:
Resident Shield Results
"Threat Name" "Result" "Detection Time" "Object Type" "Process"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\tfoqktardtf.exe" "Secured" "29/12/2013, 22:49:18" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZK9F39\svchost[1].exe" "Secured" "29/12/2013, 22:49:41" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\mwpyvtnsdug.exe" "Secured" "30/12/2013, 22:02:05" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TBQQNC7\svchost[1].exe" "Secured" "30/12/2013, 22:02:31" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
Trojan2:
Resident Shield Results
"Threat Name" "Result" "Detection Time" "Object Type" "Process"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\tfoqktardtf.exe" "Secured" "29/12/2013, 22:49:18" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZK9F39\svchost[1].exe" "Secured" "29/12/2013, 22:49:41" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\mwpyvtnsdug.exe" "Secured" "30/12/2013, 22:02:05" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TBQQNC7\svchost[1].exe" "Secured" "30/12/2013, 22:02:31" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
Trojan3:
Resident Shield Results
"Threat Name" "Result" "Detection Time" "Object Type" "Process"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\tfoqktardtf.exe" "Secured" "29/12/2013, 22:49:18" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZK9F39\svchost[1].exe" "Secured" "29/12/2013, 22:49:41" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\mwpyvtnsdug.exe" "Secured" "30/12/2013, 22:02:05" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TBQQNC7\svchost[1].exe" "Secured" "30/12/2013, 22:02:31" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
Trojan4:
Resident Shield Results
"Threat Name" "Result" "Detection Time" "Object Type" "Process"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\tfoqktardtf.exe" "Secured" "29/12/2013, 22:49:18" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZK9F39\svchost[1].exe" "Secured" "29/12/2013, 22:49:41" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\mwpyvtnsdug.exe" "Secured" "30/12/2013, 22:02:05" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TBQQNC7\svchost[1].exe" "Secured" "30/12/2013, 22:02:31" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"0 -
open OTL click the none button at the very top, then copy and paste this into the box
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
SaveMBR:0
createrestorepoint
%systemroot%\*. /mp /s
C:\*.*
showhidden
c:\Users\Laptop\AppData\Roaming\*.*
C:\Program Files\Internet Explorer\iexplore.exe /md5
/md5start
svchost.exe
/md5stop
click run scan post the log it gives0 -
Ok, I'll do that now.
I have just run adwcleaner, do you want to see logs from scan and clean?
I noticed it removed AVG secure search from Firefox. Why is that? I thought AVG is "safe" (although I can't remember how I installed it, it was probably always there )0 -
yeah post all logs I ask for. AVG installed some crap toolbar thats why it got removed.0
-
Hi Jsa112,
during OTL scan AVG has detected trojan again and I clicked an option to remove it. Is it OK, should I have ignored it? What does it mean, is it "false" alarm?
I am posting 3 logs in the bext 3 posts - adwcleaner scan, adwcleaner clean and the latest OTL scan.
Here is report from AVG when it found Trojan during otl.exe:
Resident Shield Results
"Threat Name" "Result" "Detection Time" "Object Type" "Process"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\tfoqktardtf.exe" "Secured" "29/12/2013, 22:49:18" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZK9F39\svchost[1].exe" "Secured" "29/12/2013, 22:49:41" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\mwpyvtnsdug.exe" "Secured" "30/12/2013, 22:02:05" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TBQQNC7\svchost[1].exe" "Secured" "30/12/2013, 22:02:31" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse BackDoor.Generic18.ENR, c:\_OTL\MovedFiles\12312013_173650\C_Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe" "Secured" "31/12/2013, 22:02:08" "File or Directory" "C:\Users\Laptop\Downloads\OTL.exe"0 -
adwcleaner scan log:
# AdwCleaner v3.016 - Report created 31/12/2013 at 20:40:05
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Laptop - LAPTOP-PC
# Running from : C:\Users\Laptop\Downloads\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16526
-\\ Mozilla Firefox v26.0 (en-GB)
[ File : C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\prefs.js ]
Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1071 octets] - [31/12/2013 17:23:08]
AdwCleaner[R1].txt - [993 octets] - [31/12/2013 20:40:05]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1052 octets] ##########0 -
adwcleaner clean log:
# AdwCleaner v3.016 - Report created 31/12/2013 at 20:42:30
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Laptop - LAPTOP-PC
# Running from : C:\Users\Laptop\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\PriceGong
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Laptop\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Laptop\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Laptop\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Laptop\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\alot
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\alotToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16526
-\\ Mozilla Firefox v26.0 (en-GB)
[ File : C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\prefs.js ]
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1071 octets] - [31/12/2013 17:23:08]
AdwCleaner[R1].txt - [1132 octets] - [31/12/2013 20:40:05]
AdwCleaner[S0].txt - [7855 octets] - [31/12/2013 20:42:30]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7915 octets] ##########0 -
Advertisement
-
OTL log:
OTL logfile created on: 31/12/2013 21:40:04 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laptop\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
984.18 Mb Total Physical Memory | 75.26 Mb Available Physical Memory | 7.65% Memory free
2.18 Gb Paging File | 1.07 Gb Available in Paging File | 49.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.31 Gb Total Space | 82.60 Gb Free Space | 59.72% Space Free | Partition Type: NTFS
Drive | 25.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive S: | 1.46 Gb Total Space | 1.30 Gb Free Space | 88.83% Space Free | Partition Type: NTFS
Computer Name: LAPTOP-PC | User Name: Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Laptop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Google EULA Launcher - hkey= - key= - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdateP2GShortCut - hkey= - key= - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - State: "startup" - 2
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Custom Scans ==========
< %systemroot%\*. /mp /s >
< C:\*.* >
[2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/21 02:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/02/06 16:51:27 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013/12/31 21:31:26 | 1032,740,864 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/31 21:31:23 | 1346,555,904 | -HS- | M] () -- C:\pagefile.sys
[2013/12/31 21:42:16 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2010/12/18 23:40:02 | 000,005,892 | ---- | M] () -- C:\scramble.log
[2010/10/15 18:16:05 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2013/12/31 20:44:33 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010/09/19 17:33:28 | 000,000,000 | -H-D | M] -- C:\Applications\OEM
[2011/04/11 23:42:05 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/10/24 09:25:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2010/10/30 15:14:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser
[2010/10/30 15:14:18 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\YouCam\1.00
[2010/10/30 15:14:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\YouCam\1.00
[2006/11/02 12:37:34 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2006/11/02 13:02:03 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2006/11/02 11:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2010/09/19 17:33:44 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData
[2010/10/04 12:35:32 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2010/10/04 12:39:36 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2010/09/23 17:07:13 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Local\Microsoft\Media Player\Art Cache
[2010/09/19 17:34:33 | 000,000,000 | RH-D | M] -- C:\Users\Laptop\AppData\Local\Microsoft\Windows\Burn\Burn
[2010/10/15 11:42:25 | 000,000,000 | RH-D | M] -- C:\Users\Laptop\AppData\Local\Microsoft\Windows\Burn\Burn1
[2011/01/13 01:29:34 | 000,000,000 | RH-D | M] -- C:\Users\Laptop\AppData\Local\Microsoft\Windows\Burn\Burn2
[2010/11/09 00:18:17 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Roaming\CyberLink\MediaCache
[2010/09/23 18:53:21 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Roaming\CyberLink\MediaCache\Power2Go
[2011/05/27 22:14:25 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
[2010/10/04 12:38:51 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\IETldCache\Low
[2010/10/04 12:39:17 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
[2013/12/30 00:13:30 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2006/11/02 10:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2008/09/12 17:47:27 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg
[2008/09/12 17:47:27 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\Power2Go
[2008/09/12 17:47:27 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{397A21FB-EADF-4116-9027-32B8FA04C3E2}\Version\5.50
[2010/09/23 18:53:05 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{E303BA32-9368-4a3c-AE3A-AFDADCBDE48B}\Version\1.00
[2012/12/26 20:47:54 | 000,000,000 | -H-D | M] -- C:\Users\Public\Recorded TV\TempRec
[2006/11/02 11:18:34 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2008/09/12 17:37:58 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
< c:\Users\Laptop\AppData\Roaming\*.* >
[2010/09/29 00:18:18 | 000,000,132 | ---- | M] () -- c:\Users\Laptop\AppData\Roaming\wklnhst.dat
< C:\Program Files\Internet Explorer\iexplore.exe /md5 >
[2013/11/14 23:18:24 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=43E6F2A7FB182F2D7CB0CE5B8F1005CF -- C:\Program Files\Internet Explorer\iexplore.exe
< MD5 for: SVCHOST.EXE >
[2008/01/21 02:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 02:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< End of report >0 -
it means the infection is respawning, going to need to bring out the big guns
download and run combofix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
post the log it gives0 -
Uhhhh It looks very scary.
Can I keep my browser(s) open while it is running (I want to have that page you posted open)?
It looks from the manual that it can take a while, is it dangerous of I leave it for tomorrow? I still didn't log to my internet banking, but need to to this evening, is it safe?
You are so nice for helping me with this, God bless you0 -
Oh I read the guide again now - it states I should close my browser as well and print the guide.
I don't have access to printer before Friday, do you think I can leave for 2 days?0 -
you can leave the browser open if ya need to, shouldn't matter too much, no need to print the guide if its too much hassle.
it should be safe to do internet banking.
don't worry bout all those guidelines, better to run it now than in 2 days to be honest. should only take 20mins to run it, and is safe0 -
Ok0
-
Celebrate New Years instead of talking to me0
-
Hahha, I was thinking the same about you. I have very bad flu, not in celebration mood at all. It is not only laptop that is infected
I wish you very Happy New Year, you have earned a lot of good karma helping others0 -
Hi Jsa112,
if you are stil awake I am sending combofix log in the next post
One thing - when it started it asked me to stop AVG. I couldn't find how to do it at the moment (when I am in panic mode my brain stops working).
Then, when it was at stage 3 I disabled AVG. I hope it is OK and did not ruin anything?0 -
Advertisement
-
ComboFix 13-12-31.01 - Laptop 01/01/2014 0:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.984.291 [GMT 0:00]
Running from: c:\users\Laptop\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2013-12-01 to 2014-01-01 )))))))))))))))))))))))))))))))
.
.
2014-01-01 00:40 . 2014-01-01 00:43
d
w- c:\users\Laptop\AppData\Local\temp
2014-01-01 00:40 . 2014-01-01 00:40
d
w- c:\users\Default\AppData\Local\temp
2013-12-31 21:42 . 2013-12-31 21:42 512 ----a-w- C:\PhysicalMBR.bin
2013-12-31 17:36 . 2013-12-31 17:36
d
w- C:\_OTL
2013-12-31 17:21 . 2013-12-31 20:42
d
w- C:\AdwCleaner
2013-12-30 19:06 . 2013-12-30 19:07
d
w- c:\users\Laptop\AppData\Local\dumps
2013-12-12 00:33 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-12 00:33 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-12 00:33 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-12 00:32 . 2013-10-11 02:08 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-12-12 00:32 . 2013-10-11 00:35 155648 ----a-w- c:\windows\system32\wscript.exe
2013-12-12 00:32 . 2013-10-11 00:35 135168 ----a-w- c:\windows\system32\cscript.exe
2013-12-12 00:32 . 2013-10-11 02:08 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-12-12 00:32 . 2013-10-11 02:08 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-12-12 00:31 . 2013-10-30 00:35 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-12 00:30 . 2013-10-22 07:19 158208 ----a-w- c:\windows\system32\imagehlp.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-10 22:10 . 2012-07-18 20:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-10 22:10 . 2011-05-21 16:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-10 14:41 . 2012-09-29 10:07 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-11-05 21:50 . 2013-11-05 21:50 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-11-04 21:57 . 2013-11-04 21:57 209176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-10-31 23:00 . 2013-10-31 23:00 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-10-31 22:30 . 2013-10-31 22:30 222520 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-10-30 02:13 . 2008-01-21 02:23 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-24 22:28 . 2013-10-24 22:28 147768 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-10-11 02:08 . 2013-11-13 23:47 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07 . 2013-11-13 23:47 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-03 12:45 . 2013-11-13 23:48 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 12:45 . 2013-11-13 23:48 993792 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-17 135680]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-12 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SpareMessaging"="c:\program files\Spare Messaging\MessagingApp.exe" [2007-11-28 42824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"ModemListener"="c:\program files\Mobilni Internet\ModemListener.exe" [2010-07-12 98304]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-11-07 4956176]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF&inst=NzctNjMyNzYyMjI3LVBMKzktWE8zNisxLU4xRCsxLVFJWDErNC1YMjAxMCsyLUZMMTArMS1MSUMrODgtU1AxKzEtU1AxVEIrMS1TUDFTMisxLVNVRCsxLVMxSSsxLVNVMysxLUxTRCsyLUREVCsw&prod=90&ver=10.0.1382" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launch.lnk - c:\windows\Installer\{4A65DAD2-E914-4923-9C2A-81B968A68CE2}\_A685CC3126A7CC37D335DE.exe [2008-9-12 17542]
OSD.lnk - c:\windows\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_1F0B30F16FFA954160D1AF.exe [2008-9-11 21630]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Laptop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 20:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-08-06 10:30 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 18:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-12 17:29 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-09-13 15:32 222504 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GShortCut]
2008-01-04 10:02 222504 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 21:11 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 22:11]
.
2013-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-28 23:10]
.
2014-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-28 23:10]
.
.
Supplementary Scan
.
uStart Page = hxxp://mail.yahoo.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: raiffeisenbank.rs\rol
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} - hxxps://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
FF - ProfilePath - c:\users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\
FF - ExtSQL: !HIDDEN! 2010-09-30 21:39; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-01 00:43
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
LOCKED REGISTRY KEYS
.
[HKEY_USERS\S-1-5-21-2051435258-2395563607-277202808-1000_Classes\CLSID\{70C06E40-C893-6D47-AA91-8381842D4939}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
DLLs Loaded Under Running Processes
.
- - - - - - - > 'Explorer.exe'(4832)
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
.
Completion time: 2014-01-01 00:47:31
ComboFix-quarantined-files.txt 2014-01-01 00:47
.
Pre-Run: 87,420,944,384 bytes free
Post-Run: 87,454,965,760 bytes free
.
- - End Of File - - 370100B5B78161CB6F6CCC8FE18CE6CF
5C616939100B85E558DA92B899A0FC360 -
looks good, let me know if avg/mbam keeps finding things and if the pc is giving you any problems0
-
Yupiiii
One question: I keep getting prompt in IE saying "I am about to leave secure connection". Is that ok to say don't prompt me again?
0 -
yeah that's grand, some sites are secure and some aren't
although try not use internet explorer as its a POS and more likely to get you infected again. Use chrome0 -
ur clogging up my system0
-
yeah that's grand, some sites are secure and some aren't
although try not use internet explorer as its a POS and more likely to get you infected again. Use chrome
It prompts secure warning for comobofix and for google. Maybe security settings have been reseted by combofix? I'll google it to find out Maybe it is ok just to check the box "don't show this message again".
And sorry for the big picture I didn't realize
I know about Chrome....but I am used to IE.
Shell I run adwcleaner regullary to clean?0 -
Advertisement
-
yeah check that box, its nothing to worry about
no need to run adwcleaner, do run mbam and avg occasionally, you can pm me if they find anything0 -
Its people like you who make a difference to this world Thank you again. All the best.0
-
yep i'm great, good night and good luck0
-
Tdsskiller log:
16:00:55.0633 0x16f4 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
16:01:20.0817 0x16f4 ============================================================
16:01:20.0818 0x16f4 Current date / time: 2014/01/01 16:01:20.0817
16:01:20.0818 0x16f4 SystemInfo:
16:01:20.0818 0x16f4
16:01:20.0818 0x16f4 OS Version: 6.0.6002 ServicePack: 2.0
16:01:20.0818 0x16f4 Product type: Workstation
16:01:20.0818 0x16f4 ComputerName: LAPTOP-PC
16:01:20.0819 0x16f4 UserName: Laptop
16:01:20.0819 0x16f4 Windows directory: C:\Windows
16:01:20.0819 0x16f4 System windows directory: C:\Windows
16:01:20.0819 0x16f4 Processor architecture: Intel x86
16:01:20.0819 0x16f4 Number of processors: 2
16:01:20.0819 0x16f4 Page size: 0x1000
16:01:20.0819 0x16f4 Boot type: Normal boot
16:01:20.0819 0x16f4 ============================================================
16:01:27.0393 0x16f4 KLMD registered as C:\Windows\system32\drivers\59677234.sys
16:01:29.0688 0x16f4 System UUID: {8B73D1E6-BFA3-55BE-C168-014BDB79FF90}
16:01:32.0981 0x16f4 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:01:33.0048 0x16f4 ============================================================
16:01:33.0048 0x16f4 \Device\Harddisk0\DR0:
16:01:33.0049 0x16f4 MBR partitions:
16:01:33.0049 0x16f4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x128E800, BlocksNum 0x2EE000
16:01:33.0049 0x16f4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x157C800, BlocksNum 0x1149C800
16:01:33.0049 0x16f4 ============================================================
16:01:33.0113 0x16f4 C: <-> \Device\Harddisk0\DR0\Partition2
16:01:33.0145 0x16f4 S: <-> \Device\Harddisk0\DR0\Partition1
16:01:33.0349 0x16f4 ============================================================
16:01:33.0349 0x16f4 Initialize success
16:01:33.0349 0x16f4 ============================================================
16:01:47.0061 0x0cb8 ============================================================
16:01:47.0062 0x0cb8 Scan started
16:01:47.0062 0x0cb8 Mode: Manual;
16:01:47.0062 0x0cb8 ============================================================
16:01:47.0062 0x0cb8 KSN ping started
16:01:48.0330 0x0cb8 KSN ping finished: true
16:01:49.0645 0x0cb8 ================ Scan system memory ========================
16:01:49.0645 0x0cb8 System memory - ok
16:01:49.0646 0x0cb8 ================ Scan services =============================
16:01:49.0870 0x0cb8 [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:01:49.0894 0x0cb8 ACPI - ok
16:01:50.0060 0x0cb8 [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:01:50.0143 0x0cb8 AdobeFlashPlayerUpdateSvc - ok
16:01:50.0235 0x0cb8 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:01:50.0270 0x0cb8 adp94xx - ok
16:01:50.0318 0x0cb8 [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:01:50.0350 0x0cb8 adpahci - ok
16:01:50.0380 0x0cb8 [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:01:50.0388 0x0cb8 adpu160m - ok
16:01:50.0420 0x0cb8 [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:01:50.0431 0x0cb8 adpu320 - ok
16:01:50.0484 0x0cb8 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:01:50.0487 0x0cb8 AeLookupSvc - ok
16:01:50.0565 0x0cb8 [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD C:\Windows\system32\drivers\afd.sys
16:01:50.0590 0x0cb8 AFD - ok
16:01:50.0711 0x0cb8 [ DE9DF7A02803E923C7695B343678AC25, 3DD340E3B1FA6058EB6AA25BE0087BB44D0A343E30A79544B57F39D81A7A8D6C ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
16:01:50.0803 0x0cb8 AgereSoftModem - ok
16:01:50.0879 0x0cb8 [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:01:50.0884 0x0cb8 agp440 - ok
16:01:50.0941 0x0cb8 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:01:50.0948 0x0cb8 aic78xx - ok
16:01:50.0999 0x0cb8 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
16:01:51.0003 0x0cb8 ALG - ok
16:01:51.0049 0x0cb8 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide C:\Windows\system32\drivers\aliide.sys
16:01:51.0052 0x0cb8 aliide - ok
16:01:51.0074 0x0cb8 [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:01:51.0079 0x0cb8 amdagp - ok
16:01:51.0129 0x0cb8 [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide C:\Windows\system32\drivers\amdide.sys
16:01:51.0133 0x0cb8 amdide - ok
16:01:51.0148 0x0cb8 [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
16:01:51.0154 0x0cb8 AmdK7 - ok
16:01:51.0182 0x0cb8 [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:01:51.0188 0x0cb8 AmdK8 - ok
16:01:51.0221 0x0cb8 [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo C:\Windows\System32\appinfo.dll
16:01:51.0224 0x0cb8 Appinfo - ok
16:01:51.0297 0x0cb8 [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc C:\Windows\system32\drivers\arc.sys
16:01:51.0304 0x0cb8 arc - ok
16:01:51.0357 0x0cb8 [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:01:51.0364 0x0cb8 arcsas - ok
16:01:51.0397 0x0cb8 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:01:51.0401 0x0cb8 AsyncMac - ok
16:01:51.0436 0x0cb8 [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys
16:01:51.0439 0x0cb8 atapi - ok
16:01:51.0512 0x0cb8 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:01:51.0537 0x0cb8 AudioEndpointBuilder - ok
16:01:51.0568 0x0cb8 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:01:51.0584 0x0cb8 Audiosrv - ok
16:01:51.0673 0x0cb8 [ 9C7C45DE9E167F6268D32D6D10133F7D, 58005B49AE6D5CABB3ECEFF0D800F53D6E81A67B5EFE25E9374EC061FEC5601F ] Avgdiskx C:\Windows\system32\DRIVERS\avgdiskx.sys
16:01:51.0684 0x0cb8 Avgdiskx - ok
16:01:52.0073 0x0cb8 [ F89B2DACE0FBE54CF65D12B7081C19C3, 64BBA5A29948ABFADB8865CE0D7D0259AB291B8DA04786AB351055D57B49D439 ] AVGIDSAgent C:\Program Files\AVG\AVG2014\avgidsagent.exe
16:01:52.0306 0x0cb8 AVGIDSAgent - ok
16:01:52.0391 0x0cb8 [ C66B17D93F94622293608C2FB91C5806, 5BA6948A5328D73B1BAF6DACC7B2A842FD0072246DD416DE39F6993EAABC2997 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
16:01:52.0406 0x0cb8 AVGIDSDriver - ok
16:01:52.0488 0x0cb8 [ 0C70FAB4B08DC1FF6612AA3F352CFCA9, 6991B6A9E5063611C280968F758E6B0F431E19EB8539808531C6293A0F313C47 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
16:01:52.0498 0x0cb8 AVGIDSHX - ok
16:01:52.0530 0x0cb8 [ 4118A9D326A76D485713A36988102C3E, 10C494165258D091AB31533C37FA05C29013471D5B2D6BDA60F731715FA02248 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
16:01:52.0534 0x0cb8 AVGIDSShim - ok
16:01:52.0636 0x0cb8 [ 578ECC3D911897B2C5B760EDAF8ED6CA, 99CAACB349C8629D4BE6070BDBFB0BDB4A13ABFFF738F04D723D2AFE7EA58894 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
16:01:52.0658 0x0cb8 Avgldx86 - ok
16:01:52.0941 0x0cb8 [ BD1A440B9F126AFE52978A44952B0018, 83577249AACC3F0C655C27A471739113B2086BFC1FF15D0ED7E64B0215B739DB ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
16:01:53.0157 0x0cb8 Avglogx - ok
16:01:53.0342 0x0cb8 [ 7DC192EC714342E7C020C7CF42E394D8, 09F4CFFD93067E62B09C550A7A0588E90CAD190E49E1B7082FC5A949AF389781 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
16:01:53.0395 0x0cb8 Avgmfx86 - ok
16:01:53.0717 0x0cb8 [ E6322DF686CE1C59D7797FAEF0732454, 03534F19568B421F9BE9C99A7A5302D38FCABA26E95C49A492DA49E58A918B55 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
16:01:53.0739 0x0cb8 Avgrkx86 - ok
16:01:53.0877 0x0cb8 [ E98603F9D1F412F38ADF2F76053F9E5A, 1CE4668E0202ADD8C4C3D7D883DC837F7888F5D6E3B6FEE8338E15A86FE6AC22 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
16:01:53.0958 0x0cb8 Avgtdix - ok
16:01:54.0087 0x0cb8 [ 15ACA2AD17ACECA4814F249783E63AD3, AB8E74A5B8FC2FD04BA2B495610A8BE76408E9362A447D7069D5AAB8F3512F33 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
16:01:54.0114 0x0cb8 avgtp - ok
16:01:54.0419 0x0cb8 [ B747B6BB015E552F49C634BB19540F3D, 5000AD41BD101BC06D595484B6E58DEEBB962939ACF4B24DE515771D1C4AE3ED ] avgwd C:\Program Files\AVG\AVG2014\avgwdsvc.exe
16:01:54.0718 0x0cb8 avgwd - ok
16:01:54.0904 0x0cb8 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
16:01:54.0927 0x0cb8 Beep - ok
16:01:55.0349 0x0cb8 [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll
16:01:55.0509 0x0cb8 BFE - ok
16:01:55.0679 0x0cb8 [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\system32\qmgr.dll
16:01:55.0737 0x0cb8 BITS - ok
16:01:55.0790 0x0cb8 [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:01:55.0796 0x0cb8 blbdrive - ok
16:01:55.0849 0x0cb8 [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:01:55.0856 0x0cb8 bowser - ok
16:01:55.0898 0x0cb8 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:01:55.0903 0x0cb8 BrFiltLo - ok
16:01:55.0923 0x0cb8 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:01:55.0926 0x0cb8 BrFiltUp - ok
16:01:55.0960 0x0cb8 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
16:01:55.0967 0x0cb8 Browser - ok
16:01:56.0024 0x0cb8 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
16:01:56.0032 0x0cb8 Brserid - ok
16:01:56.0065 0x0cb8 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:01:56.0070 0x0cb8 BrSerWdm - ok
16:01:56.0126 0x0cb8 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:01:56.0130 0x0cb8 BrUsbMdm - ok
16:01:56.0187 0x0cb8 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:01:56.0190 0x0cb8 BrUsbSer - ok
16:01:56.0263 0x0cb8 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:01:56.0267 0x0cb8 BTHMODEM - ok
16:01:56.0317 0x0cb8 catchme - ok
16:01:56.0371 0x0cb8 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:01:56.0379 0x0cb8 cdfs - ok
16:01:56.0460 0x0cb8 [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:01:56.0467 0x0cb8 cdrom - ok
16:01:56.0520 0x0cb8 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll
16:01:56.0524 0x0cb8 CertPropSvc - ok
16:01:56.0586 0x0cb8 [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass C:\Windows\system32\drivers\circlass.sys
16:01:56.0591 0x0cb8 circlass - ok
16:01:56.0686 0x0cb8 [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS C:\Windows\system32\CLFS.sys
16:01:56.0702 0x0cb8 CLFS - ok
16:01:56.0805 0x0cb8 [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:01:56.0812 0x0cb8 clr_optimization_v2.0.50727_32 - ok
16:01:56.0929 0x0cb8 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:01:56.0939 0x0cb8 clr_optimization_v4.0.30319_32 - ok
16:01:57.0009 0x0cb8 [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:01:57.0013 0x0cb8 CmBatt - ok
16:01:57.0046 0x0cb8 [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:01:57.0050 0x0cb8 cmdide - ok
16:01:57.0116 0x0cb8 [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:01:57.0119 0x0cb8 Compbatt - ok
16:01:57.0128 0x0cb8 COMSysApp - ok
16:01:57.0151 0x0cb8 [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:01:57.0156 0x0cb8 crcdisk - ok
16:01:57.0206 0x0cb8 [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe C:\Windows\system32\drivers\crusoe.sys
16:01:57.0213 0x0cb8 Crusoe - ok
16:01:57.0314 0x0cb8 [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:01:57.0324 0x0cb8 CryptSvc - ok
16:01:57.0471 0x0cb8 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:01:57.0517 0x0cb8 DcomLaunch - ok
16:01:57.0590 0x0cb8 DeviceManager - ok
16:01:57.0640 0x0cb8 [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:01:57.0646 0x0cb8 DfsC - ok
16:01:57.0831 0x0cb8 [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe
16:01:57.0975 0x0cb8 DFSR - ok
16:01:58.0084 0x0cb8 [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:01:58.0097 0x0cb8 Dhcp - ok
16:01:58.0129 0x0cb8 [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys
16:01:58.0134 0x0cb8 disk - ok
16:01:58.0202 0x0cb8 [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:01:58.0210 0x0cb8 Dnscache - ok
16:01:58.0269 0x0cb8 [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll
16:01:58.0281 0x0cb8 dot3svc - ok
16:01:58.0322 0x0cb8 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
16:01:58.0332 0x0cb8 DPS - ok
16:01:58.0365 0x0cb8 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:01:58.0368 0x0cb8 drmkaud - ok
16:01:58.0455 0x0cb8 [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:01:58.0512 0x0cb8 DXGKrnl - ok
16:01:58.0546 0x0cb8 [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
16:01:58.0556 0x0cb8 E1G60 - ok
16:01:58.0594 0x0cb8 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
16:01:58.0599 0x0cb8 EapHost - ok
16:01:58.0686 0x0cb8 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys
16:01:58.0703 0x0cb8 Ecache - ok
16:01:58.0787 0x0cb8 [ 3A511ED3C9A9DA2CD5A50FF46178063A, FA8732D1B078E01EC2337BE1997B58B37BC3C39747D932F8CAB1B98C6BC754F5 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:01:58.0823 0x0cb8 ehRecvr - ok
16:01:58.0845 0x0cb8 [ A3D94C93333619458AF4BDE7531234C5, E01860EDC1AA3D9B58F9EC5BE20838A7C7B0A1F68B0264281AEDD6F5B69AA1BD ] ehSched C:\Windows\ehome\ehsched.exe
16:01:58.0853 0x0cb8 ehSched - ok
16:01:58.0862 0x0cb8 [ 487BA5C5BB442BD172F120DC197811C2, C43068044443FFB2368BAD0008DADF5D4218D0DCD9AB9F1D492540DE9CDC7EB9 ] ehstart C:\Windows\ehome\ehstart.dll
16:01:58.0865 0x0cb8 ehstart - ok
16:01:58.0931 0x0cb8 [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:01:58.0966 0x0cb8 elxstor - ok
16:01:59.0062 0x0cb8 [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:01:59.0106 0x0cb8 EMDMgmt - ok
16:01:59.0143 0x0cb8 [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:01:59.0146 0x0cb8 ErrDev - ok
16:01:59.0210 0x0cb8 [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll
16:01:59.0233 0x0cb8 EventSystem - ok
16:01:59.0291 0x0cb8 [ 0F40E249E4DD0CE47C7CA19C5C8FB48A, EBF4A9DCEF2913095BDDACC64D02925B30CC1D779D21D31A1C3B59532D1C97E3 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
16:01:59.0301 0x0cb8 ewusbnet - ok
16:01:59.0391 0x0cb8 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7, 9AAF39AA22372FB8582C1422581C08E61444BF843E1CE2E199EB00FBEA6F9C06 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
16:01:59.0399 0x0cb8 ew_hwusbdev - ok
16:01:59.0495 0x0cb8 [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys
16:01:59.0507 0x0cb8 exfat - ok
16:01:59.0538 0x0cb8 [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:01:59.0549 0x0cb8 fastfat - ok
16:01:59.0599 0x0cb8 [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:01:59.0603 0x0cb8 fdc - ok
16:01:59.0635 0x0cb8 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
16:01:59.0638 0x0cb8 fdPHost - ok
16:01:59.0663 0x0cb8 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
16:01:59.0667 0x0cb8 FDResPub - ok
16:01:59.0687 0x0cb8 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:01:59.0698 0x0cb8 FileInfo - ok
16:01:59.0740 0x0cb8 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:01:59.0744 0x0cb8 Filetrace - ok
16:01:59.0766 0x0cb8 [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:01:59.0789 0x0cb8 flpydisk - ok
16:01:59.0895 0x0cb8 [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:01:59.0909 0x0cb8 FltMgr - ok
16:02:00.0022 0x0cb8 [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache C:\Windows\system32\FntCache.dll
16:02:00.0085 0x0cb8 FontCache - ok
16:02:00.0157 0x0cb8 [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:02:00.0161 0x0cb8 FontCache3.0.0.0 - ok
16:02:00.0192 0x0cb8 [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:02:00.0195 0x0cb8 Fs_Rec - ok
16:02:00.0224 0x0cb8 [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:02:00.0230 0x0cb8 gagp30kx - ok
16:02:00.0281 0x0cb8 [ 75ECD9BBFACA8B6DEDC0C4B27D4DE93A, F77DA5A703783F6B00F9EFF488C15EAD257A17CDC4C444C54299256DD084DEFB ] GpdDevDPort C:\Windows\system32\directport.sys
16:02:00.0285 0x0cb8 GpdDevDPort - ok
16:02:00.0320 0x0cb8 [ 6BDC233AD6E8826E90BDC0C71443CB22, 0DDAAABEA394BAA1DC73F3A5747A336C9B11AF181B23820898C7F9D2F16E8EEE ] GpdKbFilter C:\Windows\system32\kbfiltr.sys
16:02:00.0325 0x0cb8 GpdKbFilter - ok
16:02:00.0413 0x0cb8 [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll
16:02:00.0459 0x0cb8 gpsvc - ok
16:02:00.0568 0x0cb8 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:02:00.0578 0x0cb8 gupdate - ok
16:02:00.0601 0x0cb8 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:02:00.0609 0x0cb8 gupdatem - ok
16:02:00.0672 0x0cb8 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:02:00.0685 0x0cb8 gusvc - ok
16:02:00.0740 0x0cb8 [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:02:00.0758 0x0cb8 HdAudAddService - ok
16:02:00.0829 0x0cb8 [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:02:00.0875 0x0cb8 HDAudBus - ok
16:02:00.0906 0x0cb8 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:02:00.0910 0x0cb8 HidBth - ok
16:02:00.0936 0x0cb8 [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
16:02:00.0946 0x0cb8 HidIr - ok
16:02:01.0008 0x0cb8 [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\System32\hidserv.dll
16:02:01.0012 0x0cb8 hidserv - ok
16:02:01.0049 0x0cb8 [ 3C64042B95E583B366BA4E5D2450235E, B431F9692D66188AFEE372F312581178B14F49D763F8D1100D264623A239002A ] HidUsb C:\Windows\system32\drivers\hidusb.sys
16:02:01.0053 0x0cb8 HidUsb - ok
16:02:01.0112 0x0cb8 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
16:02:01.0119 0x0cb8 hkmsvc - ok
16:02:01.0186 0x0cb8 [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:02:01.0190 0x0cb8 HpCISSs - ok
16:02:01.0255 0x0cb8 [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:02:01.0291 0x0cb8 HTTP - ok
16:02:01.0359 0x0cb8 [ B17651DA8D2E003BB7EF9FCA31819B3A, B521564887C7933A9BCDF407DB4886B10205EEA84A9FC4D1BB66411ED0E2672F ] huawei_cdcacm C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
16:02:01.0369 0x0cb8 huawei_cdcacm - ok
16:02:01.0392 0x0cb8 [ 202FC4C97D650ABDAC6C8BF27DD41FC4, FAA4A830D3DB0BE9F302F934602EF80C08E489BCE4C491F1A898731DF5FEBFC3 ] huawei_cdcecm C:\Windows\system32\DRIVERS\ew_jucdcecm.sys
16:02:01.0398 0x0cb8 huawei_cdcecm - ok
16:02:01.0441 0x0cb8 [ C36F38662751810F96A4170C0F7DB0F1, C0E1DE17322BA26F2FC93720A76880BB4309B85E606D46A842A8E8E7C869F6CA ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
16:02:01.0451 0x0cb8 huawei_enumerator - ok
16:02:01.0502 0x0cb8 [ 283B862A34ABCE1EC6D9EF50F84CDDEA, 0E23D17411393E388A4C24E3F8D9B85E90B9E9F99C7692E81209EB2EA43E0B48 ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
16:02:01.0506 0x0cb8 huawei_ext_ctrl - ok
16:02:01.0562 0x0cb8 [ 92CA47DA32009CCC00A5ADED04ABBD78, 2159A632B9C519D94180A2EED24AB8A91BE8717F0C13BEC916CF4F70E4DB5D47 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:02:01.0571 0x0cb8 hwdatacard - ok
16:02:01.0653 0x0cb8 HWDeviceService.exe - ok
16:02:01.0681 0x0cb8 hwusbdev - ok
16:02:01.0727 0x0cb8 [ 1D4D6D24256F61E6B08A3CF8184A78B8, 037218C662C43E588921A8BA72F4AE1BA22983167F1216E06CE5C5820DA8CC7B ] hwusbfake C:\Windows\system32\DRIVERS\ewusbfake.sys
16:02:01.0735 0x0cb8 hwusbfake - ok
16:02:01.0787 0x0cb8 [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:02:01.0791 0x0cb8 i2omp - ok
16:02:01.0822 0x0cb8 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:02:01.0827 0x0cb8 i8042prt - ok
16:02:02.0425 0x0cb8 [ 8266AE06DF974E5BA047B3E9E9E70B3F, 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
16:02:03.0747 0x0cb8 ialm - ok
16:02:03.0852 0x0cb8 [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:02:03.0883 0x0cb8 iaStorV - ok
16:02:04.0001 0x0cb8 [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:02:04.0077 0x0cb8 idsvc - ok
16:02:04.0852 0x0cb8 [ 8266AE06DF974E5BA047B3E9E9E70B3F, 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
16:02:05.0417 0x0cb8 igfx - ok
16:02:05.0526 0x0cb8 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:02:05.0530 0x0cb8 iirsp - ok
16:02:05.0603 0x0cb8 [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT C:\Windows\System32\ikeext.dll
16:02:05.0636 0x0cb8 IKEEXT - ok
16:02:05.0809 0x0cb8 [ 219CA9A36D6DE2EC04F958C907673436, 44B5501263F5DA324E90D59264F8B39F69F4B3EADAFCFC983196A4CEB2C8F54C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:02:05.0941 0x0cb8 IntcAzAudAddService - ok
16:02:06.0005 0x0cb8 [ 8DAB99684CFE8B4DDD5D6D0C5D55FDAC, 1FE5ED643332F9851B6895F2C0340D81EFD47C5A5F9DAC0F292AFE818C98E04F ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
16:02:06.0014 0x0cb8 IntcHdmiAddService - ok
16:02:06.0047 0x0cb8 [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide C:\Windows\system32\drivers\intelide.sys
16:02:06.0050 0x0cb8 intelide - ok
16:02:06.0100 0x0cb8 [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:02:06.0108 0x0cb8 intelppm - ok
16:02:06.0155 0x0cb8 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:02:06.0162 0x0cb8 IPBusEnum - ok
16:02:06.0207 0x0cb8 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:02:06.0212 0x0cb8 IpFilterDriver - ok
16:02:06.0278 0x0cb8 [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:02:06.0292 0x0cb8 iphlpsvc - ok
16:02:06.0303 0x0cb8 IpInIp - ok
16:02:06.0328 0x0cb8 [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:02:06.0334 0x0cb8 IPMIDRV - ok
16:02:06.0357 0x0cb8 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:02:06.0366 0x0cb8 IPNAT - ok
16:02:06.0417 0x0cb8 [ E50A95179211B12946F7E035D60AF560, 69765E2548BA708FF35545EC944DBA1940AD4065AF90E53B97A7792AC231DCF7 ] irda C:\Windows\system32\DRIVERS\irda.sys
16:02:06.0426 0x0cb8 irda - ok
16:02:06.0448 0x0cb8 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:02:06.0451 0x0cb8 IRENUM - ok
16:02:06.0484 0x0cb8 [ CBB0D940221A281BCFEAEA695BD1CDA5, D05D192019524A02FE3FAE6827B98A942FA1AD651BF7AA53530A8A6F4ADFB7EB ] Irmon C:\Windows\System32\irmon.dll
16:02:06.0494 0x0cb8 Irmon - ok
16:02:06.0508 0x0cb8 [ 5896B5FF6332AB2BE1582523E9656A67, EA61CF0B108DDA2D32A2A9B28B2AD296E6941839114C99384D343B883ECAB7F8 ] irsir C:\Windows\system32\DRIVERS\irsir.sys
16:02:06.0512 0x0cb8 irsir - ok
16:02:06.0563 0x0cb8 [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:02:06.0569 0x0cb8 isapnp - ok
16:02:06.0635 0x0cb8 [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:02:06.0647 0x0cb8 iScsiPrt - ok
16:02:06.0671 0x0cb8 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:02:06.0676 0x0cb8 iteatapi - ok
16:02:06.0701 0x0cb8 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:02:06.0705 0x0cb8 iteraid - ok
16:02:06.0728 0x0cb8 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:02:06.0732 0x0cb8 kbdclass - ok
16:02:06.0754 0x0cb8 [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:02:06.0758 0x0cb8 kbdhid - ok
16:02:06.0812 0x0cb8 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe
16:02:06.0816 0x0cb8 KeyIso - ok
16:02:06.0894 0x0cb8 [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:02:06.0928 0x0cb8 KSecDD - ok
16:02:06.0990 0x0cb8 [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:02:07.0026 0x0cb8 KtmRm - ok
16:02:07.0078 0x0cb8 [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\System32\srvsvc.dll
16:02:07.0090 0x0cb8 LanmanServer - ok
16:02:07.0185 0x0cb8 [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:02:07.0202 0x0cb8 LanmanWorkstation - ok
16:02:07.0267 0x0cb8 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:02:07.0273 0x0cb8 lltdio - ok
16:02:07.0315 0x0cb8 [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:02:07.0329 0x0cb8 lltdsvc - ok
16:02:07.0367 0x0cb8 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:02:07.0371 0x0cb8 lmhosts - ok
16:02:07.0404 0x0cb8 [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:02:07.0412 0x0cb8 LSI_FC - ok
16:02:07.0435 0x0cb8 [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:02:07.0442 0x0cb8 LSI_SAS - ok
16:02:07.0472 0x0cb8 [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:02:07.0480 0x0cb8 LSI_SCSI - ok
16:02:07.0502 0x0cb8 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
16:02:07.0514 0x0cb8 luafv - ok
16:02:07.0547 0x0cb8 [ 3BD2AD18179DEAD6652E87157FB98E4A, 66416F10BF5E29CA8E47D8DB8A906164669C722EDF985598A605C096A92A87AF ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:02:07.0554 0x0cb8 Mcx2Svc - ok
16:02:07.0591 0x0cb8 [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas C:\Windows\system32\drivers\megasas.sys
16:02:07.0596 0x0cb8 megasas - ok
16:02:07.0655 0x0cb8 [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR C:\Windows\system32\drivers\megasr.sys
16:02:07.0689 0x0cb8 MegaSR - ok
16:02:07.0716 0x0cb8 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
16:02:07.0723 0x0cb8 MMCSS - ok
16:02:07.0756 0x0cb8 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
16:02:07.0761 0x0cb8 Modem - ok
16:02:07.0792 0x0cb8 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:02:07.0797 0x0cb8 monitor - ok
16:02:07.0820 0x0cb8 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:02:07.0824 0x0cb8 mouclass - ok
16:02:07.0866 0x0cb8 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\drivers\mouhid.sys
16:02:07.0870 0x0cb8 mouhid - ok
16:02:07.0902 0x0cb8 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:02:07.0908 0x0cb8 MountMgr - ok
16:02:07.0975 0x0cb8 [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:02:07.0985 0x0cb8 MozillaMaintenance - ok
16:02:08.0009 0x0cb8 [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio C:\Windows\system32\drivers\mpio.sys
16:02:08.0018 0x0cb8 mpio - ok
16:02:08.0069 0x0cb8 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:02:08.0075 0x0cb8 mpsdrv - ok
16:02:08.0163 0x0cb8 [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:02:08.0220 0x0cb8 MpsSvc - ok
16:02:08.0254 0x0cb8 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:02:08.0260 0x0cb8 Mraid35x - ok
16:02:08.0297 0x0cb8 [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:02:08.0306 0x0cb8 MRxDAV - ok
16:02:08.0353 0x0cb8 [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:02:08.0363 0x0cb8 mrxsmb - ok
16:02:08.0422 0x0cb8 [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:02:08.0436 0x0cb8 mrxsmb10 - ok
16:02:08.0461 0x0cb8 [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:02:08.0468 0x0cb8 mrxsmb20 - ok
16:02:08.0507 0x0cb8 [ 5457DCFA7C0DA43522F4D9D4049C1472, C8B0FD8F96E4FC5CB4B74D5968E808F44B4371F0A797B1D368E6A6080CB862FD ] msahci C:\Windows\system32\drivers\msahci.sys
16:02:08.0511 0x0cb8 msahci - ok
16:02:08.0551 0x0cb8 [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:02:08.0559 0x0cb8 msdsm - ok
16:02:08.0601 0x0cb8 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
16:02:08.0613 0x0cb8 MSDTC - ok
16:02:08.0661 0x0cb8 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:02:08.0670 0x0cb8 Msfs - ok
16:02:08.0703 0x0cb8 [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:02:08.0707 0x0cb8 msisadrv - ok
16:02:08.0757 0x0cb8 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:02:08.0767 0x0cb8 MSiSCSI - ok
16:02:08.0798 0x0cb8 msiserver - ok
16:02:08.0836 0x0cb8 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:02:08.0839 0x0cb8 MSKSSRV - ok
16:02:08.0853 0x0cb8 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:02:08.0857 0x0cb8 MSPCLOCK - ok
16:02:08.0871 0x0cb8 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:02:08.0874 0x0cb8 MSPQM - ok
16:02:08.0946 0x0cb8 [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:02:08.0958 0x0cb8 MsRPC - ok
16:02:08.0989 0x0cb8 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:02:08.0993 0x0cb8 mssmbios - ok
16:02:09.0013 0x0cb8 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:02:09.0017 0x0cb8 MSTEE - ok
16:02:09.0049 0x0cb8 [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys
16:02:09.0055 0x0cb8 Mup - ok
16:02:09.0146 0x0cb8 [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll
16:02:09.0203 0x0cb8 napagent - ok
16:02:09.0308 0x0cb8 [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:02:09.0319 0x0cb8 NativeWifiP - ok
16:02:09.0396 0x0cb8 [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:02:09.0470 0x0cb8 NDIS - ok
16:02:09.0484 0x0cb8 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:02:09.0488 0x0cb8 NdisTapi - ok
16:02:09.0522 0x0cb8 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:02:09.0531 0x0cb8 Ndisuio - ok
16:02:09.0597 0x0cb8 [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:02:09.0609 0x0cb8 NdisWan - ok
16:02:09.0647 0x0cb8 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:02:09.0657 0x0cb8 NDProxy - ok
16:02:09.0693 0x0cb8 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:02:09.0701 0x0cb8 NetBIOS - ok
16:02:09.0763 0x0cb8 [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:02:09.0776 0x0cb8 netbt - ok
16:02:09.0801 0x0cb8 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe
16:02:09.0804 0x0cb8 Netlogon - ok
16:02:09.0852 0x0cb8 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
16:02:09.0875 0x0cb8 Netman - ok
16:02:09.0913 0x0cb8 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
16:02:09.0930 0x0cb8 netprofm - ok
16:02:09.0982 0x0cb8 [ D6C4E4A39A36029AC0813D476FBD0248, A0907D98580D1CD3007365CBBB53E84BEF39001E05912776F68EB0564B54B6EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:02:10.0014 0x0cb8 NetTcpPortSharing - ok
16:02:10.0056 0x0cb8 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:02:10.0061 0x0cb8 nfrd960 - ok
16:02:10.0111 0x0cb8 [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll
16:02:10.0125 0x0cb8 NlaSvc - ok
16:02:10.0175 0x0cb8 [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:02:10.0180 0x0cb8 Npfs - ok
16:02:10.0203 0x0cb8 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
16:02:10.0209 0x0cb8 nsi - ok
16:02:10.0220 0x0cb8 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:02:10.0232 0x0cb8 nsiproxy - ok
16:02:10.0359 0x0cb8 [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:02:10.0447 0x0cb8 Ntfs - ok
16:02:10.0477 0x0cb8 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
16:02:10.0489 0x0cb8 ntrigdigi - ok
16:02:10.0521 0x0cb8 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
16:02:10.0525 0x0cb8 Null - ok
16:02:10.0555 0x0cb8 [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:02:10.0565 0x0cb8 nvraid - ok
16:02:10.0592 0x0cb8 [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:02:10.0598 0x0cb8 nvstor - ok
16:02:10.0624 0x0cb8 [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:02:10.0633 0x0cb8 nv_agp - ok
16:02:10.0654 0x0cb8 NwlnkFlt - ok
16:02:10.0668 0x0cb8 NwlnkFwd - ok
16:02:10.0708 0x0cb8 [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:02:10.0714 0x0cb8 ohci1394 - ok
16:02:10.0787 0x0cb8 [ B7EDD9FD6387802DFAA795372AECF212, 53E8EACC9CD678BC4FFBD22A0F463A7834B1E68D2741518C65CC8883757CD912 ] OsdService C:\Program Files\OEM\OSD_1.2\OsdService.exe
16:02:10.0805 0x0cb8 OsdService - ok
16:02:10.0872 0x0cb8 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:02:10.0880 0x0cb8 ose - ok
16:02:10.0980 0x0cb8 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:02:11.0026 0x0cb8 p2pimsvc - ok
16:02:11.0096 0x0cb8 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll
16:02:11.0129 0x0cb8 p2psvc - ok
16:02:11.0266 0x0cb8 [ 8A79FDF04A73428597E2CAF9D0D67850, DB438FDE5510AB2F350ED1AC4CF0E99D3CC665FE46533A438A8FDA4DAF950F93 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:02:11.0274 0x0cb8 Parport - ok
16:02:11.0337 0x0cb8 [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:02:11.0344 0x0cb8 partmgr - ok
16:02:11.0375 0x0cb8 [ 6C580025C81CAF3AE9E3617C22CAD00E, 64F9061196462085E5DCD3ACB97A0D8FC67CA9A96DDD6E2103AFFF1593AE236A ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
16:02:11.0378 0x0cb8 Parvdm - ok
16:02:11.0434 0x0cb8 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
16:02:11.0440 0x0cb8 PcaSvc - ok
16:02:11.0493 0x0cb8 [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys
16:02:11.0505 0x0cb8 pci - ok
16:02:11.0527 0x0cb8 [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide C:\Windows\system32\drivers\pciide.sys
16:02:11.0531 0x0cb8 pciide - ok
16:02:11.0571 0x0cb8 [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:02:11.0584 0x0cb8 pcmcia - ok
16:02:11.0662 0x0cb8 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:02:11.0737 0x0cb8 PEAUTH - ok
16:02:11.0880 0x0cb8 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
16:02:11.0982 0x0cb8 pla - ok
16:02:12.0061 0x0cb8 [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:02:12.0079 0x0cb8 PlugPlay - ok
16:02:12.0147 0x0cb8 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:02:12.0180 0x0cb8 PNRPAutoReg - ok
16:02:12.0246 0x0cb8 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:02:12.0280 0x0cb8 PNRPsvc - ok
16:02:12.0328 0x0cb8 [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:02:12.0363 0x0cb8 PolicyAgent - ok
16:02:12.0408 0x0cb8 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:02:12.0414 0x0cb8 PptpMiniport - ok
16:02:12.0439 0x0cb8 [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor C:\Windows\system32\drivers\processr.sys
16:02:12.0444 0x0cb8 Processor - ok
16:02:12.0511 0x0cb8 [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc C:\Windows\system32\profsvc.dll
16:02:12.0525 0x0cb8 ProfSvc - ok
16:02:12.0545 0x0cb8 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
16:02:12.0548 0x0cb8 ProtectedStorage - ok
16:02:12.0717 0x0cb8 [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:02:12.0778 0x0cb8 PSched - ok
16:02:12.0993 0x0cb8 [ 9CCF89372C5A04E97CD89B58AE697796, 4156C2C7726E2DF794E2CEEDD944218D536D445F05C8513D9BD44F575F136971 ] qcusbser C:\Windows\system32\DRIVERS\qcusbser.sys
16:02:13.0080 0x0cb8 qcusbser - ok
16:02:13.0607 0x0cb8 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:02:14.0142 0x0cb8 ql2300 - ok
16:02:14.0231 0x0cb8 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:02:14.0240 0x0cb8 ql40xx - ok
16:02:14.0337 0x0cb8 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
16:02:14.0393 0x0cb8 QWAVE - ok
16:02:14.0457 0x0cb8 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:02:14.0461 0x0cb8 QWAVEdrv - ok
16:02:14.0570 0x0cb8 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:02:14.0574 0x0cb8 RasAcd - ok
16:02:14.0641 0x0cb8 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
16:02:14.0650 0x0cb8 RasAuto - ok
16:02:14.0734 0x0cb8 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:02:14.0746 0x0cb8 Rasl2tp - ok
16:02:14.0824 0x0cb8 [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll
16:02:14.0845 0x0cb8 RasMan - ok
16:02:14.0900 0x0cb8 [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:02:14.0906 0x0cb8 RasPppoe - ok
16:02:14.0967 0x0cb8 [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:02:14.0975 0x0cb8 RasSstp - ok
16:02:15.0047 0x0cb8 [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:02:15.0063 0x0cb8 rdbss - ok
16:02:15.0115 0x0cb8 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:02:15.0119 0x0cb8 RDPCDD - ok
16:02:15.0180 0x0cb8 [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:02:15.0196 0x0cb8 rdpdr - ok
16:02:15.0235 0x0cb8 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:02:15.0239 0x0cb8 RDPENCDD - ok
16:02:15.0333 0x0cb8 [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:02:15.0346 0x0cb8 RDPWD - ok
16:02:15.0440 0x0cb8 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
16:02:15.0448 0x0cb8 RemoteAccess - ok
16:02:15.0511 0x0cb8 [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:02:15.0521 0x0cb8 RemoteRegistry - ok
16:02:15.0573 0x0cb8 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
16:02:15.0593 0x0cb8 RpcLocator - ok
16:02:15.0671 0x0cb8 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\System32\rpcss.dll
16:02:15.0716 0x0cb8 RpcSs - ok
16:02:15.0751 0x0cb8 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:02:15.0758 0x0cb8 rspndr - ok
16:02:15.0810 0x0cb8 [ 2FC33077F85D7DC0D03678C06D43898C, 2C1EAE33E6BBDBEDC6A9D987891DCE34FC9E0FA79CBB1162704AEBBD46319BC0 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
16:02:15.0819 0x0cb8 RTL8169 - ok
16:02:15.0872 0x0cb8 [ 918068C01C1CE0258E64BB586385745C, D52EBCE7F18B19D2F4755DDC7DA072C67A5116D92832A43860D673F89B466E8B ] RTL8187Se C:\Windows\system32\DRIVERS\RTL8187Se.sys
16:02:15.0907 0x0cb8 RTL8187Se - ok
16:02:15.0963 0x0cb8 [ 830B682CB24206F457EA8A617605209F, D8EA85CA64CC10C5D6E906B15E5FB8EB04470718D254F3C3E6A37DE3C0291444 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
16:02:15.0970 0x0cb8 RTSTOR - ok
16:02:15.0989 0x0cb8 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe
16:02:15.0993 0x0cb8 SamSs - ok
16:02:16.0033 0x0cb8 [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:02:16.0041 0x0cb8 sbp2port - ok
16:02:16.0129 0x0cb8 [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:02:16.0139 0x0cb8 SCardSvr - ok
16:02:16.0388 0x0cb8 [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll
16:02:16.0452 0x0cb8 Schedule - ok
16:02:16.0475 0x0cb8 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll
16:02:16.0479 0x0cb8 SCPolicySvc - ok
16:02:16.0515 0x0cb8 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:02:16.0533 0x0cb8 SDRSVC - ok
16:02:16.0558 0x0cb8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:02:16.0563 0x0cb8 secdrv - ok
16:02:16.0591 0x0cb8 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
16:02:16.0597 0x0cb8 seclogon - ok
16:02:16.0621 0x0cb8 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\system32\sens.dll
16:02:16.0628 0x0cb8 SENS - ok
16:02:16.0673 0x0cb8 [ CE9EC966638EF0B10B864DDEDF62A099, 2DEC5A8C947D87C12B342F15B8A552A0D49B979A2AC32D2C97FC7A3A76C34524 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:02:16.0678 0x0cb8 Serenum - ok
16:02:16.0728 0x0cb8 [ 6D663022DB3E7058907784AE14B69898, 54263888C64A7F010D3B5E399369B0F3FF3AF0A0DE8ADB502B98277533E4D45F ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:02:16.0736 0x0cb8 Serial - ok
16:02:16.0780 0x0cb8 [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:02:16.0784 0x0cb8 sermouse - ok
16:02:16.0840 0x0cb8 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
16:02:16.0850 0x0cb8 SessionEnv - ok
16:02:16.0873 0x0cb8 [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:02:16.0877 0x0cb8 sffdisk - ok
16:02:16.0905 0x0cb8 [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:02:16.0908 0x0cb8 sffp_mmc - ok
16:02:16.0955 0x0cb8 [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:02:16.0959 0x0cb8 sffp_sd - ok
16:02:16.0984 0x0cb8 [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:02:16.0988 0x0cb8 sfloppy - ok
16:02:17.0046 0x0cb8 [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:02:17.0103 0x0cb8 SharedAccess - ok
16:02:17.0176 0x0cb8 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:02:17.0195 0x0cb8 ShellHWDetection - ok
16:02:17.0229 0x0cb8 [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:02:17.0236 0x0cb8 sisagp - ok
16:02:17.0273 0x0cb8 [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:02:17.0279 0x0cb8 SiSRaid2 - ok
16:02:17.0318 0x0cb8 [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:02:17.0325 0x0cb8 SiSRaid4 - ok
16:02:17.0593 0x0cb8 [ 9F712B26EE3B0242DE997A42FD302E2C, 12663EB108F158282A965EE70980627C2F2332BA7944D7DE03B78E18BEB87D26 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:02:17.0834 0x0cb8 Skype C2C Service - ok
16:02:18.0150 0x0cb8 [ 7C15061CD0372487903B07B9BB03AFAD, FB96CDA29C7C1E8A315BA89E8B150918E59F32CE749D3EF43FCBEB3FB57BF1C6 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:02:18.0234 0x0cb8 SkypeUpdate - ok
16:02:19.0128 0x0cb8 [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe
16:02:20.0633 0x0cb8 slsvc - ok
16:02:20.0739 0x0cb8 [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:02:20.0764 0x0cb8 SLUINotify - ok
16:02:20.0836 0x0cb8 [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:02:20.0865 0x0cb8 Smb - ok
16:02:20.0963 0x0cb8 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:02:20.0968 0x0cb8 SNMPTRAP - ok
16:02:20.0999 0x0cb8 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
16:02:21.0004 0x0cb8 spldr - ok
16:02:21.0062 0x0cb8 [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe
16:02:21.0084 0x0cb8 Spooler - ok
16:02:21.0194 0x0cb8 [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys
16:02:21.0233 0x0cb8 srv - ok
16:02:21.0379 0x0cb8 [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:02:21.0438 0x0cb8 srv2 - ok
16:02:21.04760 -
aswMBR is stil running, but there were 3 Trojans found by AVG in this time.
I clicked option on AVG to remove it and it did.
I see there are some files listed in aswMBR screen, I'll post when it completes.0 -
Advertisement
-
Found something:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-01 16:07:14
16:07:14.522 OS Version: Windows 6.0.6002 Service Pack 2
16:07:14.522 Number of processors: 2 586 0xF0D
16:07:14.525 ComputerName: LAPTOP-PC UserName: Laptop
16:07:20.770 Initialize success
16:23:04.596 The log file has been saved successfully to "C:\Users\Laptop\Documents\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-01 16:07:14
16:07:14.522 OS Version: Windows 6.0.6002 Service Pack 2
16:07:14.522 Number of processors: 2 586 0xF0D
16:07:14.525 ComputerName: LAPTOP-PC UserName: Laptop
16:07:20.770 Initialize success
16:23:04.596 The log file has been saved successfully to "C:\Users\Laptop\Documents\aswMBR.txt"
16:25:33.002 AVAST engine defs: 14010100
16:34:01.761 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:34:01.855 Disk 0 Vendor: FUJITSU_MHZ2160BH 00000009 Size: 152627MB BusType: 3
16:34:02.445 Disk 0 MBR read successfully
16:34:02.451 Disk 0 MBR scan
16:34:03.878 Disk 0 Windows VISTA default MBR code
16:34:03.917 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9500 MB offset 2048
16:34:04.451 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 19458048
16:34:04.548 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 141625 MB offset 22530048
16:34:04.681 Disk 0 scanning sectors +312578048
16:34:05.498 Disk 0 scanning C:\Windows\system32\drivers
16:35:20.421 Service scanning
16:37:47.988 Modules scanning
16:38:28.037 Disk 0 trace - called modules:
16:38:28.103 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
16:38:28.116 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85db6ac8]
16:38:28.128 3 CLASSPNP.SYS[83ba38b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x849408a0]
16:38:45.849 AVAST engine scan C:\Windows
16:38:53.710 AVAST engine scan C:\Windows\system32
16:50:05.008 AVAST engine scan C:\Windows\system32\drivers
16:50:54.807 AVAST engine scan C:\Users\Laptop
16:59:53.795 File: C:\Users\Laptop\AppData\Local\temp\chrome.exe **INFECTED** Win32:Dropper-gen [Drp]
16:59:58.138 File: C:\Users\Laptop\AppData\Local\temp\kgtdohfp.exe **INFECTED** Win32:Dropper-gen [Drp]
17:00:16.737 File: C:\Users\Laptop\AppData\Local\temp\msotuo.bat **INFECTED** Win32:Malware-gen
17:01:25.766 File: C:\Users\Laptop\AppData\Local\temp\~tmf2866005090776815605.tmp **INFECTED** Win32:Malware-gen
17:01:26.057 File: C:\Users\Laptop\AppData\Local\temp\~tmf3907897545022973279.tmp **INFECTED** Win32:Malware-gen
17:09:48.030 AVAST engine scan C:\ProgramData
17:17:11.094 Scan finished successfully
17:20:30.009 Disk 0 MBR has been saved successfully to "C:\Users\Laptop\Documents\MBR.dat"
17:20:30.097 The log file has been saved successfully to "C:\Users\Laptop\Documents\aswMBR.txt"0 -
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please copy and paste log back here.
- The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
0 -
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-12-2013
Ran by Laptop (administrator) on LAPTOP-PC on 01-01-2014 18:02:36
Running from C:\Users\Laptop\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
() C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(TODO: <公司名稱>) C:\Program Files\OEM\OSD_1.2\OsdService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\Spare Messaging\MessagingApp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Mobilni Internet\ModemListener.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(The TechGuys) C:\Program Files\The TechGuys\Launch\Launch.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(ODM) C:\Program Files\OEM\OSD_1.2\osd.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\Program Files\Broadband to go\Broadband to go.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
() C:\Users\Laptop\AppData\Local\temp\008e3d40.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6139904 2008-05-07] (Realtek Semiconductor)
HKLM\...\Run: [SpareMessaging] - C:\Program Files\Spare Messaging\MessagingApp.exe [42824 2007-11-28] ()
HKLM\...\Run: [ModemListener] - C:\Program Files\Mobilni Internet\ModemListener.exe [98304 2010-07-12] ()
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Skytel] - C:\Windows\SkyTel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF"&"inst=NzctNjMyNzYyMjI3LVBMKzktWE8zNisxLU4xRCsxLVFJWDErNC1YMjAxMCsyLUZMMTArMS1MSUMrODgtU1AxKzEtU1AxVEIrMS1TUDFTMisxLVNVRCsxLVMxSSsxLVNVMysxLUxTRCsyLUREVCsw"&"prod=90"&"ver=10.0.1382
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [135680 2008-07-17] (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-09-12] (Google Inc.)
HKCU\...\CurrentVersion\Windows: [Load] C:\Users\Laptop\LOCALS~1\Temp\msotuo.bat <===== ATTENTION
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGI
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKCU - {4186E915-6684-410A-A99C-66AF1C7C2FBF} URL = http://search.avg.com/?d=4e04ea29&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGI_en-GBIE398
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {73848533-39E1-49F1-9363-28054268C094} https://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} https://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{B69C798C-C9E4-4294-9585-642735622220}: [NameServer]212.129.64.220 212.129.64.221
FireFox:
========
FF ProfilePath: C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default
FF SelectedSearchEngine: search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: The Camelizer - Amazon Price Tracker - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\Extensions\izer@camelcamelcamel.com.xpi
FF Extension: Property Bee - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\Extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
CHR Extension: (Google Wallet) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
========================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 DeviceManager; C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe [40960 2010-06-17] ()
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] ()
R2 OsdService; C:\Program Files\OEM\OSD_1.2\OsdService.exe [94208 2008-02-22] (TODO: <公司名稱>)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S2 vToolbarUpdater17.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]
==================== Drivers (Whitelisted) ====================
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-10] (AVG Technologies)
R3 GpdDevDPort; C:\Windows\system32\directport.sys [7168 2008-05-21] ()
R3 GpdKbFilter; C:\Windows\system32\kbfiltr.sys [8192 2008-04-22] (Windows (R) Codename Longhorn DDK provider)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [89984 2011-01-13] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [64128 2011-01-13] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2011-01-13] (Huawei Technologies Co., Ltd.)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2008-12-30] (Huawei Technologies Co., Ltd.)
S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2008-01-21] (Microsoft Corporation)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [103552 2010-06-17] (TCT International Mobile Ltd)
R3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [331776 2008-07-10] (Realtek Semiconductor Corporation )
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [197504 2009-07-22] (Sierra Wireless Inc.)
S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [148992 2009-07-22] (Sierra Wireless Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 swmsflt; \SystemRoot\System32\drivers\swmsflt.sys [x]
S3 SWUMX20; system32\DRIVERS\swumx20.sys [x]
U3 aswMBR; \??\C:\Users\Laptop\AppData\Local\Temp\aswMBR.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-01 18:07 - 2014-01-01 18:07 - 00000000 _____ C:\Users\Laptop\AppData\Roaming\system.ini
2014-01-01 18:05 - 2014-01-01 17:59 - 00329216 __RSH C:\ProgramData\819827392234.exe
2014-01-01 18:04 - 2014-01-01 18:07 - 00000216 _____ C:\Users\Laptop\AppData\Roaming\msconfig.ini
2014-01-01 18:03 - 2014-01-01 18:05 - 00000000 ___HD C:\ProgramData\COMHOST
2014-01-01 18:02 - 2014-01-01 18:07 - 00017702 _____ C:\Users\Laptop\Desktop\FRST.txt
2014-01-01 18:02 - 2014-01-01 18:02 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\WinRAR
2014-01-01 17:58 - 2014-01-01 17:58 - 00000000 ____D C:\FRST
2014-01-01 17:56 - 2014-01-01 17:51 - 01064333 _____ (Farbar) C:\Users\Laptop\Desktop\FRST.exe
2014-01-01 17:51 - 2014-01-01 17:51 - 01064333 _____ (Farbar) C:\Users\Laptop\Downloads\FRST.exe
2014-01-01 17:20 - 2014-01-01 17:20 - 00000512 _____ C:\Users\Laptop\Documents\MBR.dat
2014-01-01 16:23 - 2014-01-01 17:20 - 00003065 _____ C:\Users\Laptop\Documents\aswMBR.txt
2014-01-01 16:00 - 2014-01-01 16:06 - 00175754 _____ C:\Users\Laptop\Downloads\report.txt
2014-01-01 15:45 - 2014-01-01 15:45 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Laptop\Downloads\tdsskiller.exe
2014-01-01 15:42 - 2014-01-01 15:43 - 04745728 _____ (AVAST Software) C:\Users\Laptop\Downloads\aswMBR.exe
2014-01-01 10:58 - 2014-01-01 10:58 - 00072696 _____ C:\Users\Laptop\Desktop\OTL-after.Txt
2014-01-01 10:52 - 2014-01-01 10:52 - 00146136 _____ C:\Windows\Minidump\Mini010114-01.dmp
2014-01-01 10:51 - 2014-01-01 10:51 - 139320433 _____ C:\Windows\MEMORY.DMP
2014-01-01 09:50 - 2014-01-01 09:50 - 00072696 _____ C:\Users\Laptop\Downloads\OTL-after.Txt
2014-01-01 09:26 - 2014-01-01 09:26 - 00001392 _____ C:\Users\Laptop\Desktop\Adw.txt
2014-01-01 04:52 - 2014-01-01 04:52 - 00000104 _____ C:\Users\Laptop\Desktop\Recycle Bin - Shortcut.lnk
2014-01-01 04:50 - 2014-01-01 04:50 - 00070982 _____ C:\Users\Laptop\Desktop\OTL-before.Txt
2014-01-01 03:34 - 2014-01-01 03:34 - 00000495 _____ C:\Users\Laptop\Desktop\OTL - Shortcut.lnk
2014-01-01 03:33 - 2014-01-01 03:33 - 00000536 _____ C:\Users\Laptop\Desktop\AdwCleaner - Shortcut.lnk
2014-01-01 02:37 - 2014-01-01 02:37 - 00001564 _____ C:\Users\Laptop\Desktop\Computer.lnk
2014-01-01 02:36 - 2014-01-01 02:36 - 00000288 _____ C:\Users\Laptop\AppData\Roaming\76278BBE.reg
2014-01-01 02:13 - 2014-01-01 03:22 - 00000000 ____D C:\Users\Laptop\AppData\Local\{E223DA60-E642-818A-1CC6-4EB4FC1AB41C}
2014-01-01 00:47 - 2014-01-01 00:47 - 00010970 _____ C:\ComboFix.txt
2014-01-01 00:19 - 2014-01-01 00:47 - 00000000 ____D C:\ComboFix
2014-01-01 00:19 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-01 00:19 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-01 00:19 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-01 00:19 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-01 00:19 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-01 00:19 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-01 00:19 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-01 00:19 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-01 00:15 - 2014-01-01 00:47 - 00000000 ____D C:\Qoobox
2014-01-01 00:13 - 2014-01-01 00:45 - 00000000 ____D C:\Windows\erdnt
2014-01-01 00:02 - 2014-01-01 00:03 - 05160176 ____R (Swearware) C:\Users\Laptop\Desktop\ComboFix.exe
2013-12-31 21:42 - 2013-12-31 21:42 - 00000512 _____ C:\PhysicalMBR.bin
2013-12-31 17:36 - 2013-12-31 17:36 - 00000000 ____D C:\_OTL
2013-12-31 17:21 - 2014-01-01 09:23 - 00000000 ____D C:\AdwCleaner
2013-12-31 15:56 - 2013-12-31 15:56 - 01233962 _____ C:\Users\Laptop\Downloads\AdwCleaner.exe
2013-12-31 01:29 - 2013-12-31 01:29 - 00035056 _____ C:\Users\Laptop\Downloads\Extras.Txt
2013-12-31 01:23 - 2014-01-01 09:49 - 00072696 _____ C:\Users\Laptop\Downloads\OTL.Txt
2013-12-30 23:14 - 2013-12-30 23:14 - 00602112 _____ (OldTimer Tools) C:\Users\Laptop\Downloads\OTL.exe
2013-12-30 19:06 - 2013-12-30 19:07 - 00000000 ____D C:\Users\Laptop\AppData\Local\dumps
2013-12-30 01:01 - 2014-01-01 03:16 - 00004328 _____ C:\Windows\PFRO.log
2013-12-30 00:13 - 2013-12-30 00:13 - 00000871 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-21 01:24 - 2013-12-21 01:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-12 02:37 - 2013-11-14 23:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 02:37 - 2013-11-14 22:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 02:37 - 2013-11-14 22:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 02:37 - 2013-11-14 22:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 02:37 - 2013-11-14 22:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 02:37 - 2013-11-14 22:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 02:37 - 2013-11-14 22:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-12 02:37 - 2013-11-14 22:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 02:37 - 2013-11-14 22:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-12 02:37 - 2013-11-14 22:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-12 02:37 - 2013-11-14 22:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 02:37 - 2013-11-14 22:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-12 02:37 - 2013-11-14 22:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 02:37 - 2013-11-14 22:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-12 02:37 - 2013-11-14 22:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 02:37 - 2013-11-14 22:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 00:33 - 2013-10-30 02:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2013-12-12 00:33 - 2013-10-30 01:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 00:33 - 2013-10-30 00:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-12 00:32 - 2013-10-11 02:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 00:32 - 2013-10-11 02:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 00:32 - 2013-10-11 02:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
2013-12-12 00:32 - 2013-10-11 00:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 00:32 - 2013-10-11 00:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 00:31 - 2013-10-30 00:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 00:30 - 2013-10-22 07:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
==================== One Month Modified Files and Folders =======
2014-01-01 18:07 - 2014-01-01 18:07 - 00000000 _____ C:\Users\Laptop\AppData\Roaming\system.ini
2014-01-01 18:07 - 2014-01-01 18:04 - 00000216 _____ C:\Users\Laptop\AppData\Roaming\msconfig.ini
2014-01-01 18:07 - 2014-01-01 18:02 - 00017702 _____ C:\Users\Laptop\Desktop\FRST.txt
2014-01-01 18:06 - 2012-07-18 20:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-01 18:05 - 2014-01-01 18:03 - 00000000 ___HD C:\ProgramData\COMHOST
2014-01-01 18:02 - 2014-01-01 18:02 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\WinRAR
2014-01-01 17:59 - 2014-01-01 18:05 - 00329216 __RSH C:\ProgramData\819827392234.exe
2014-01-01 17:58 - 2014-01-01 17:58 - 00000000 ____D C:\FRST
2014-01-01 17:51 - 2014-01-01 17:56 - 01064333 _____ (Farbar) C:\Users\Laptop\Desktop\FRST.exe
2014-01-01 17:51 - 2014-01-01 17:51 - 01064333 _____ (Farbar) C:\Users\Laptop\Downloads\FRST.exe
2014-01-01 17:24 - 2006-11-02 12:47 - 00005184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-01 17:24 - 2006-11-02 12:47 - 00005184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-01 17:20 - 2014-01-01 17:20 - 00000512 _____ C:\Users\Laptop\Documents\MBR.dat
2014-01-01 17:20 - 2014-01-01 16:23 - 00003065 _____ C:\Users\Laptop\Documents\aswMBR.txt
2014-01-01 17:17 - 2010-09-28 23:10 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-01 17:10 - 2010-10-24 09:20 - 00000000 ____D C:\ProgramData\MFAData
2014-01-01 17:06 - 2010-09-19 17:29 - 01529444 _____ C:\Windows\WindowsUpdate.log
2014-01-01 16:06 - 2014-01-01 16:00 - 00175754 _____ C:\Users\Laptop\Downloads\report.txt
2014-01-01 15:45 - 2014-01-01 15:45 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Laptop\Downloads\tdsskiller.exe
2014-01-01 15:43 - 2014-01-01 15:42 - 04745728 _____ (AVAST Software) C:\Users\Laptop\Downloads\aswMBR.exe
2014-01-01 13:18 - 2006-11-02 12:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2014-01-01 13:17 - 2010-09-28 23:10 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-01 13:16 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-01 11:30 - 2006-11-02 13:01 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-01 10:58 - 2014-01-01 10:58 - 00072696 _____ C:\Users\Laptop\Desktop\OTL-after.Txt
2014-01-01 10:52 - 2014-01-01 10:52 - 00146136 _____ C:\Windows\Minidump\Mini010114-01.dmp
2014-01-01 10:52 - 2011-02-07 01:44 - 00000000 ____D C:\Windows\Minidump
2014-01-01 10:51 - 2014-01-01 10:51 - 139320433 _____ C:\Windows\MEMORY.DMP
2014-01-01 09:50 - 2014-01-01 09:50 - 00072696 _____ C:\Users\Laptop\Downloads\OTL-after.Txt
2014-01-01 09:49 - 2013-12-31 01:23 - 00072696 _____ C:\Users\Laptop\Downloads\OTL.Txt
2014-01-01 09:47 - 2006-11-02 10:33 - 00740680 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-01 09:26 - 2014-01-01 09:26 - 00001392 _____ C:\Users\Laptop\Desktop\Adw.txt
2014-01-01 09:23 - 2013-12-31 17:21 - 00000000 ____D C:\AdwCleaner
2014-01-01 04:52 - 2014-01-01 04:52 - 00000104 _____ C:\Users\Laptop\Desktop\Recycle Bin - Shortcut.lnk
2014-01-01 04:50 - 2014-01-01 04:50 - 00070982 _____ C:\Users\Laptop\Desktop\OTL-before.Txt
2014-01-01 03:54 - 2010-09-27 19:21 - 00000000 ____D C:\Mirjana
2014-01-01 03:34 - 2014-01-01 03:34 - 00000495 _____ C:\Users\Laptop\Desktop\OTL - Shortcut.lnk
2014-01-01 03:33 - 2014-01-01 03:33 - 00000536 _____ C:\Users\Laptop\Desktop\AdwCleaner - Shortcut.lnk
2014-01-01 03:23 - 2013-09-25 21:34 - 00000000 ____D C:\ProgramData\AVG2014
2014-01-01 03:22 - 2014-01-01 02:13 - 00000000 ____D C:\Users\Laptop\AppData\Local\{E223DA60-E642-818A-1CC6-4EB4FC1AB41C}
2014-01-01 03:16 - 2013-12-30 01:01 - 00004328 _____ C:\Windows\PFRO.log
2014-01-01 03:16 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\schemas
2014-01-01 02:37 - 2014-01-01 02:37 - 00001564 _____ C:\Users\Laptop\Desktop\Computer.lnk
2014-01-01 02:36 - 2014-01-01 02:36 - 00000288 _____ C:\Users\Laptop\AppData\Roaming\76278BBE.reg
2014-01-01 00:47 - 2014-01-01 00:47 - 00010970 _____ C:\ComboFix.txt
2014-01-01 00:47 - 2014-01-01 00:19 - 00000000 ____D C:\ComboFix
2014-01-01 00:47 - 2014-01-01 00:15 - 00000000 ____D C:\Qoobox
2014-01-01 00:47 - 2006-11-02 11:18 - 00000000 ___RD C:\Users\Public
2014-01-01 00:45 - 2014-01-01 00:13 - 00000000 ____D C:\Windows\erdnt
2014-01-01 00:43 - 2006-11-02 10:23 - 00000215 _____ C:\Windows\system.ini
2014-01-01 00:03 - 2014-01-01 00:02 - 05160176 ____R (Swearware) C:\Users\Laptop\Desktop\ComboFix.exe
2013-12-31 21:42 - 2013-12-31 21:42 - 00000512 _____ C:\PhysicalMBR.bin
2013-12-31 17:36 - 2013-12-31 17:36 - 00000000 ____D C:\_OTL
2013-12-31 15:56 - 2013-12-31 15:56 - 01233962 _____ C:\Users\Laptop\Downloads\AdwCleaner.exe
2013-12-31 01:29 - 2013-12-31 01:29 - 00035056 _____ C:\Users\Laptop\Downloads\Extras.Txt
2013-12-30 23:14 - 2013-12-30 23:14 - 00602112 _____ (OldTimer Tools) C:\Users\Laptop\Downloads\OTL.exe
2013-12-30 21:41 - 2011-12-26 20:41 - 00000742 _____ C:\Users\Laptop\Desktop\pesme.txt
2013-12-30 19:07 - 2013-12-30 19:06 - 00000000 ____D C:\Users\Laptop\AppData\Local\dumps
2013-12-30 02:27 - 2006-11-02 12:37 - 00000000 ____D C:\Windows\twain_32
2013-12-30 00:13 - 2013-12-30 00:13 - 00000871 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-30 00:13 - 2010-11-21 01:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-21 15:43 - 2012-04-26 20:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-21 01:26 - 2013-12-21 01:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-20 02:47 - 2010-09-19 17:33 - 00000000 ____D C:\Users\Laptop
2013-12-12 21:41 - 2013-05-05 22:44 - 00000000 ___RD C:\Program Files\Skype
2013-12-12 02:47 - 2006-11-02 10:23 - 00000240 _____ C:\Windows\win.ini
2013-12-12 02:44 - 2013-07-14 01:33 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 02:40 - 2006-11-02 10:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-10 22:10 - 2012-07-18 20:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-10 22:10 - 2011-05-21 16:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 10:22 - 2008-09-12 17:29 - 00000000 ____D C:\Program Files\Google
2013-12-05 21:37 - 2011-12-27 00:21 - 00001936 _____ C:\Users\Public\Desktop\Google Chrome.lnk
Files to move or delete:
====================
C:\Users\Laptop\AppData\Roaming\system.ini
C:\ProgramData\819827392234.exe
C:\Users\Laptop\avgremover.exe
C:\Users\Laptop\avg_free_x86_all_2011_1120a3152.exe
C:\Users\Laptop\ccsetup236.exe
C:\Users\Laptop\mbam-setup-1.46.exe
C:\Users\Laptop\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe
C:\Users\Laptop\SkypeSetupFull.exe
C:\Users\Laptop\winzip145.exe
C:\Users\Laptop\word2007-kb974631-fullfile-x86-glb.exe
C:\Users\Laptop\AppData\Roaming\msconfig.ini
Some content of TEMP:
====================
C:\Users\Laptop\AppData\Local\temp\008e3d40.exe
C:\Users\Laptop\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-01 15:44
==================== End Of Log ============================0 -
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-12-2013
Ran by Laptop at 2014-01-01 18:09:29
Running from C:\Users\Laptop\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
3Connect (Version: 2.0.0 - 3 Mobile Broadband)
7-Zip 4.65 (Version: - )
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 8.3.1 (Version: 8.3.1 - Adobe Systems Incorporated)
Agere Systems HDA Modem (Version: - Agere Systems)
AVG 2014 (Version: 14.0.3658 - AVG Technologies)
AVG 2014 (Version: 14.0.4259 - AVG Technologies)
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
Broadband to go (Version: 11.300.05.06.394 - Huawei Technologies Co.,Ltd)
CCleaner (Version: 2.36 - Piriform)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink YouCam (Version: 1.0.1622 - CyberLink Corp.)
eircom mobile broadband (Version: 11.300.05.04.474 - Huawei Technologies Co.,Ltd)
Google Chrome (Version: 31.0.1650.63 - Google Inc.)
Google Earth Plug-in (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.)
Huawei modem (Version: - )
Intel(R) Graphics Media Accelerator Driver (Version: - Intel Corporation)
Java 7 Update 7 (Version: 7.0.70 - Oracle)
Java(TM) 6 Update 39 (Version: 6.0.390 - Oracle)
Launch (Version: 1.0.0 - The TechGuys)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (Version: 9.7.0621 - Microsoft Corporation)
Mobilni Internet (Version: - Mobilni Internet)
Mozilla Firefox 26.0 (x86 en-GB) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
O2 Broadband (Version: 11.302.09.13.116 - Huawei Technologies Co.,Ltd)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation)
OSD_1.2 (Version: 1.0.0 - OEM)
Power2Go (Version: 5.6.3321a - CyberLink Corp.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (Version: 6.0.1.5618 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (Version: - Realtek Semiconductor Corp.)
Skype Click to Call (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.3 (Version: 6.3.105 - Skype Technologies S.A.)
Spare Messaging (Version: 1.00.0000 - Spare Backup, Inc)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
==================== Restore Points =========================
05-11-2013 14:36:42 Scheduled Checkpoint
07-11-2013 00:33:04 Scheduled Checkpoint
07-11-2013 22:00:23 Scheduled Checkpoint
10-11-2013 19:57:32 Scheduled Checkpoint
11-11-2013 21:03:04 Scheduled Checkpoint
14-11-2013 01:02:28 Windows Update
01-12-2013 21:06:43 Scheduled Checkpoint
12-12-2013 02:32:36 Windows Update
29-12-2013 03:13:15 Scheduled Checkpoint
29-12-2013 20:33:22 Scheduled Checkpoint
31-12-2013 17:50:07 OTL Restore Point - 31/12/2013 17:50:06
31-12-2013 21:42:30 OTL Restore Point - 31/12/2013 21:42:30
==================== Hosts content: ==========================
2006-11-02 10:23 - 2013-12-31 17:49 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {51F79D52-09F3-4927-825F-5D633AD71979} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-28] (Google Inc.)
Task: {7A5C19D4-714D-490F-A89E-D54500D02D9C} - System32\Tasks\task17135539 => C:\Users\Laptop\AppData\Local\Temp\temp1764937569.exe <==== ATTENTION
Task: {7F07BF6A-9CB5-4EC7-8F88-29FC4194D646} - System32\Tasks\task18809524 => C:\Users\Laptop\AppData\Local\Temp\temp601693151.exe <==== ATTENTION
Task: {81CA2254-7D25-4716-97CD-2C6275E7C352} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {853B68ED-ADD2-4A05-A1D3-A2F1871D6A98} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-28] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2008-07-31 16:43 - 2008-07-31 16:43 - 00021200 _____ () C:\Program Files\The TechGuys\Launch\MVVMFramework.dll
2013-06-06 21:06 - 2007-08-23 15:39 - 00014848 _____ () C:\Program Files\Broadband to go\isaputrace.dll
2013-06-06 21:06 - 2009-04-15 09:24 - 00098304 _____ () C:\Program Files\Broadband to go\DeviceMgrPlugin.dll
2013-06-06 21:06 - 2009-04-15 09:20 - 00118784 _____ () C:\Program Files\Broadband to go\NetInfoPlugin.dll
2013-06-06 21:06 - 2009-04-15 09:17 - 00086016 _____ () C:\Program Files\Broadband to go\DialUpPlugin.dll
2013-06-06 21:06 - 2009-04-15 09:26 - 00057344 _____ () C:\Program Files\Broadband to go\ConfigFilePlugin.dll
2013-06-06 21:06 - 2009-04-15 09:06 - 00856064 _____ () C:\Program Files\Broadband to go\NDISAPI.dll
2013-06-06 21:06 - 2008-11-08 14:15 - 00151552 _____ () C:\Program Files\Broadband to go\DetectDev.dll
2013-06-06 21:06 - 2008-11-08 14:15 - 00552960 _____ () C:\Program Files\Broadband to go\atcomm.dll
2013-06-06 21:06 - 2008-11-08 14:15 - 00061440 _____ () C:\Program Files\Broadband to go\XCodec.dll
2013-06-06 21:06 - 2008-11-08 14:15 - 00061440 _____ () C:\Program Files\Broadband to go\DeviceOperate.dll
2013-06-06 21:06 - 2009-04-15 09:32 - 00135168 _____ () C:\Program Files\Broadband to go\LocaleMgrPlugin.dll
2013-06-06 21:06 - 2009-04-15 09:30 - 00032768 _____ () C:\Program Files\Broadband to go\NotifyServicePlugin.dll
2013-06-06 21:06 - 2009-04-15 09:16 - 00159744 _____ () C:\Program Files\Broadband to go\DeviceMgrUIPlugin.dll
2013-06-06 21:06 - 2007-07-31 14:50 - 00090112 _____ () C:\Program Files\Broadband to go\FileManager.dll
2013-06-06 21:06 - 2009-04-15 09:31 - 00159744 _____ () C:\Program Files\Broadband to go\SMSPlugin.dll
2013-12-05 21:37 - 2013-12-04 02:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 21:37 - 2013-12-04 02:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 21:36 - 2013-12-04 02:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-05 21:36 - 2013-12-04 02:47 - 00702416 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 21:36 - 2013-12-04 02:47 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 21:37 - 2013-12-04 02:48 - 13586896 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
2013-12-21 01:26 - 2013-12-21 01:26 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-12-10 22:10 - 2013-12-10 22:10 - 16242056 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Microsoft 6to4 Adapter #3
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (01/01/2014 01:17:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/01/2014 11:10:57 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\LAPTOP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\8BFDNKT5.DEFAULT\CACHE\A\7D> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (01/01/2014 11:10:57 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\LAPTOP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\8BFDNKT5.DEFAULT\CACHE\A\7D> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (01/01/2014 10:53:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/01/2014 09:26:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/24/2008 00:03:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/24/2008 00:07:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/01/2014 04:00:49 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/01/2014 03:24:18 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16526 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: f74
Start Time: 01cf06a0a2449d56
Termination Time: 0
Error: (01/01/2014 03:18:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
System errors:
=============
Error: (01/01/2014 01:18:56 PM) (Source: DCOM) (User: )
Description: {7F6316B4-4D69-4765-B0A3-B2598F2FA80A}
Error: (01/01/2014 01:18:06 PM) (Source: Service Control Manager) (User: )
Description: vToolbarUpdater17.2.0%%2
Error: (01/01/2014 01:18:06 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (01/01/2014 11:30:05 AM) (Source: DCOM) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}
Error: (01/01/2014 10:53:37 AM) (Source: Service Control Manager) (User: )
Description: vToolbarUpdater17.2.0%%2
Error: (01/01/2014 10:53:37 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (01/01/2014 10:52:10 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:50:55 on 01/01/2014 was unexpected.
Error: (01/01/2014 09:26:40 AM) (Source: Service Control Manager) (User: )
Description: vToolbarUpdater17.2.0%%2
Error: (01/01/2014 09:26:40 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (04/24/2008 00:03:31 AM) (Source: DCOM) (User: )
Description: {7F6316B4-4D69-4765-B0A3-B2598F2FA80A}
Microsoft Office Sessions:
=========================
Error: (01/01/2014 01:17:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/01/2014 11:10:57 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\LAPTOP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\8BFDNKT5.DEFAULT\CACHE\A\7D
Error: (01/01/2014 11:10:57 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\LAPTOP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\8BFDNKT5.DEFAULT\CACHE\A\7D
Error: (01/01/2014 10:53:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/01/2014 09:26:39 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/24/2008 00:03:03 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/24/2008 00:07:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/01/2014 04:00:49 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/01/2014 03:24:18 AM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16526f7401cf06a0a2449d560
Error: (01/01/2014 03:18:57 AM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe
CodeIntegrity Errors:
===================================
Date: 2014-01-01 18:07:17.324
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-01-01 18:07:16.445
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-01-01 18:07:15.383
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-01-01 18:07:14.147
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-01-01 18:07:12.668
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-01-01 18:07:11.512
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-01-01 18:07:10.197
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-01-01 18:07:08.865
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-01-01 09:36:23.395
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
Date: 2014-01-01 09:36:22.724
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 81%
Total physical RAM: 984.18 MB
Available physical RAM: 184.77 MB
Total Pagefile: 2716.01 MB
Available Pagefile: 1051.94 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.64 MB
==================== Drives ================================
Drive c: (Vista) (Fixed) (Total:138.31 GB) (Free:79.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Broadband to go) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
Drive s: (System) (Fixed) (Total:1.46 GB) (Free:1.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: C8FE0ADA)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=138 GB) - (Type=07 NTFS)
==================== End Of Log ============================0 -
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.0 -
Hi Jsa112,
I can't connect to internet on that laptop any more. When I started again AVG was turned off. I clicked on it, but nothing happened. I try to go to C:/Program data/AVG but i don't have permission.
Do I need to be connected to internet in order to run this script? I am typing this from another laptop which I can use temporary to download things. Or should I fix AVG before running the script?
Thank you!0 -
don't worry about avg for the time being
use that other PC to download the fixlist.txt and put it onto the infected PC0 -
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-12-2013
Ran by Laptop at 2014-01-01 20:59:57 Run:1
Running from C:\Users\Laptop\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
() C:\Users\Laptop\AppData\Local\temp\008e3d40.exe
HKCU\...\CurrentVersion\Windows: [Load] C:\Users\Laptop\LOCALS~1\Temp\msotuo.bat <===== ATTENTION
2014-01-01 18:07 - 2014-01-01 18:07 - 00000000 _____ C:\Users\Laptop\AppData\Roaming\system.ini
2014-01-01 18:05 - 2014-01-01 17:59 - 00329216 __RSH C:\ProgramData\819827392234.exe
2014-01-01 18:04 - 2014-01-01 18:07 - 00000216 _____ C:\Users\Laptop\AppData\Roaming\msconfig.ini
2014-01-01 18:03 - 2014-01-01 18:05 - 00000000 ___HD C:\ProgramData\COMHOST
2014-01-01 17:59 - 2014-01-01 18:05 - 00329216 __RSH C:\ProgramData\819827392234.exe
C:\Users\Laptop\AppData\Roaming\system.ini
C:\ProgramData\819827392234.exe
C:\Users\Laptop\AppData\Roaming\msconfig.ini
Task: {7A5C19D4-714D-490F-A89E-D54500D02D9C} - System32\Tasks\task17135539 => C:\Users\Laptop\AppData\Local\Temp\temp1764937569.exe <==== ATTENTION
Task: {7F07BF6A-9CB5-4EC7-8F88-29FC4194D646} - System32\Tasks\task18809524 => C:\Users\Laptop\AppData\Local\Temp\temp601693151.exe <==== ATTENTION
*****************
C:\Users\Laptop\AppData\Local\temp\008e3d40.exe => No running process found
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
C:\Users\Laptop\AppData\Roaming\system.ini => Moved successfully.
C:\ProgramData\819827392234.exe => Moved successfully.
C:\Users\Laptop\AppData\Roaming\msconfig.ini => Moved successfully.
C:\ProgramData\COMHOST => Moved successfully.
"C:\ProgramData\819827392234.exe" => File/Directory not found.
"C:\Users\Laptop\AppData\Roaming\system.ini" => File/Directory not found.
"C:\ProgramData\819827392234.exe" => File/Directory not found.
"C:\Users\Laptop\AppData\Roaming\msconfig.ini" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A5C19D4-714D-490F-A89E-D54500D02D9C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A5C19D4-714D-490F-A89E-D54500D02D9C} => Key deleted successfully.
C:\Windows\System32\Tasks\task17135539 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task17135539 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F07BF6A-9CB5-4EC7-8F88-29FC4194D646} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F07BF6A-9CB5-4EC7-8F88-29FC4194D646} => Key deleted successfully.
C:\Windows\System32\Tasks\task18809524 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task18809524 => Key deleted successfully.
==== End of Fixlog ====0 -
Shell I restart now?0
-
yeah and tell me how its running, hopefully that will have removed it0
-
Advertisement
Advertisement