Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Trojan found - please help

  • 31-12-2013 1:48am
    #1
    Registered Users, Registered Users 2 Posts: 251 ✭✭


    Hi Jsa112,

    I would appreciate VERY MUCH if you could help me to remove viruses from my laptop.
    It is old and I should buy a new one, but it will take a while...
    It is slow and Firefox keeps crashing (Flash plug in problem) + last week it shows odd date time on start up.
    Yesterday, AVG detected Trojan and I run Malwarebytes which removed it.
    I did it twice as first time I only removed Trojan, next time I removed all.
    Today I run it again and another Trojan was found, which I removed.
    I am posting you all 3 logs in the next 3 posts.
    I see that someone with the same problem run OTL so I run it as well. I just downloaded it and click "Run Scan" - logs are in the 4th and 5th post.



    Thank you so much in advance.


«1

Comments

  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    Malwarebytes Anti-Malware 1.75.0.1300
    http://www.malwarebytes.org/
    Database version: v2013.12.29.06
    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Laptop :: LAPTOP-PC [administrator]
    30/12/2013 23:34:49
    mbam-log-2013-12-30 (23-34-49).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 210112
    Time elapsed: 43 minute(s), 40 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hemxccapeaj.exe (Trojan.VBInject) -> Delete on reboot.
    (end)


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    Malwarebytes Anti-Malware 1.75.0.1300
    http://www.malwarebytes.org/
    Database version: v2013.12.29.06
    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Laptop :: LAPTOP-PC [administrator]
    30/12/2013 02:08:01
    mbam-log-2013-12-30 (02-08-01).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 208333
    Time elapsed: 16 minute(s), 52 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 12
    HKCR\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    HKCR\PriceFactorIE.PriceGongBHO.1 (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    HKCR\PriceFactorIE.PriceGongBHO (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    HKCR\PriceGongIE.PriceGongCtrl.1 (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    HKCR\PriceGongIE.PriceGongCtrl (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    HKCR\AppID\PriceGongIE.DLL (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    (end)


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    Malwarebytes Anti-Malware 1.75.0.1300
    http://www.malwarebytes.org/
    Database version: v2013.12.29.06
    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Laptop :: LAPTOP-PC [administrator]
    30/12/2013 00:17:50
    mbam-log-2013-12-30 (00-17-50).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 206092
    Time elapsed: 31 minute(s), 54 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 1
    C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PUP.Optional.PriceGong.A) -> No action taken.
    Registry Keys Detected: 12
    HKCR\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} (PUP.Optional.PriceGong.A) -> No action taken.
    HKCR\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71} (PUP.Optional.PriceGong.A) -> No action taken.
    HKCR\CLSID\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> No action taken.
    HKCR\PriceFactorIE.PriceGongBHO.1 (PUP.Optional.PriceGong.A) -> No action taken.
    HKCR\PriceFactorIE.PriceGongBHO (PUP.Optional.PriceGong.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> No action taken.
    HKCR\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB} (PUP.Optional.PriceGong.A) -> No action taken.
    HKCR\PriceGongIE.PriceGongCtrl.1 (PUP.Optional.PriceGong.A) -> No action taken.
    HKCR\PriceGongIE.PriceGongCtrl (PUP.Optional.PriceGong.A) -> No action taken.
    HKCR\AppID\PriceGongIE.DLL (PUP.Optional.PriceGong.A) -> No action taken.
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    OTL logfile created on: 31/12/2013 00:56:49 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laptop\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    984.18 Mb Total Physical Memory | 287.48 Mb Available Physical Memory | 29.21% Memory free
    2.18 Gb Paging File | 0.83 Gb Available in Paging File | 37.96% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 138.31 Gb Total Space | 80.28 Gb Free Space | 58.04% Space Free | Partition Type: NTFS
    Drive D: | 25.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive S: | 1.46 Gb Total Space | 1.30 Gb Free Space | 88.83% Space Free | Partition Type: NTFS

    Computer Name: LAPTOP-PC | User Name: Laptop | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/12/30 23:14:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Laptop\Downloads\OTL.exe
    PRC - [2013/12/15 21:20:57 | 002,471,448 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    PRC - [2013/12/15 21:20:56 | 001,771,544 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
    PRC - [2013/12/15 21:20:56 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
    PRC - [2013/11/18 21:59:36 | 000,590,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
    PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
    PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
    PRC - [2013/10/28 23:24:02 | 000,729,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
    PRC - [2013/10/28 23:17:36 | 000,892,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
    PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
    PRC - [2013/06/06 21:06:35 | 000,114,688 | ---- | M] () -- C:\Program Files\Broadband to go\Broadband to go.exe
    PRC - [2010/11/16 13:37:38 | 000,264,704 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
    PRC - [2010/11/16 13:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
    PRC - [2010/07/12 20:47:40 | 000,098,304 | ---- | M] () -- C:\Program Files\Mobilni Internet\ModemListener.exe
    PRC - [2010/06/17 16:09:02 | 000,040,960 | ---- | M] () -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
    PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/06/13 12:06:44 | 000,414,720 | ---- | M] (ODM) -- C:\Program Files\OEM\OSD_1.2\osd.exe
    PRC - [2008/05/07 16:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2008/02/22 08:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) -- C:\Program Files\OEM\OSD_1.2\OsdService.exe
    PRC - [2007/11/28 15:43:08 | 000,042,824 | ---- | M] () -- C:\Program Files\Spare Messaging\MessagingApp.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/12/15 21:20:57 | 002,471,448 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    MOD - [2013/12/15 21:20:57 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\log4cplusU.dll
    MOD - [2013/10/19 02:26:18 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
    MOD - [2013/08/15 20:02:40 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
    MOD - [2013/08/15 19:58:55 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
    MOD - [2013/07/11 19:42:34 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
    MOD - [2013/06/06 21:06:35 | 000,114,688 | ---- | M] () -- C:\Program Files\Broadband to go\Broadband to go.exe
    MOD - [2010/07/12 20:47:40 | 000,098,304 | ---- | M] () -- C:\Program Files\Mobilni Internet\ModemListener.exe
    MOD - [2009/04/15 09:32:22 | 000,135,168 | ---- | M] () -- C:\Program Files\Broadband to go\LocaleMgrPlugin.dll
    MOD - [2009/04/15 09:31:30 | 000,159,744 | ---- | M] () -- C:\Program Files\Broadband to go\SMSPlugin.dll
    MOD - [2009/04/15 09:30:10 | 000,032,768 | ---- | M] () -- C:\Program Files\Broadband to go\NotifyServicePlugin.dll
    MOD - [2009/04/15 09:26:14 | 000,057,344 | ---- | M] () -- C:\Program Files\Broadband to go\ConfigFilePlugin.dll
    MOD - [2009/04/15 09:24:16 | 000,098,304 | ---- | M] () -- C:\Program Files\Broadband to go\DeviceMgrPlugin.dll
    MOD - [2009/04/15 09:20:46 | 000,118,784 | ---- | M] () -- C:\Program Files\Broadband to go\NetInfoPlugin.dll
    MOD - [2009/04/15 09:17:36 | 000,086,016 | ---- | M] () -- C:\Program Files\Broadband to go\DialUpPlugin.dll
    MOD - [2009/04/15 09:16:22 | 000,159,744 | ---- | M] () -- C:\Program Files\Broadband to go\DeviceMgrUIPlugin.dll
    MOD - [2009/04/15 09:06:26 | 000,856,064 | ---- | M] () -- C:\Program Files\Broadband to go\NDISAPI.dll
    MOD - [2008/11/08 14:15:44 | 000,061,440 | ---- | M] () -- C:\Program Files\Broadband to go\XCodec.dll
    MOD - [2008/11/08 14:15:40 | 000,061,440 | ---- | M] () -- C:\Program Files\Broadband to go\DeviceOperate.dll
    MOD - [2008/11/08 14:15:34 | 000,151,552 | ---- | M] () -- C:\Program Files\Broadband to go\DetectDev.dll
    MOD - [2008/11/08 14:15:28 | 000,552,960 | ---- | M] () -- C:\Program Files\Broadband to go\atcomm.dll
    MOD - [2007/11/28 15:43:08 | 000,042,824 | ---- | M] () -- C:\Program Files\Spare Messaging\MessagingApp.exe
    MOD - [2007/08/23 15:39:30 | 000,014,848 | ---- | M] () -- C:\Program Files\Broadband to go\isaputrace.dll
    MOD - [2007/07/31 14:50:04 | 000,090,112 | ---- | M] () -- C:\Program Files\Broadband to go\FileManager.dll


    ========== Services (SafeList) ==========

    SRV - [2013/12/21 01:26:09 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/12/15 21:20:56 | 001,771,544 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe -- (vToolbarUpdater17.2.0)
    SRV - [2013/12/10 22:11:05 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
    SRV - [2013/02/28 17:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2010/11/16 13:37:38 | 000,264,704 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
    SRV - [2010/06/17 16:09:02 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe -- (DeviceManager)
    SRV - [2008/02/22 08:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) [Auto | Running] -- C:\Program Files\OEM\OSD_1.2\OsdService.exe -- (OsdService)
    SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swumx20.sys -- (SWUMX20)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
    DRV - [2013/11/10 14:41:57 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
    DRV - [2013/11/05 21:50:48 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
    DRV - [2013/11/04 21:57:30 | 000,209,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
    DRV - [2013/10/31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2013/10/31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
    DRV - [2013/10/24 22:28:32 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
    DRV - [2013/10/01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2013/09/17 00:57:26 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
    DRV - [2013/09/10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2013/08/01 15:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/01/13 10:54:18 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
    DRV - [2011/01/13 10:54:16 | 000,089,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
    DRV - [2011/01/13 10:54:16 | 000,073,344 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
    DRV - [2011/01/13 10:54:16 | 000,064,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
    DRV - [2010/07/27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
    DRV - [2010/06/17 16:09:00 | 000,103,552 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcusbser.sys -- (qcusbser)
    DRV - [2009/07/22 16:44:18 | 000,148,992 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumxa3.sys -- (SWUMXA3)
    DRV - [2009/07/22 16:44:04 | 000,197,504 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8ua3.sys -- (SWNC8UA3)
    DRV - [2009/02/17 19:38:12 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
    DRV - [2008/12/30 10:57:54 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
    DRV - [2008/12/13 10:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2008/07/15 08:20:24 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
    DRV - [2008/07/10 10:36:06 | 000,331,776 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
    DRV - [2008/05/21 16:46:48 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\directport.sys -- (GpdDevDPort)
    DRV - [2008/05/02 13:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2008/04/22 18:06:56 | 000,008,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\kbfiltr.sys -- (GpdKbFilter)
    DRV - [2008/01/21 02:23:26 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
    DRV - [2007/08/23 10:22:08 | 001,201,312 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
    IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGI

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI;
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.askaboutmoney.com/forum [Binary data over 200 bytes]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{4186E915-6684-410A-A99C-66AF1C7C2FBF}: "URL" = http://search.avg.com/?d=4e04ea29&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
    IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGI_en-GBIE398
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={67DB2C4F-1BD0-4C23-B6F8-F82FB2E5F196}&mid=358a021a42c7445281ced87b11c35f73-3be0ba691d70878c46ba264f8cdaedd3a1cfb76e&lang=en&ds=AVG&pr=fr&d=2013-09-25 22:48:34&v=15.4.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - prefs.js..extensions.enabledAddons: %7Bda8bd68d-8e90-41cd-8345-a71b294e72e6%7D:2.0.16.3
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5 [2013/05/21 00:13:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/21 01:25:35 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2010/12/18 23:40:06 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/21 01:25:35 | 000,000,000 | ---D | M]

    [2010/12/27 20:07:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Extensions
    [2013/11/05 01:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions
    [2011/04/06 19:47:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2013/08/15 20:57:51 | 000,380,223 | ---- | M] () (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions\izer@camelcamelcamel.com.xpi
    [2013/11/05 01:45:22 | 000,454,725 | ---- | M] () (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi
    [2013/12/21 01:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/12/21 01:25:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/12/21 01:25:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2013/12/21 01:25:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2013/12/21 01:25:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2013/12/21 01:25:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
    [2013/12/21 01:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/12/21 01:25:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/12/21 01:26:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013/06/24 20:44:11 | 000,003,715 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
    CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Google Drive = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: Google Drive = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: YouTube = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Google Search = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Skype Click to Call = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
    CHR - Extension: Skype Click to Call = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
    CHR - Extension: AVG Secure Search = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
    CHR - Extension: AVG Secure Search = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak
    CHR - Extension: Google Wallet = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
    CHR - Extension: Gmail = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [ModemListener] C:\Program Files\Mobilni Internet\ModemListener.exe ()
    O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SpareMessaging] C:\Program Files\Spare Messaging\MessagingApp.exe ()
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: raiffeisenbank.rs ([rol] https in Trusted sites)
    O16 - DPF: {73848533-39E1-49F1-9363-28054268C094} https://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll (FileInterface Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} https://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll (SecAPI Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D476B39-5E72-4B60-B1B3-51942DB45C12}: DhcpNameServer = 62.40.32.33 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CB56C1F-01D1-4F60-907E-B6CEEEAD28B3}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B69C798C-C9E4-4294-9585-642735622220}: NameServer = 212.129.64.220 212.129.64.221
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C401496D-850D-4C25-ABE5-409F1360FD22}: DhcpNameServer = 62.40.32.33 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8B8E3FA-BA28-41C2-B622-4E1C8AD58993}: DhcpNameServer = 192.168.1.1 0.0.0.0
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll (AVG Secure Search)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - D:\AutoRun.exe -- [ CDFS ]
    O32 - AutoRun File - [2008/03/05 00:34:52 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{006cfe0c-9fd5-11e0-af22-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{006cfe0c-9fd5-11e0-af22-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{006cfe17-9fd5-11e0-af22-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{006cfe17-9fd5-11e0-af22-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{00d35687-ca62-11df-b236-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{00d35687-ca62-11df-b236-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{026fa62d-b753-11e2-9a2b-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{026fa62d-b753-11e2-9a2b-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{02ff6508-1eb0-11e0-ac9f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{02ff6508-1eb0-11e0-ac9f-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{02ff6514-1eb0-11e0-ac9f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{02ff6514-1eb0-11e0-ac9f-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{02ff651e-1eb0-11e0-ac9f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{02ff651e-1eb0-11e0-ac9f-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0695f0e8-6491-11e0-9ebf-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0695f0e8-6491-11e0-9ebf-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0695f0f4-6491-11e0-9ebf-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0695f0f4-6491-11e0-9ebf-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0695f100-6491-11e0-9ebf-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0695f100-6491-11e0-9ebf-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0939b2a7-1ea5-11e0-bf25-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0939b2a7-1ea5-11e0-bf25-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0a2267a0-03ee-11e1-a00d-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0a2267a0-03ee-11e1-a00d-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0a2267af-03ee-11e1-a00d-001e101fabdd}\Shell - "" = AutoRun
    O33 - MountPoints2\{0a2267af-03ee-11e1-a00d-001e101fabdd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0a2267ba-03ee-11e1-a00d-001e101faa49}\Shell - "" = AutoRun
    O33 - MountPoints2\{0a2267ba-03ee-11e1-a00d-001e101faa49}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0eec8f52-6489-11e0-aa1e-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0eec8f52-6489-11e0-aa1e-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\Shell - "" = AutoRun
    O33 - MountPoints2\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0eec8f68-6489-11e0-aa1e-001e101f3315}\Shell - "" = AutoRun
    O33 - MountPoints2\{0eec8f68-6489-11e0-aa1e-001e101f3315}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0eec8f72-6489-11e0-aa1e-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0eec8f72-6489-11e0-aa1e-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{242ead3e-c14d-11e0-8d03-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{242ead3e-c14d-11e0-8d03-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{2539b887-1e99-11e0-8ac3-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{2539b887-1e99-11e0-8ac3-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{2539b894-1e99-11e0-8ac3-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{2539b894-1e99-11e0-8ac3-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{38a8b4be-648f-11e0-8efe-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{38a8b4be-648f-11e0-8efe-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\Shell - "" = AutoRun
    O33 - MountPoints2\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{3b537968-648c-11e0-aa37-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{3b537968-648c-11e0-aa37-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{465ac59f-03f8-11e1-a3d7-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{465ac59f-03f8-11e1-a3d7-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\Shell - "" = AutoRun
    O33 - MountPoints2\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\Shell - "" = AutoRun
    O33 - MountPoints2\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{466348ce-2e4a-11e0-bee8-001e101faa49}\Shell - "" = AutoRun
    O33 - MountPoints2\{466348ce-2e4a-11e0-bee8-001e101faa49}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{466348e9-2e4a-11e0-bee8-001e101fabdd}\Shell - "" = AutoRun
    O33 - MountPoints2\{466348e9-2e4a-11e0-bee8-001e101fabdd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\Shell - "" = AutoRun
    O33 - MountPoints2\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{481150ce-f174-11e1-bd4f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{481150ce-f174-11e1-bd4f-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{499a301b-1ea7-11e0-a36d-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{499a301b-1ea7-11e0-a36d-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{499a3028-1ea7-11e0-a36d-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{499a3028-1ea7-11e0-a36d-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{4f0b1204-b756-11e2-9325-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{4f0b1204-b756-11e2-9325-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{4f0b1211-b756-11e2-9325-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{4f0b1211-b756-11e2-9325-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{69c5f11b-1e9f-11e0-868b-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{69c5f11b-1e9f-11e0-868b-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{69c5f12a-1e9f-11e0-868b-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{69c5f12a-1e9f-11e0-868b-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{69c5f13e-1e9f-11e0-868b-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{69c5f13e-1e9f-11e0-868b-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{6d5406ec-19cd-11e0-b0f2-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{6d5406ec-19cd-11e0-b0f2-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{6f33813a-d847-11df-95d3-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{6f33813a-d847-11df-95d3-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{76c69f10-f14f-11e1-acaa-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{76c69f10-f14f-11e1-acaa-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{7b1b5a08-1eb3-11e0-983e-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{7b1b5a08-1eb3-11e0-983e-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{7b1b5a12-1eb3-11e0-983e-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{7b1b5a12-1eb3-11e0-983e-00030db35011}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{7c58bfa6-b758-11e2-ab1c-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{7c58bfa6-b758-11e2-ab1c-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{7fde9661-f508-11e0-91fb-001e101f9ae7}\Shell - "" = AutoRun
    O33 - MountPoints2\{7fde9661-f508-11e0-91fb-001e101f9ae7}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\Shell - "" = AutoRun
    O33 - MountPoints2\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{8520ea88-ceea-11e2-afd9-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{8520ea88-ceea-11e2-afd9-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{886c06e8-ceed-11e2-8c5f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{886c06e8-ceed-11e2-8c5f-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{8e96057f-c733-11df-b684-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{8e96057f-c733-11df-b684-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{8e96059c-c733-11df-b684-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{8e96059c-c733-11df-b684-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{9546dc9b-1e9b-11e0-a353-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{9546dc9b-1e9b-11e0-a353-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{9d6fdf07-b75d-11e2-837a-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{9d6fdf07-b75d-11e2-837a-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{a0f44d0c-c6fb-11df-9e95-00030db35011}\Shell\AutoRun\command - "" = D:\Installer.exe
    O33 - MountPoints2\{a9206c55-d7e6-11df-906a-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{a9206c55-d7e6-11df-906a-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{a97e906d-f16b-11e1-b698-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{a97e906d-f16b-11e1-b698-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{a97e9089-f16b-11e1-b698-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{a97e9089-f16b-11e1-b698-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{ae939764-ca5f-11df-8d58-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{ae939764-ca5f-11df-8d58-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{b65bfd26-1e9c-11e0-8f17-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{b65bfd26-1e9c-11e0-8f17-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{c68188af-898b-11e0-a223-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{c68188af-898b-11e0-a223-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{cd53c7fd-219e-11e0-b785-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{cd53c7fd-219e-11e0-b785-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{ced015f1-c815-11df-9386-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{ced015f1-c815-11df-9386-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{ced01605-c815-11df-9386-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{ced01605-c815-11df-9386-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{cf18804f-1ea1-11e0-873f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{cf18804f-1ea1-11e0-873f-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{cf188061-1ea1-11e0-873f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{cf188061-1ea1-11e0-873f-00030db35011}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{d31bb189-20a9-11e0-a59d-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{d31bb189-20a9-11e0-a59d-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{d950778e-b750-11e2-a81a-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{d950778e-b750-11e2-a81a-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{d9507797-b750-11e2-a81a-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{d9507797-b750-11e2-a81a-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{d981389f-a741-11e0-a149-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{d981389f-a741-11e0-a149-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{daa3ba7c-2336-11e0-968f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{daa3ba7c-2336-11e0-968f-00030db35011}\Shell\AutoRun\command - "" = D:\WIN\setup.exe
    O33 - MountPoints2\{dbb9899d-c12f-11e0-826b-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{dbb9899d-c12f-11e0-826b-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dbe69002-c2bb-11e0-94fd-001e101f534f}\Shell - "" = AutoRun
    O33 - MountPoints2\{dbe69002-c2bb-11e0-94fd-001e101f534f}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\Shell - "" = AutoRun
    O33 - MountPoints2\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dbe6901b-c2bb-11e0-94fd-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{dbe6901b-c2bb-11e0-94fd-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dbfb9308-4c41-11e1-b324-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{dbfb9308-4c41-11e1-b324-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\Shell - "" = AutoRun
    O33 - MountPoints2\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dd25831f-03f4-11e1-adaa-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{dd25831f-03f4-11e1-adaa-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\Shell - "" = AutoRun
    O33 - MountPoints2\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{e78bb380-03df-11e1-ad9a-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{e78bb380-03df-11e1-ad9a-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\Shell - "" = AutoRun
    O33 - MountPoints2\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{eb6aa39f-03e2-11e1-b34b-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{eb6aa39f-03e2-11e1-b34b-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\Shell - "" = AutoRun
    O33 - MountPoints2\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{eca2cd20-03f0-11e1-93d0-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{eca2cd20-03f0-11e1-93d0-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\Shell - "" = AutoRun
    O33 - MountPoints2\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\Shell - "" = AutoRun
    O33 - MountPoints2\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{ef7630be-c1f4-11e0-93bd-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{ef7630be-c1f4-11e0-93bd-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{f3e878bf-7c08-11e0-97ef-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{f3e878bf-7c08-11e0-97ef-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{fff0d77f-9853-11e0-ac68-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{fff0d77f-9853-11e0-ac68-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\D\Shell - "" = AutoRun
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/12/30 19:06:12 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\dumps
    [2013/12/29 13:03:54 | 000,255,070 | ---- | C] (Flash ) -- C:\Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe
    [2013/12/21 01:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/12/12 02:37:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2013/12/12 02:37:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2013/12/12 02:37:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2013/12/12 02:37:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2013/12/12 02:37:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2013/12/12 02:37:39 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2013/12/12 02:37:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2013/12/12 02:37:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2013/12/12 00:33:05 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
    [2013/12/12 00:33:02 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
    [2013/12/12 00:33:01 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
    [2013/12/12 00:32:46 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
    [2013/12/12 00:32:43 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
    [2013/12/12 00:31:47 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2013/12/10 10:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2010/11/21 01:03:13 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Laptop\mbam-setup-1.46.exe
    [2010/10/04 00:38:21 | 141,707,952 | ---- | C] (AVG Technologies) -- C:\Users\Laptop\avg_free_x86_all_2011_1120a3152.exe
    [2010/10/04 00:29:57 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Laptop\avgremover.exe
    [2010/09/30 00:17:30 | 001,187,896 | ---- | C] (Piriform Ltd) -- C:\Users\Laptop\ccsetup236.exe
    [2010/09/28 23:31:05 | 014,951,776 | ---- | C] (Microsoft Corporation) -- C:\Users\Laptop\word2007-kb974631-fullfile-x86-glb.exe
    [2010/09/28 23:04:57 | 019,075,976 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Laptop\SkypeSetupFull.exe

    ========== Files - Modified Within 30 Days ==========

    [2013/12/31 01:05:10 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/12/31 00:35:20 | 000,634,494 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/12/31 00:35:20 | 000,120,782 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/12/31 00:27:42 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/12/31 00:27:40 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/12/31 00:27:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/12/31 00:26:54 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
    [2013/12/31 00:26:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/12/31 00:25:42 | 1032,740,864 | -HS- | M] () -- C:\hiberfil.sys
    [2013/12/31 00:17:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/12/30 00:13:30 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/12/29 13:03:56 | 000,255,070 | ---- | M] (Flash ) -- C:\Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe
    [2013/12/29 03:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\RegSERVO.job
    [2013/12/10 22:10:48 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/12/10 22:10:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013/12/05 21:37:36 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

    ========== Files Created - No Company Name ==========

    [2013/12/30 00:13:30 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/05/21 00:08:19 | 000,003,714 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
    [2011/07/18 19:53:39 | 000,000,000 | ---- | C] () -- C:\Users\Laptop\AppData\Local\{BB5C1344-8CEB-4AEB-97D3-4FB026A34D40}
    [2011/06/23 22:41:55 | 001,529,005 | ---- | C] () -- C:\Users\Laptop\AVGInstLog.cab
    [2011/06/09 23:51:11 | 000,000,000 | ---- | C] () -- C:\Users\Laptop\AppData\Local\{DBE900B0-FC28-482C-AE85-F8BD909E858D}
    [2010/10/24 22:34:24 | 104,347,466 | ---- | C] () -- C:\Users\Laptop\eclipse-java-helios-SR1-win32.zip
    [2010/10/05 00:02:40 | 014,501,192 | ---- | C] () -- C:\Users\Laptop\winzip145.exe
    [2010/09/29 00:16:50 | 000,000,132 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\wklnhst.dat
    [2010/09/29 00:14:19 | 155,184,736 | ---- | C] () -- C:\Users\Laptop\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe
    [2010/09/25 16:26:23 | 000,007,680 | ---- | C] () -- C:\Users\Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    OTL Extras logfile created on: 31/12/2013 00:56:49 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laptop\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    984.18 Mb Total Physical Memory | 287.48 Mb Available Physical Memory | 29.21% Memory free
    2.18 Gb Paging File | 0.83 Gb Available in Paging File | 37.96% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 138.31 Gb Total Space | 80.28 Gb Free Space | 58.04% Space Free | Partition Type: NTFS
    Drive D: | 25.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive S: | 1.46 Gb Total Space | 1.30 Gb Free Space | 88.83% Space Free | Partition Type: NTFS

    Computer Name: LAPTOP-PC | User Name: Laptop | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe" = C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0F686817-827A-4DFA-AF19-81C36FC27388}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
    "{21CBE05C-0319-4E98-BF8D-7AA257B69ABF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
    "{3B4DED64-C94F-4A27-AE93-E6B38A406686}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{3F1CD20C-6E81-4B72-9349-EF848C811427}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
    "{407DB6C9-4DE5-4804-8DA2-D5C46E7DD576}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
    "{487AE651-B21A-48B5-B01B-E321F97B45FF}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
    "{6CD4EEB8-1348-495A-BBB6-907A055D71D0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{766A76AB-DA30-4BAA-B1D7-1CF7AB55B77F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{767BD960-8B8B-427D-A120-43718ECE6987}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{869723A7-0311-48F2-922E-BDC165A0C557}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
    "{8B0787E1-AEAB-4563-9194-2B344D4DF950}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
    "{D9571F73-7711-4AAA-92A2-1904534F687F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{DE041E30-4306-4CBE-B4E4-08A233006137}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{E1519E84-7C12-49D0-9196-314860169A50}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
    "{E2E90169-84D1-4678-A513-34DA0D40D0C9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
    "{E406489E-3D9B-4953-AE88-1EADABEF257E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
    "{F27DD36F-E1C4-4322-BDCA-33F0AD586FF8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
    "{F28DF785-9674-49DC-BF6A-0AC26936F103}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "TCP Query User{89D4C546-14D8-42E0-9737-98B4F26665EF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "TCP Query User{9574B267-CB2F-47DB-913D-CB4B5BC49860}C:\program files\huawei technologies\huawei umts data card\3 usb modem.exe" = protocol=6 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe |
    "UDP Query User{6466B0F2-A3ED-40AB-A688-24B2EA618D90}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "UDP Query User{815EC70A-B98E-4FDE-B45F-38DEFC6D0668}C:\program files\huawei technologies\huawei umts data card\3 usb modem.exe" = protocol=17 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 39
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{3B97ADB7-3DA1-4964-BC10-68384BA6A66F}" = AVG 2014
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}" = AVG 2014
    "{4A65DAD2-E914-4923-9C2A-81B968A68CE2}" = Launch
    "{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73289228-1853-4623-982A-EB17FF0270CA}" = OSD_1.2
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{C939F015-83C6-432C-B67B-0816AA0B4C17}" = Spare Messaging
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "7-Zip" = 7-Zip 4.65
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "alotToolbar" = ALOT Toolbar
    "AVG" = AVG 2014
    "AVG Secure Search" = AVG Security Toolbar
    "Broadband to go" = Broadband to go
    "CCleaner" = CCleaner
    "eircom mobile broadband" = eircom mobile broadband
    "Google Chrome" = Google Chrome
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Huawei Modems" = Huawei modem
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mobilni Internet ALCATEL_is1" = Mobilni Internet
    "Mozilla Firefox 26.0 (x86 en-GB)" = Mozilla Firefox 26.0 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "O2 Broadband" = O2 Broadband
    "PriceGong" = PriceGong 2.1.0

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 29/12/2013 21:04:06 | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 29/12/2013 21:04:06 | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 29/12/2013 21:04:07 | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 29/12/2013 21:04:07 | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 29/12/2013 21:16:10 | Computer Name = Laptop-PC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 9.0.8112.16526, time stamp
    0x52855173, faulting module PriceGongIE.dll, version 2.1.0.6, time stamp 0x4baf202a,
    exception code 0xc0000005, fault offset 0x000129b7, process id 0x15b0, application
    start time 0x01cf04fb3b642b62.

    Error - 29/12/2013 22:29:30 | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 23/04/2008 20:02:52 | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 30/12/2013 14:59:24 | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 30/12/2013 17:44:33 | Computer Name = Laptop-PC | Source = Application Error | ID = 1000
    Description = Faulting application FlashPlayerPlugin_11_9_900_170.exe, version 11.9.900.170,
    time stamp 0x529b79bf, faulting module ntdll.dll, version 6.0.6002.18881, time
    stamp 0x51da3e27, exception code 0xc000070a, fault offset 0x0008adc5, process id
    0x3f38, application start time 0x01cf05a7337ffb5e.

    Error - 30/12/2013 20:09:49 | Computer Name = Laptop-PC | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 26.0.0.5087 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 5a64 Start Time: 01cf05bac482419e Termination Time: 1922

    Error - 30/12/2013 20:27:35 | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10
    Description =

    [ Media Center Events ]
    Error - 02/09/2013 15:42:54 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
    Description = Error connecting to the internet. (828.1128)

    Error - 02/09/2013 15:42:54 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
    Description = Unable to contact server.. (828.1129)

    Error - 17/09/2013 15:00:15 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
    Description = Error connecting to the internet. (1620.1128)

    Error - 17/09/2013 15:00:15 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
    Description = Unable to contact server.. (1620.1129)

    Error - 26/09/2013 22:11:29 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
    Description = Error connecting to the internet. (16768.1128)

    Error - 26/09/2013 22:11:29 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
    Description = Unable to contact server.. (16768.1129)

    Error - 02/10/2013 15:37:58 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
    Description = Error connecting to the internet. (2192.1128)

    Error - 02/10/2013 15:37:58 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
    Description = Unable to contact server.. (2192.1129)

    Error - 01/11/2013 06:17:23 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
    Description = Error connecting to the internet. (3016.1128)

    Error - 01/11/2013 06:17:23 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
    Description = Unable to contact server.. (3016.1129)

    [ System Events ]
    Error - 29/12/2013 21:02:45 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 29/12/2013 21:04:16 | Computer Name = Laptop-PC | Source = DCOM | ID = 10010
    Description =

    Error - 29/12/2013 22:29:30 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 23/04/2008 20:02:53 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 30/12/2013 14:59:24 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 30/12/2013 15:17:10 | Computer Name = Laptop-PC | Source = DCOM | ID = 10005
    Description =

    Error - 30/12/2013 15:17:38 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 30/12/2013 15:17:38 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 30/12/2013 20:23:26 | Computer Name = Laptop-PC | Source = DCOM | ID = 10010
    Description =

    Error - 30/12/2013 20:27:37 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    download and run adwcleaner

    www.bleepingcomputer.com/download/adwcleaner/


    post its log


    open OTL copy this into the box


    :OTL
    O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)
    O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
    O32 - AutoRun File - [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - D:\AutoRun.exe -- [ CDFS ]
    O32 - AutoRun File - [2008/03/05 00:34:52 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{006cfe0c-9fd5-11e0-af22-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{006cfe0c-9fd5-11e0-af22-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{006cfe17-9fd5-11e0-af22-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{006cfe17-9fd5-11e0-af22-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{00d35687-ca62-11df-b236-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{00d35687-ca62-11df-b236-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{026fa62d-b753-11e2-9a2b-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{026fa62d-b753-11e2-9a2b-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{02ff6508-1eb0-11e0-ac9f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{02ff6508-1eb0-11e0-ac9f-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{02ff6514-1eb0-11e0-ac9f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{02ff6514-1eb0-11e0-ac9f-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{02ff651e-1eb0-11e0-ac9f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{02ff651e-1eb0-11e0-ac9f-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0695f0e8-6491-11e0-9ebf-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0695f0e8-6491-11e0-9ebf-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0695f0f4-6491-11e0-9ebf-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0695f0f4-6491-11e0-9ebf-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0695f100-6491-11e0-9ebf-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0695f100-6491-11e0-9ebf-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0939b2a7-1ea5-11e0-bf25-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0939b2a7-1ea5-11e0-bf25-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0a2267a0-03ee-11e1-a00d-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0a2267a0-03ee-11e1-a00d-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0a2267af-03ee-11e1-a00d-001e101fabdd}\Shell - "" = AutoRun
    O33 - MountPoints2\{0a2267af-03ee-11e1-a00d-001e101fabdd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0a2267ba-03ee-11e1-a00d-001e101faa49}\Shell - "" = AutoRun
    O33 - MountPoints2\{0a2267ba-03ee-11e1-a00d-001e101faa49}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0eec8f52-6489-11e0-aa1e-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0eec8f52-6489-11e0-aa1e-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\Shell - "" = AutoRun
    O33 - MountPoints2\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0eec8f68-6489-11e0-aa1e-001e101f3315}\Shell - "" = AutoRun
    O33 - MountPoints2\{0eec8f68-6489-11e0-aa1e-001e101f3315}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0eec8f72-6489-11e0-aa1e-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0eec8f72-6489-11e0-aa1e-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{242ead3e-c14d-11e0-8d03-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{242ead3e-c14d-11e0-8d03-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{2539b887-1e99-11e0-8ac3-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{2539b887-1e99-11e0-8ac3-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{2539b894-1e99-11e0-8ac3-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{2539b894-1e99-11e0-8ac3-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{38a8b4be-648f-11e0-8efe-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{38a8b4be-648f-11e0-8efe-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\Shell - "" = AutoRun
    O33 - MountPoints2\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{3b537968-648c-11e0-aa37-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{3b537968-648c-11e0-aa37-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{465ac59f-03f8-11e1-a3d7-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{465ac59f-03f8-11e1-a3d7-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\Shell - "" = AutoRun
    O33 - MountPoints2\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\Shell - "" = AutoRun
    O33 - MountPoints2\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{466348ce-2e4a-11e0-bee8-001e101faa49}\Shell - "" = AutoRun
    O33 - MountPoints2\{466348ce-2e4a-11e0-bee8-001e101faa49}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{466348e9-2e4a-11e0-bee8-001e101fabdd}\Shell - "" = AutoRun
    O33 - MountPoints2\{466348e9-2e4a-11e0-bee8-001e101fabdd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\Shell - "" = AutoRun
    O33 - MountPoints2\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{481150ce-f174-11e1-bd4f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{481150ce-f174-11e1-bd4f-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{499a301b-1ea7-11e0-a36d-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{499a301b-1ea7-11e0-a36d-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{499a3028-1ea7-11e0-a36d-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{499a3028-1ea7-11e0-a36d-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{4f0b1204-b756-11e2-9325-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{4f0b1204-b756-11e2-9325-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{4f0b1211-b756-11e2-9325-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{4f0b1211-b756-11e2-9325-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{69c5f11b-1e9f-11e0-868b-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{69c5f11b-1e9f-11e0-868b-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{69c5f12a-1e9f-11e0-868b-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{69c5f12a-1e9f-11e0-868b-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{69c5f13e-1e9f-11e0-868b-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{69c5f13e-1e9f-11e0-868b-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{6d5406ec-19cd-11e0-b0f2-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{6d5406ec-19cd-11e0-b0f2-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{6f33813a-d847-11df-95d3-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{6f33813a-d847-11df-95d3-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{76c69f10-f14f-11e1-acaa-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{76c69f10-f14f-11e1-acaa-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{7b1b5a08-1eb3-11e0-983e-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{7b1b5a08-1eb3-11e0-983e-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{7b1b5a12-1eb3-11e0-983e-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{7b1b5a12-1eb3-11e0-983e-00030db35011}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{7c58bfa6-b758-11e2-ab1c-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{7c58bfa6-b758-11e2-ab1c-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{7fde9661-f508-11e0-91fb-001e101f9ae7}\Shell - "" = AutoRun
    O33 - MountPoints2\{7fde9661-f508-11e0-91fb-001e101f9ae7}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\Shell - "" = AutoRun
    O33 - MountPoints2\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{8520ea88-ceea-11e2-afd9-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{8520ea88-ceea-11e2-afd9-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{886c06e8-ceed-11e2-8c5f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{886c06e8-ceed-11e2-8c5f-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{8e96057f-c733-11df-b684-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{8e96057f-c733-11df-b684-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{8e96059c-c733-11df-b684-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{8e96059c-c733-11df-b684-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{9546dc9b-1e9b-11e0-a353-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{9546dc9b-1e9b-11e0-a353-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{9d6fdf07-b75d-11e2-837a-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{9d6fdf07-b75d-11e2-837a-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{a0f44d0c-c6fb-11df-9e95-00030db35011}\Shell\AutoRun\command - "" = D:\Installer.exe
    O33 - MountPoints2\{a9206c55-d7e6-11df-906a-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{a9206c55-d7e6-11df-906a-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{a97e906d-f16b-11e1-b698-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{a97e906d-f16b-11e1-b698-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{a97e9089-f16b-11e1-b698-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{a97e9089-f16b-11e1-b698-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{ae939764-ca5f-11df-8d58-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{ae939764-ca5f-11df-8d58-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{b65bfd26-1e9c-11e0-8f17-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{b65bfd26-1e9c-11e0-8f17-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{c68188af-898b-11e0-a223-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{c68188af-898b-11e0-a223-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{cd53c7fd-219e-11e0-b785-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{cd53c7fd-219e-11e0-b785-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{ced015f1-c815-11df-9386-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{ced015f1-c815-11df-9386-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{ced01605-c815-11df-9386-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{ced01605-c815-11df-9386-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{cf18804f-1ea1-11e0-873f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{cf18804f-1ea1-11e0-873f-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{cf188061-1ea1-11e0-873f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{cf188061-1ea1-11e0-873f-00030db35011}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{d31bb189-20a9-11e0-a59d-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{d31bb189-20a9-11e0-a59d-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{d950778e-b750-11e2-a81a-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{d950778e-b750-11e2-a81a-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{d9507797-b750-11e2-a81a-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{d9507797-b750-11e2-a81a-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{d981389f-a741-11e0-a149-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{d981389f-a741-11e0-a149-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{daa3ba7c-2336-11e0-968f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{daa3ba7c-2336-11e0-968f-00030db35011}\Shell\AutoRun\command - "" = D:\WIN\setup.exe
    O33 - MountPoints2\{dbb9899d-c12f-11e0-826b-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{dbb9899d-c12f-11e0-826b-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dbe69002-c2bb-11e0-94fd-001e101f534f}\Shell - "" = AutoRun
    O33 - MountPoints2\{dbe69002-c2bb-11e0-94fd-001e101f534f}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\Shell - "" = AutoRun
    O33 - MountPoints2\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dbe6901b-c2bb-11e0-94fd-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{dbe6901b-c2bb-11e0-94fd-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dbfb9308-4c41-11e1-b324-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{dbfb9308-4c41-11e1-b324-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\Shell - "" = AutoRun
    O33 - MountPoints2\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dd25831f-03f4-11e1-adaa-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{dd25831f-03f4-11e1-adaa-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\Shell - "" = AutoRun
    O33 - MountPoints2\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{e78bb380-03df-11e1-ad9a-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{e78bb380-03df-11e1-ad9a-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\Shell - "" = AutoRun
    O33 - MountPoints2\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{eb6aa39f-03e2-11e1-b34b-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{eb6aa39f-03e2-11e1-b34b-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\Shell - "" = AutoRun
    O33 - MountPoints2\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{eca2cd20-03f0-11e1-93d0-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{eca2cd20-03f0-11e1-93d0-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\Shell - "" = AutoRun
    O33 - MountPoints2\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\Shell - "" = AutoRun
    O33 - MountPoints2\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{ef7630be-c1f4-11e0-93bd-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{ef7630be-c1f4-11e0-93bd-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{f3e878bf-7c08-11e0-97ef-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{f3e878bf-7c08-11e0-97ef-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{fff0d77f-9853-11e0-ac68-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{fff0d77f-9853-11e0-ac68-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\D\Shell - "" = AutoRun
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    [2013/12/29 13:03:54 | 000,255,070 | ---- | C] (Flash ) -- C:\Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe
    [2013/12/29 13:03:56 | 000,255,070 | ---- | M] (Flash ) -- C:\Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2010/12/18 23:40:06 | 000,000,000 | ---D | M]

    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
    [EMPTYJAVA]
    [CREATERESTOREPOINT]
    [Reboot]
    :Files
    ipconfig /flushdns /c
    C:\hemxccapeaj.exe /s
    C:\Program Files\PriceGong
    C:\bjrwzmzisvc.exe /s


    click run fix post the log it gives you


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    Shell I first run adwcleaner and then OTL "Run Fix"? Do you need log from OTL or adwcleaner? Sorry if this is stupid question, but I am not sure if the order matters :(
    Thank you soooo much!!!!


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    yes do adwcleaner first then otl, then post both their logs that they give you


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    Adw log is below (I clicked Scan, should I do Clean as well)?
    I am going to run OTL now and post the log when it completes.

    # AdwCleaner v3.016 - Report created 31/12/2013 at 17:23:08
    # Updated 23/12/2013 by Xplode
    # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Username : Laptop - LAPTOP-PC
    # Running from : C:\Users\Laptop\Downloads\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16526


    -\\ Mozilla Firefox v26.0 (en-GB)

    [ File : C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\prefs.js ]

    Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Line Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");

    -\\ Google Chrome v31.0.1650.63

    [ File : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\preferences ]


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    This is OTL log after restart:

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ deleted successfully.
    C:\Program Files\alot\bin\BHO\alotBHO.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}\ deleted successfully.
    C:\Program Files\alot\bin\alot.dll moved successfully.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    File move failed. D:\AUTORUN.INF scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{006cfe0c-9fd5-11e0-af22-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006cfe0c-9fd5-11e0-af22-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{006cfe0c-9fd5-11e0-af22-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006cfe0c-9fd5-11e0-af22-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{006cfe17-9fd5-11e0-af22-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006cfe17-9fd5-11e0-af22-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{006cfe17-9fd5-11e0-af22-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006cfe17-9fd5-11e0-af22-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00d35687-ca62-11df-b236-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00d35687-ca62-11df-b236-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00d35687-ca62-11df-b236-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00d35687-ca62-11df-b236-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{026fa62d-b753-11e2-9a2b-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{026fa62d-b753-11e2-9a2b-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{026fa62d-b753-11e2-9a2b-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{026fa62d-b753-11e2-9a2b-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ff6508-1eb0-11e0-ac9f-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ff6508-1eb0-11e0-ac9f-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ff6508-1eb0-11e0-ac9f-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ff6508-1eb0-11e0-ac9f-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ff6514-1eb0-11e0-ac9f-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ff6514-1eb0-11e0-ac9f-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ff6514-1eb0-11e0-ac9f-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ff6514-1eb0-11e0-ac9f-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ff651e-1eb0-11e0-ac9f-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ff651e-1eb0-11e0-ac9f-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ff651e-1eb0-11e0-ac9f-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ff651e-1eb0-11e0-ac9f-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f0e8-6491-11e0-9ebf-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0695f0e8-6491-11e0-9ebf-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f0e8-6491-11e0-9ebf-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0695f0e8-6491-11e0-9ebf-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f0f4-6491-11e0-9ebf-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0695f0f4-6491-11e0-9ebf-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f0f4-6491-11e0-9ebf-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0695f0f4-6491-11e0-9ebf-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f100-6491-11e0-9ebf-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0695f100-6491-11e0-9ebf-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f100-6491-11e0-9ebf-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0695f100-6491-11e0-9ebf-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0939b2a7-1ea5-11e0-bf25-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0939b2a7-1ea5-11e0-bf25-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0939b2a7-1ea5-11e0-bf25-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0939b2a7-1ea5-11e0-bf25-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2267a0-03ee-11e1-a00d-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2267a0-03ee-11e1-a00d-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2267a0-03ee-11e1-a00d-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2267a0-03ee-11e1-a00d-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2267af-03ee-11e1-a00d-001e101fabdd}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2267af-03ee-11e1-a00d-001e101fabdd}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2267af-03ee-11e1-a00d-001e101fabdd}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2267af-03ee-11e1-a00d-001e101fabdd}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2267ba-03ee-11e1-a00d-001e101faa49}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2267ba-03ee-11e1-a00d-001e101faa49}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2267ba-03ee-11e1-a00d-001e101faa49}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2267ba-03ee-11e1-a00d-001e101faa49}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f52-6489-11e0-aa1e-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f52-6489-11e0-aa1e-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f52-6489-11e0-aa1e-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f52-6489-11e0-aa1e-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f68-6489-11e0-aa1e-001e101f3315}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f68-6489-11e0-aa1e-001e101f3315}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f68-6489-11e0-aa1e-001e101f3315}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f68-6489-11e0-aa1e-001e101f3315}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f72-6489-11e0-aa1e-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f72-6489-11e0-aa1e-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f72-6489-11e0-aa1e-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f72-6489-11e0-aa1e-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{242ead3e-c14d-11e0-8d03-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{242ead3e-c14d-11e0-8d03-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{242ead3e-c14d-11e0-8d03-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{242ead3e-c14d-11e0-8d03-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2539b887-1e99-11e0-8ac3-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2539b887-1e99-11e0-8ac3-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2539b887-1e99-11e0-8ac3-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2539b887-1e99-11e0-8ac3-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2539b894-1e99-11e0-8ac3-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2539b894-1e99-11e0-8ac3-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2539b894-1e99-11e0-8ac3-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2539b894-1e99-11e0-8ac3-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a8b4be-648f-11e0-8efe-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38a8b4be-648f-11e0-8efe-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a8b4be-648f-11e0-8efe-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38a8b4be-648f-11e0-8efe-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b537968-648c-11e0-aa37-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b537968-648c-11e0-aa37-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b537968-648c-11e0-aa37-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b537968-648c-11e0-aa37-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{465ac59f-03f8-11e1-a3d7-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{465ac59f-03f8-11e1-a3d7-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{465ac59f-03f8-11e1-a3d7-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{465ac59f-03f8-11e1-a3d7-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466348ce-2e4a-11e0-bee8-001e101faa49}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466348ce-2e4a-11e0-bee8-001e101faa49}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466348ce-2e4a-11e0-bee8-001e101faa49}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466348ce-2e4a-11e0-bee8-001e101faa49}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466348e9-2e4a-11e0-bee8-001e101fabdd}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466348e9-2e4a-11e0-bee8-001e101fabdd}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466348e9-2e4a-11e0-bee8-001e101fabdd}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466348e9-2e4a-11e0-bee8-001e101fabdd}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{481150ce-f174-11e1-bd4f-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{481150ce-f174-11e1-bd4f-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{481150ce-f174-11e1-bd4f-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{481150ce-f174-11e1-bd4f-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{499a301b-1ea7-11e0-a36d-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{499a301b-1ea7-11e0-a36d-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{499a301b-1ea7-11e0-a36d-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{499a301b-1ea7-11e0-a36d-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{499a3028-1ea7-11e0-a36d-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{499a3028-1ea7-11e0-a36d-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{499a3028-1ea7-11e0-a36d-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{499a3028-1ea7-11e0-a36d-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f0b1204-b756-11e2-9325-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f0b1204-b756-11e2-9325-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f0b1204-b756-11e2-9325-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f0b1204-b756-11e2-9325-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f0b1211-b756-11e2-9325-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f0b1211-b756-11e2-9325-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f0b1211-b756-11e2-9325-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f0b1211-b756-11e2-9325-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c5f11b-1e9f-11e0-868b-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c5f11b-1e9f-11e0-868b-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c5f11b-1e9f-11e0-868b-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c5f11b-1e9f-11e0-868b-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c5f12a-1e9f-11e0-868b-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c5f12a-1e9f-11e0-868b-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c5f12a-1e9f-11e0-868b-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c5f12a-1e9f-11e0-868b-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c5f13e-1e9f-11e0-868b-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c5f13e-1e9f-11e0-868b-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c5f13e-1e9f-11e0-868b-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c5f13e-1e9f-11e0-868b-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d5406ec-19cd-11e0-b0f2-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d5406ec-19cd-11e0-b0f2-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d5406ec-19cd-11e0-b0f2-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d5406ec-19cd-11e0-b0f2-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f33813a-d847-11df-95d3-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f33813a-d847-11df-95d3-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f33813a-d847-11df-95d3-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f33813a-d847-11df-95d3-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76c69f10-f14f-11e1-acaa-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76c69f10-f14f-11e1-acaa-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76c69f10-f14f-11e1-acaa-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76c69f10-f14f-11e1-acaa-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b1b5a08-1eb3-11e0-983e-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b1b5a08-1eb3-11e0-983e-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b1b5a08-1eb3-11e0-983e-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b1b5a08-1eb3-11e0-983e-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b1b5a12-1eb3-11e0-983e-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b1b5a12-1eb3-11e0-983e-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b1b5a12-1eb3-11e0-983e-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b1b5a12-1eb3-11e0-983e-00030db35011}\ not found.
    File G:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c58bfa6-b758-11e2-ab1c-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c58bfa6-b758-11e2-ab1c-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c58bfa6-b758-11e2-ab1c-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c58bfa6-b758-11e2-ab1c-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fde9661-f508-11e0-91fb-001e101f9ae7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fde9661-f508-11e0-91fb-001e101f9ae7}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fde9661-f508-11e0-91fb-001e101f9ae7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fde9661-f508-11e0-91fb-001e101f9ae7}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8520ea88-ceea-11e2-afd9-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8520ea88-ceea-11e2-afd9-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8520ea88-ceea-11e2-afd9-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8520ea88-ceea-11e2-afd9-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{886c06e8-ceed-11e2-8c5f-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{886c06e8-ceed-11e2-8c5f-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{886c06e8-ceed-11e2-8c5f-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{886c06e8-ceed-11e2-8c5f-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e96057f-c733-11df-b684-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e96057f-c733-11df-b684-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e96057f-c733-11df-b684-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e96057f-c733-11df-b684-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e96059c-c733-11df-b684-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e96059c-c733-11df-b684-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e96059c-c733-11df-b684-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e96059c-c733-11df-b684-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9546dc9b-1e9b-11e0-a353-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9546dc9b-1e9b-11e0-a353-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9546dc9b-1e9b-11e0-a353-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9546dc9b-1e9b-11e0-a353-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d6fdf07-b75d-11e2-837a-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d6fdf07-b75d-11e2-837a-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d6fdf07-b75d-11e2-837a-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d6fdf07-b75d-11e2-837a-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0f44d0c-c6fb-11df-9e95-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0f44d0c-c6fb-11df-9e95-00030db35011}\ not found.
    File D:\Installer.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9206c55-d7e6-11df-906a-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9206c55-d7e6-11df-906a-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9206c55-d7e6-11df-906a-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9206c55-d7e6-11df-906a-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97e906d-f16b-11e1-b698-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a97e906d-f16b-11e1-b698-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97e906d-f16b-11e1-b698-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a97e906d-f16b-11e1-b698-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97e9089-f16b-11e1-b698-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a97e9089-f16b-11e1-b698-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97e9089-f16b-11e1-b698-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a97e9089-f16b-11e1-b698-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae939764-ca5f-11df-8d58-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae939764-ca5f-11df-8d58-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae939764-ca5f-11df-8d58-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae939764-ca5f-11df-8d58-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b65bfd26-1e9c-11e0-8f17-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65bfd26-1e9c-11e0-8f17-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b65bfd26-1e9c-11e0-8f17-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65bfd26-1e9c-11e0-8f17-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c68188af-898b-11e0-a223-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c68188af-898b-11e0-a223-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c68188af-898b-11e0-a223-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c68188af-898b-11e0-a223-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd53c7fd-219e-11e0-b785-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd53c7fd-219e-11e0-b785-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd53c7fd-219e-11e0-b785-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd53c7fd-219e-11e0-b785-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ced015f1-c815-11df-9386-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ced015f1-c815-11df-9386-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ced015f1-c815-11df-9386-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ced015f1-c815-11df-9386-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ced01605-c815-11df-9386-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ced01605-c815-11df-9386-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ced01605-c815-11df-9386-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ced01605-c815-11df-9386-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf18804f-1ea1-11e0-873f-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf18804f-1ea1-11e0-873f-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf18804f-1ea1-11e0-873f-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf18804f-1ea1-11e0-873f-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf188061-1ea1-11e0-873f-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf188061-1ea1-11e0-873f-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf188061-1ea1-11e0-873f-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf188061-1ea1-11e0-873f-00030db35011}\ not found.
    File F:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d31bb189-20a9-11e0-a59d-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d31bb189-20a9-11e0-a59d-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d31bb189-20a9-11e0-a59d-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d31bb189-20a9-11e0-a59d-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d950778e-b750-11e2-a81a-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d950778e-b750-11e2-a81a-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d950778e-b750-11e2-a81a-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d950778e-b750-11e2-a81a-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9507797-b750-11e2-a81a-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9507797-b750-11e2-a81a-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9507797-b750-11e2-a81a-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9507797-b750-11e2-a81a-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d981389f-a741-11e0-a149-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d981389f-a741-11e0-a149-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d981389f-a741-11e0-a149-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d981389f-a741-11e0-a149-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa3ba7c-2336-11e0-968f-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{daa3ba7c-2336-11e0-968f-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa3ba7c-2336-11e0-968f-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{daa3ba7c-2336-11e0-968f-00030db35011}\ not found.
    File D:\WIN\setup.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbb9899d-c12f-11e0-826b-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbb9899d-c12f-11e0-826b-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbb9899d-c12f-11e0-826b-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbb9899d-c12f-11e0-826b-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe69002-c2bb-11e0-94fd-001e101f534f}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbe69002-c2bb-11e0-94fd-001e101f534f}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe69002-c2bb-11e0-94fd-001e101f534f}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbe69002-c2bb-11e0-94fd-001e101f534f}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe6901b-c2bb-11e0-94fd-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbe6901b-c2bb-11e0-94fd-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe6901b-c2bb-11e0-94fd-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbe6901b-c2bb-11e0-94fd-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbfb9308-4c41-11e1-b324-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbfb9308-4c41-11e1-b324-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbfb9308-4c41-11e1-b324-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbfb9308-4c41-11e1-b324-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd25831f-03f4-11e1-adaa-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd25831f-03f4-11e1-adaa-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd25831f-03f4-11e1-adaa-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd25831f-03f4-11e1-adaa-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e78bb380-03df-11e1-ad9a-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e78bb380-03df-11e1-ad9a-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e78bb380-03df-11e1-ad9a-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e78bb380-03df-11e1-ad9a-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb6aa39f-03e2-11e1-b34b-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb6aa39f-03e2-11e1-b34b-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb6aa39f-03e2-11e1-b34b-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb6aa39f-03e2-11e1-b34b-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca2cd20-03f0-11e1-93d0-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eca2cd20-03f0-11e1-93d0-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca2cd20-03f0-11e1-93d0-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eca2cd20-03f0-11e1-93d0-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef7630be-c1f4-11e0-93bd-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef7630be-c1f4-11e0-93bd-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef7630be-c1f4-11e0-93bd-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef7630be-c1f4-11e0-93bd-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3e878bf-7c08-11e0-97ef-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3e878bf-7c08-11e0-97ef-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3e878bf-7c08-11e0-97ef-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3e878bf-7c08-11e0-97ef-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fff0d77f-9853-11e0-ac68-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fff0d77f-9853-11e0-ac68-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fff0d77f-9853-11e0-ac68-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fff0d77f-9853-11e0-ac68-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    C:\Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe moved successfully.
    File C:\Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe not found.
    Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\ not found.
    C:\Program Files\PriceGong\2.1.0\FF\content folder moved successfully.
    C:\Program Files\PriceGong\2.1.0\FF\components folder moved successfully.
    C:\Program Files\PriceGong\2.1.0\FF folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User

    User: Laptop
    ->Temp folder emptied: 448227 bytes
    ->Temporary Internet Files folder emptied: 232584155 bytes
    ->Java cache emptied: 1237443 bytes
    ->FireFox cache emptied: 130934024 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 9362 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 10170274 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 358.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Laptop
    ->Flash cache emptied: 492 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Laptop
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point
    Error: Unable to interpret < :Files> in the current context!
    Error: Unable to interpret < ipconfig /flushdns /c> in the current context!
    Error: Unable to interpret < C:\hemxccapeaj.exe /s> in the current context!
    Error: Unable to interpret < C:\Program Files\PriceGong> in the current context!
    Error: Unable to interpret < C:\bjrwzmzisvc.exe /s> in the current context!

    OTL by OldTimer - Version 3.2.69.0 log created on 12312013_173650

    Files\Folders moved on Reboot...
    File\Folder D:\AutoRun.exe not found!
    File\Folder D:\AUTORUN.INF not found!
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZC0PGFTE\envelope1[1].eot moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5KU09T2\pool_distilled_ie[11].htm moved successfully.
    File\Folder C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5KU09T2\showthread[2].htm not found!
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQQ379GX\xframe-proxy_20130927[1].htm moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPJ37KOD\12[3].htm moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPJ37KOD\pool_distilled_ie[6].htm moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPJ37KOD\showthread[1].htm moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LE6BPX6T\ai[3].htm moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EU2ENB4T\mail-ltr6[1].eot moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXL1YJTD\st[1] moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLBOTGJ6\ai[4].htm moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLBOTGJ6\ai[5].htm moved successfully.
    File\Folder C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLBOTGJ6\facebook_com[1].htm not found!
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLBOTGJ6\pool_distilled_ieCA9IISWB.htm moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLBOTGJ6\pool_distilled_ieCARICNHK.htm moved successfully.
    File\Folder C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLBOTGJ6\push[1].htm not found!
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54HL3KDW\fc[1].htm moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54HL3KDW\r-csc[1].htm moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54HL3KDW\r-sf[1].htm moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2K6MDFGJ\xframe-proxy_20130927[1].htm moved successfully.
    File move failed. C:\Windows\temp\avg_secure_search.log scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    I don't know if it is relevant - there are some errors in the log about D:/ files not found.
    D:/ is the drive when I run my broadband dongle, and it is not connected on start up. It was running during scan though.

    Happy New Year to you!

    Do you think it is safe to log in to internet banking?


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    yeah let adwcleaner clean anything it finds.

    don't worry bout the D:\ drive thing.

    yep should be fine to do internet banking


    just one more thing, do you have the avg log from when it found something ?


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    Hi jsa112,

    I'll scan and clean with adwcleaner again. I'll post you that log later this evening.

    I can't find log from AVG, there is only "Reports" tab with update logs. I'll google or look in help to find if it is hidden somewhere.

    Thank you :)


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    Hi again,

    I managed to find something in AVG. These are not log files, but I got them in History and did "Export" to text files. There were 4 trojans:

    Trojan1:

    Resident Shield Results
    "Threat Name" "Result" "Detection Time" "Object Type" "Process"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\tfoqktardtf.exe" "Secured" "29/12/2013, 22:49:18" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZK9F39\svchost[1].exe" "Secured" "29/12/2013, 22:49:41" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\mwpyvtnsdug.exe" "Secured" "30/12/2013, 22:02:05" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TBQQNC7\svchost[1].exe" "Secured" "30/12/2013, 22:02:31" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"


    Trojan2:

    Resident Shield Results
    "Threat Name" "Result" "Detection Time" "Object Type" "Process"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\tfoqktardtf.exe" "Secured" "29/12/2013, 22:49:18" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZK9F39\svchost[1].exe" "Secured" "29/12/2013, 22:49:41" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\mwpyvtnsdug.exe" "Secured" "30/12/2013, 22:02:05" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TBQQNC7\svchost[1].exe" "Secured" "30/12/2013, 22:02:31" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"


    Trojan3:

    Resident Shield Results
    "Threat Name" "Result" "Detection Time" "Object Type" "Process"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\tfoqktardtf.exe" "Secured" "29/12/2013, 22:49:18" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZK9F39\svchost[1].exe" "Secured" "29/12/2013, 22:49:41" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\mwpyvtnsdug.exe" "Secured" "30/12/2013, 22:02:05" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TBQQNC7\svchost[1].exe" "Secured" "30/12/2013, 22:02:31" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"


    Trojan4:

    Resident Shield Results
    "Threat Name" "Result" "Detection Time" "Object Type" "Process"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\tfoqktardtf.exe" "Secured" "29/12/2013, 22:49:18" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZK9F39\svchost[1].exe" "Secured" "29/12/2013, 22:49:41" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\mwpyvtnsdug.exe" "Secured" "30/12/2013, 22:02:05" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TBQQNC7\svchost[1].exe" "Secured" "30/12/2013, 22:02:31" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    open OTL click the none button at the very top, then copy and paste this into the box


    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    SaveMBR:0
    createrestorepoint
    %systemroot%\*. /mp /s
    C:\*.*
    showhidden
    c:\Users\Laptop\AppData\Roaming\*.*
    C:\Program Files\Internet Explorer\iexplore.exe /md5
    /md5start
    svchost.exe
    /md5stop


    click run scan post the log it gives


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    Ok, I'll do that now.
    I have just run adwcleaner, do you want to see logs from scan and clean?
    I noticed it removed AVG secure search from Firefox. Why is that? I thought AVG is "safe" (although I can't remember how I installed it, it was probably always there :( )


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    yeah post all logs I ask for. AVG installed some crap toolbar thats why it got removed.


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    Hi Jsa112,

    during OTL scan AVG has detected trojan again and I clicked an option to remove it. Is it OK, should I have ignored it? What does it mean, is it "false" alarm?

    I am posting 3 logs in the bext 3 posts - adwcleaner scan, adwcleaner clean and the latest OTL scan.

    Here is report from AVG when it found Trojan during otl.exe:

    Resident Shield Results
    "Threat Name" "Result" "Detection Time" "Object Type" "Process"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\tfoqktardtf.exe" "Secured" "29/12/2013, 22:49:18" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZK9F39\svchost[1].exe" "Secured" "29/12/2013, 22:49:41" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\mwpyvtnsdug.exe" "Secured" "30/12/2013, 22:02:05" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TBQQNC7\svchost[1].exe" "Secured" "30/12/2013, 22:02:31" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse BackDoor.Generic18.ENR, c:\_OTL\MovedFiles\12312013_173650\C_Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe" "Secured" "31/12/2013, 22:02:08" "File or Directory" "C:\Users\Laptop\Downloads\OTL.exe"


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    adwcleaner scan log:

    # AdwCleaner v3.016 - Report created 31/12/2013 at 20:40:05
    # Updated 23/12/2013 by Xplode
    # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Username : Laptop - LAPTOP-PC
    # Running from : C:\Users\Laptop\Downloads\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16526


    -\\ Mozilla Firefox v26.0 (en-GB)

    [ File : C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\prefs.js ]

    Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Line Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");

    -\\ Google Chrome v31.0.1650.63

    [ File : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [1071 octets] - [31/12/2013 17:23:08]
    AdwCleaner[R1].txt - [993 octets] - [31/12/2013 20:40:05]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1052 octets] ##########


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    adwcleaner clean log:

    # AdwCleaner v3.016 - Report created 31/12/2013 at 20:42:30
    # Updated 23/12/2013 by Xplode
    # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Username : Laptop - LAPTOP-PC
    # Running from : C:\Users\Laptop\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\Program Files\AVG Secure Search
    Folder Deleted : C:\Program Files\PriceGong
    Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
    Folder Deleted : C:\Users\Laptop\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Laptop\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\Laptop\AppData\LocalLow\AVG Security Toolbar
    Folder Deleted : C:\Users\Laptop\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\alot
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\alotToolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16526


    -\\ Mozilla Firefox v26.0 (en-GB)

    [ File : C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\prefs.js ]

    Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

    -\\ Google Chrome v31.0.1650.63

    [ File : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [1071 octets] - [31/12/2013 17:23:08]
    AdwCleaner[R1].txt - [1132 octets] - [31/12/2013 20:40:05]
    AdwCleaner[S0].txt - [7855 octets] - [31/12/2013 20:42:30]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7915 octets] ##########


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    OTL log:

    OTL logfile created on: 31/12/2013 21:40:04 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laptop\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    984.18 Mb Total Physical Memory | 75.26 Mb Available Physical Memory | 7.65% Memory free
    2.18 Gb Paging File | 1.07 Gb Available in Paging File | 49.01% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 138.31 Gb Total Space | 82.60 Gb Free Space | 59.72% Space Free | Partition Type: NTFS
    Drive D: | 25.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive S: | 1.46 Gb Total Space | 1.30 Gb Free Space | 88.83% Space Free | Partition Type: NTFS

    Computer Name: LAPTOP-PC | User Name: Laptop | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - - File not found
    MsConfig - StartUpFolder: C:^Users^Laptop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - - File not found
    MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: Google EULA Launcher - hkey= - key= - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
    MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
    MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    MsConfig - StartUpReg: UpdateP2GShortCut - hkey= - key= - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    MsConfig - State: "startup" - 2

    SafeBootMin: AppMgmt - Service
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: NTDS - File not found
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    SafeBootNet: AppMgmt - Service
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: HelpSvc - Service
    SafeBootNet: Messenger - Service
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: NTDS - File not found
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: rdsessmgr - Service
    SafeBootNet: sacsvr - Service
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootNet: WudfUsbccidDriver - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Custom Scans ==========

    < %systemroot%\*. /mp /s >

    < C:\*.* >
    [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2008/01/21 02:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
    [2008/02/06 16:51:27 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2013/12/31 21:31:26 | 1032,740,864 | -HS- | M] () -- C:\hiberfil.sys
    [2013/12/31 21:31:23 | 1346,555,904 | -HS- | M] () -- C:\pagefile.sys
    [2013/12/31 21:42:16 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
    [2010/12/18 23:40:02 | 000,005,892 | ---- | M] () -- C:\scramble.log
    [2010/10/15 18:16:05 | 000,000,000 | RH-D | M] -- C:\MSOCache
    [2013/12/31 20:44:33 | 000,000,000 | -H-D | M] -- C:\ProgramData
    [2010/09/19 17:33:28 | 000,000,000 | -H-D | M] -- C:\Applications\OEM
    [2011/04/11 23:42:05 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
    [2010/10/24 09:25:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
    [2010/10/30 15:14:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser
    [2010/10/30 15:14:18 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\YouCam\1.00
    [2010/10/30 15:14:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\YouCam\1.00
    [2006/11/02 12:37:34 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
    [2006/11/02 13:02:03 | 000,000,000 | RH-D | M] -- C:\Users\Default
    [2006/11/02 11:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
    [2010/09/19 17:33:44 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData
    [2010/10/04 12:35:32 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
    [2010/10/04 12:39:36 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
    [2010/09/23 17:07:13 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Local\Microsoft\Media Player\Art Cache
    [2010/09/19 17:34:33 | 000,000,000 | RH-D | M] -- C:\Users\Laptop\AppData\Local\Microsoft\Windows\Burn\Burn
    [2010/10/15 11:42:25 | 000,000,000 | RH-D | M] -- C:\Users\Laptop\AppData\Local\Microsoft\Windows\Burn\Burn1
    [2011/01/13 01:29:34 | 000,000,000 | RH-D | M] -- C:\Users\Laptop\AppData\Local\Microsoft\Windows\Burn\Burn2
    [2010/11/09 00:18:17 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Roaming\CyberLink\MediaCache
    [2010/09/23 18:53:21 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Roaming\CyberLink\MediaCache\Power2Go
    [2011/05/27 22:14:25 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
    [2010/10/04 12:38:51 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\IETldCache\Low
    [2010/10/04 12:39:17 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
    [2013/12/30 00:13:30 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
    [2006/11/02 10:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
    [2008/09/12 17:47:27 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg
    [2008/09/12 17:47:27 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\Power2Go
    [2008/09/12 17:47:27 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{397A21FB-EADF-4116-9027-32B8FA04C3E2}\Version\5.50
    [2010/09/23 18:53:05 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{E303BA32-9368-4a3c-AE3A-AFDADCBDE48B}\Version\1.00
    [2012/12/26 20:47:54 | 000,000,000 | -H-D | M] -- C:\Users\Public\Recorded TV\TempRec
    [2006/11/02 11:18:34 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
    [2008/09/12 17:37:58 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData

    < c:\Users\Laptop\AppData\Roaming\*.* >
    [2010/09/29 00:18:18 | 000,000,132 | ---- | M] () -- c:\Users\Laptop\AppData\Roaming\wklnhst.dat

    < C:\Program Files\Internet Explorer\iexplore.exe /md5 >
    [2013/11/14 23:18:24 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=43E6F2A7FB182F2D7CB0CE5B8F1005CF -- C:\Program Files\Internet Explorer\iexplore.exe

    < MD5 for: SVCHOST.EXE >
    [2008/01/21 02:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
    [2008/01/21 02:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
    [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

    < End of report >


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    it means the infection is respawning, going to need to bring out the big guns


    download and run combofix

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    post the log it gives


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    Uhhhh :( It looks very scary.
    Can I keep my browser(s) open while it is running (I want to have that page you posted open)?
    It looks from the manual that it can take a while, is it dangerous of I leave it for tomorrow? I still didn't log to my internet banking, but need to to this evening, is it safe?

    You are so nice for helping me with this, God bless you :)


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    Oh I read the guide again now - it states I should close my browser as well and print the guide.
    I don't have access to printer before Friday, do you think I can leave for 2 days?


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    you can leave the browser open if ya need to, shouldn't matter too much, no need to print the guide if its too much hassle.

    it should be safe to do internet banking.

    don't worry bout all those guidelines, better to run it now than in 2 days to be honest. should only take 20mins to run it, and is safe


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    Ok :)


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    Celebrate New Years instead of talking to me :)


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    Hahha, I was thinking the same about you. I have very bad flu, not in celebration mood at all. It is not only laptop that is infected :(

    I wish you very Happy New Year, you have earned a lot of good karma helping others :)


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    Hi Jsa112,

    if you are stil awake I am sending combofix log in the next post :)

    One thing - when it started it asked me to stop AVG. I couldn't find how to do it at the moment (when I am in panic mode my brain stops working).
    Then, when it was at stage 3 I disabled AVG. I hope it is OK and did not ruin anything?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    ComboFix 13-12-31.01 - Laptop 01/01/2014 0:23.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.984.291 [GMT 0:00]
    Running from: c:\users\Laptop\Desktop\ComboFix.exe
    AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Resident AV is active
    .
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-12-01 to 2014-01-01 )))))))))))))))))))))))))))))))
    .
    .
    2014-01-01 00:40 . 2014-01-01 00:43
    d
    w- c:\users\Laptop\AppData\Local\temp
    2014-01-01 00:40 . 2014-01-01 00:40
    d
    w- c:\users\Default\AppData\Local\temp
    2013-12-31 21:42 . 2013-12-31 21:42 512 ----a-w- C:\PhysicalMBR.bin
    2013-12-31 17:36 . 2013-12-31 17:36
    d
    w- C:\_OTL
    2013-12-31 17:21 . 2013-12-31 20:42
    d
    w- C:\AdwCleaner
    2013-12-30 19:06 . 2013-12-30 19:07
    d
    w- c:\users\Laptop\AppData\Local\dumps
    2013-12-12 00:33 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll
    2013-12-12 00:33 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
    2013-12-12 00:33 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
    2013-12-12 00:32 . 2013-10-11 02:08 131072 ----a-w- c:\windows\system32\wshom.ocx
    2013-12-12 00:32 . 2013-10-11 00:35 155648 ----a-w- c:\windows\system32\wscript.exe
    2013-12-12 00:32 . 2013-10-11 00:35 135168 ----a-w- c:\windows\system32\cscript.exe
    2013-12-12 00:32 . 2013-10-11 02:08 172032 ----a-w- c:\windows\system32\scrrun.dll
    2013-12-12 00:32 . 2013-10-11 02:08 36864 ----a-w- c:\windows\system32\wshcon.dll
    2013-12-12 00:31 . 2013-10-30 00:35 2050560 ----a-w- c:\windows\system32\win32k.sys
    2013-12-12 00:30 . 2013-10-22 07:19 158208 ----a-w- c:\windows\system32\imagehlp.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-12-10 22:10 . 2012-07-18 20:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-12-10 22:10 . 2011-05-21 16:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-11-10 14:41 . 2012-09-29 10:07 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2013-11-05 21:50 . 2013-11-05 21:50 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
    2013-11-04 21:57 . 2013-11-04 21:57 209176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2013-10-31 23:00 . 2013-10-31 23:00 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2013-10-31 22:30 . 2013-10-31 22:30 222520 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2013-10-30 02:13 . 2008-01-21 02:23 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
    2013-10-24 22:28 . 2013-10-24 22:28 147768 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2013-10-11 02:08 . 2013-11-13 23:47 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
    2013-10-11 02:07 . 2013-11-13 23:47 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
    2013-10-03 12:45 . 2013-11-13 23:48 297984 ----a-w- c:\windows\system32\gdi32.dll
    2013-10-03 12:45 . 2013-11-13 23:48 993792 ----a-w- c:\windows\system32\crypt32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-17 135680]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-12 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
    "SpareMessaging"="c:\program files\Spare Messaging\MessagingApp.exe" [2007-11-28 42824]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
    "ModemListener"="c:\program files\Mobilni Internet\ModemListener.exe" [2010-07-12 98304]
    "AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-11-07 4956176]
    "Skytel"="Skytel.exe" [2007-11-20 1826816]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF&inst=NzctNjMyNzYyMjI3LVBMKzktWE8zNisxLU4xRCsxLVFJWDErNC1YMjAxMCsyLUZMMTArMS1MSUMrODgtU1AxKzEtU1AxVEIrMS1TUDFTMisxLVNVRCsxLVMxSSsxLVNVMysxLUxTRCsyLUREVCsw&prod=90&ver=10.0.1382" [?]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Launch.lnk - c:\windows\Installer\{4A65DAD2-E914-4923-9C2A-81B968A68CE2}\_A685CC3126A7CC37D335DE.exe [2008-9-12 17542]
    OSD.lnk - c:\windows\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_1F0B30F16FFA954160D1AF.exe [2008-9-11 21630]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @=&quot;Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Laptop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
    path=c:\users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
    backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-29 20:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
    2008-08-06 10:30 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
    2007-11-20 18:15 1826816 ----a-w- c:\windows\SkyTel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-09-12 17:29 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
    2007-09-13 15:32 222504 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GShortCut]
    2008-01-04 10:02 222504 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-12-05 21:11 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 22:11]
    .
    2013-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-28 23:10]
    .
    2014-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-28 23:10]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://mail.yahoo.com/
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: raiffeisenbank.rs\rol
    DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
    DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} - hxxps://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
    FF - ProfilePath - c:\users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\
    FF - ExtSQL: !HIDDEN! 2010-09-30 21:39; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-01-01 00:43
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    LOCKED REGISTRY KEYS
    .
    [HKEY_USERS\S-1-5-21-2051435258-2395563607-277202808-1000_Classes\CLSID\{70C06E40-C893-6D47-AA91-8381842D4939}]
    @Denied: (A 4) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    DLLs Loaded Under Running Processes
    .
    - - - - - - - > 'Explorer.exe'(4832)
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    .
    Completion time: 2014-01-01 00:47:31
    ComboFix-quarantined-files.txt 2014-01-01 00:47
    .
    Pre-Run: 87,420,944,384 bytes free
    Post-Run: 87,454,965,760 bytes free
    .
    - - End Of File - - 370100B5B78161CB6F6CCC8FE18CE6CF
    5C616939100B85E558DA92B899A0FC36


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    looks good, let me know if avg/mbam keeps finding things and if the pc is giving you any problems


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    Yupiiii :)

    One question: I keep getting prompt in IE saying "I am about to leave secure connection". Is that ok to say don't prompt me again?

    Thank-You-word-cloud-1024x791.jpg


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    yeah that's grand, some sites are secure and some aren't

    although try not use internet explorer as its a POS and more likely to get you infected again. Use chrome


  • Registered Users, Registered Users 2 Posts: 477 ✭✭askU


    ur clogging up my system


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    jsa112 wrote: »
    yeah that's grand, some sites are secure and some aren't

    although try not use internet explorer as its a POS and more likely to get you infected again. Use chrome

    It prompts secure warning for comobofix and for google. Maybe security settings have been reseted by combofix? I'll google it to find out :) Maybe it is ok just to check the box "don't show this message again".

    And sorry for the big picture I didn't realize :)

    I know about Chrome....but I am used to IE.
    Shell I run adwcleaner regullary to clean?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    yeah check that box, its nothing to worry about

    no need to run adwcleaner, do run mbam and avg occasionally, you can pm me if they find anything


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    Its people like you who make a difference to this world :) Thank you again. All the best.


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    yep i'm great, good night and good luck :)


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    Tdsskiller log:

    16:00:55.0633 0x16f4 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
    16:01:20.0817 0x16f4 ============================================================
    16:01:20.0818 0x16f4 Current date / time: 2014/01/01 16:01:20.0817
    16:01:20.0818 0x16f4 SystemInfo:
    16:01:20.0818 0x16f4
    16:01:20.0818 0x16f4 OS Version: 6.0.6002 ServicePack: 2.0
    16:01:20.0818 0x16f4 Product type: Workstation
    16:01:20.0818 0x16f4 ComputerName: LAPTOP-PC
    16:01:20.0819 0x16f4 UserName: Laptop
    16:01:20.0819 0x16f4 Windows directory: C:\Windows
    16:01:20.0819 0x16f4 System windows directory: C:\Windows
    16:01:20.0819 0x16f4 Processor architecture: Intel x86
    16:01:20.0819 0x16f4 Number of processors: 2
    16:01:20.0819 0x16f4 Page size: 0x1000
    16:01:20.0819 0x16f4 Boot type: Normal boot
    16:01:20.0819 0x16f4 ============================================================
    16:01:27.0393 0x16f4 KLMD registered as C:\Windows\system32\drivers\59677234.sys
    16:01:29.0688 0x16f4 System UUID: {8B73D1E6-BFA3-55BE-C168-014BDB79FF90}
    16:01:32.0981 0x16f4 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    16:01:33.0048 0x16f4 ============================================================
    16:01:33.0048 0x16f4 \Device\Harddisk0\DR0:
    16:01:33.0049 0x16f4 MBR partitions:
    16:01:33.0049 0x16f4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x128E800, BlocksNum 0x2EE000
    16:01:33.0049 0x16f4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x157C800, BlocksNum 0x1149C800
    16:01:33.0049 0x16f4 ============================================================
    16:01:33.0113 0x16f4 C: <-> \Device\Harddisk0\DR0\Partition2
    16:01:33.0145 0x16f4 S: <-> \Device\Harddisk0\DR0\Partition1
    16:01:33.0349 0x16f4 ============================================================
    16:01:33.0349 0x16f4 Initialize success
    16:01:33.0349 0x16f4 ============================================================
    16:01:47.0061 0x0cb8 ============================================================
    16:01:47.0062 0x0cb8 Scan started
    16:01:47.0062 0x0cb8 Mode: Manual;
    16:01:47.0062 0x0cb8 ============================================================
    16:01:47.0062 0x0cb8 KSN ping started
    16:01:48.0330 0x0cb8 KSN ping finished: true
    16:01:49.0645 0x0cb8 ================ Scan system memory ========================
    16:01:49.0645 0x0cb8 System memory - ok
    16:01:49.0646 0x0cb8 ================ Scan services =============================
    16:01:49.0870 0x0cb8 [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI C:\Windows\system32\drivers\acpi.sys
    16:01:49.0894 0x0cb8 ACPI - ok
    16:01:50.0060 0x0cb8 [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    16:01:50.0143 0x0cb8 AdobeFlashPlayerUpdateSvc - ok
    16:01:50.0235 0x0cb8 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    16:01:50.0270 0x0cb8 adp94xx - ok
    16:01:50.0318 0x0cb8 [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    16:01:50.0350 0x0cb8 adpahci - ok
    16:01:50.0380 0x0cb8 [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    16:01:50.0388 0x0cb8 adpu160m - ok
    16:01:50.0420 0x0cb8 [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    16:01:50.0431 0x0cb8 adpu320 - ok
    16:01:50.0484 0x0cb8 [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    16:01:50.0487 0x0cb8 AeLookupSvc - ok
    16:01:50.0565 0x0cb8 [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD C:\Windows\system32\drivers\afd.sys
    16:01:50.0590 0x0cb8 AFD - ok
    16:01:50.0711 0x0cb8 [ DE9DF7A02803E923C7695B343678AC25, 3DD340E3B1FA6058EB6AA25BE0087BB44D0A343E30A79544B57F39D81A7A8D6C ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
    16:01:50.0803 0x0cb8 AgereSoftModem - ok
    16:01:50.0879 0x0cb8 [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440 C:\Windows\system32\drivers\agp440.sys
    16:01:50.0884 0x0cb8 agp440 - ok
    16:01:50.0941 0x0cb8 [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    16:01:50.0948 0x0cb8 aic78xx - ok
    16:01:50.0999 0x0cb8 [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG C:\Windows\System32\alg.exe
    16:01:51.0003 0x0cb8 ALG - ok
    16:01:51.0049 0x0cb8 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide C:\Windows\system32\drivers\aliide.sys
    16:01:51.0052 0x0cb8 aliide - ok
    16:01:51.0074 0x0cb8 [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    16:01:51.0079 0x0cb8 amdagp - ok
    16:01:51.0129 0x0cb8 [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide C:\Windows\system32\drivers\amdide.sys
    16:01:51.0133 0x0cb8 amdide - ok
    16:01:51.0148 0x0cb8 [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
    16:01:51.0154 0x0cb8 AmdK7 - ok
    16:01:51.0182 0x0cb8 [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    16:01:51.0188 0x0cb8 AmdK8 - ok
    16:01:51.0221 0x0cb8 [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo C:\Windows\System32\appinfo.dll
    16:01:51.0224 0x0cb8 Appinfo - ok
    16:01:51.0297 0x0cb8 [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc C:\Windows\system32\drivers\arc.sys
    16:01:51.0304 0x0cb8 arc - ok
    16:01:51.0357 0x0cb8 [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    16:01:51.0364 0x0cb8 arcsas - ok
    16:01:51.0397 0x0cb8 [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    16:01:51.0401 0x0cb8 AsyncMac - ok
    16:01:51.0436 0x0cb8 [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi C:\Windows\system32\drivers\atapi.sys
    16:01:51.0439 0x0cb8 atapi - ok
    16:01:51.0512 0x0cb8 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    16:01:51.0537 0x0cb8 AudioEndpointBuilder - ok
    16:01:51.0568 0x0cb8 [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv C:\Windows\System32\Audiosrv.dll
    16:01:51.0584 0x0cb8 Audiosrv - ok
    16:01:51.0673 0x0cb8 [ 9C7C45DE9E167F6268D32D6D10133F7D, 58005B49AE6D5CABB3ECEFF0D800F53D6E81A67B5EFE25E9374EC061FEC5601F ] Avgdiskx C:\Windows\system32\DRIVERS\avgdiskx.sys
    16:01:51.0684 0x0cb8 Avgdiskx - ok
    16:01:52.0073 0x0cb8 [ F89B2DACE0FBE54CF65D12B7081C19C3, 64BBA5A29948ABFADB8865CE0D7D0259AB291B8DA04786AB351055D57B49D439 ] AVGIDSAgent C:\Program Files\AVG\AVG2014\avgidsagent.exe
    16:01:52.0306 0x0cb8 AVGIDSAgent - ok
    16:01:52.0391 0x0cb8 [ C66B17D93F94622293608C2FB91C5806, 5BA6948A5328D73B1BAF6DACC7B2A842FD0072246DD416DE39F6993EAABC2997 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
    16:01:52.0406 0x0cb8 AVGIDSDriver - ok
    16:01:52.0488 0x0cb8 [ 0C70FAB4B08DC1FF6612AA3F352CFCA9, 6991B6A9E5063611C280968F758E6B0F431E19EB8539808531C6293A0F313C47 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
    16:01:52.0498 0x0cb8 AVGIDSHX - ok
    16:01:52.0530 0x0cb8 [ 4118A9D326A76D485713A36988102C3E, 10C494165258D091AB31533C37FA05C29013471D5B2D6BDA60F731715FA02248 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
    16:01:52.0534 0x0cb8 AVGIDSShim - ok
    16:01:52.0636 0x0cb8 [ 578ECC3D911897B2C5B760EDAF8ED6CA, 99CAACB349C8629D4BE6070BDBFB0BDB4A13ABFFF738F04D723D2AFE7EA58894 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
    16:01:52.0658 0x0cb8 Avgldx86 - ok
    16:01:52.0941 0x0cb8 [ BD1A440B9F126AFE52978A44952B0018, 83577249AACC3F0C655C27A471739113B2086BFC1FF15D0ED7E64B0215B739DB ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
    16:01:53.0157 0x0cb8 Avglogx - ok
    16:01:53.0342 0x0cb8 [ 7DC192EC714342E7C020C7CF42E394D8, 09F4CFFD93067E62B09C550A7A0588E90CAD190E49E1B7082FC5A949AF389781 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
    16:01:53.0395 0x0cb8 Avgmfx86 - ok
    16:01:53.0717 0x0cb8 [ E6322DF686CE1C59D7797FAEF0732454, 03534F19568B421F9BE9C99A7A5302D38FCABA26E95C49A492DA49E58A918B55 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
    16:01:53.0739 0x0cb8 Avgrkx86 - ok
    16:01:53.0877 0x0cb8 [ E98603F9D1F412F38ADF2F76053F9E5A, 1CE4668E0202ADD8C4C3D7D883DC837F7888F5D6E3B6FEE8338E15A86FE6AC22 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
    16:01:53.0958 0x0cb8 Avgtdix - ok
    16:01:54.0087 0x0cb8 [ 15ACA2AD17ACECA4814F249783E63AD3, AB8E74A5B8FC2FD04BA2B495610A8BE76408E9362A447D7069D5AAB8F3512F33 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
    16:01:54.0114 0x0cb8 avgtp - ok
    16:01:54.0419 0x0cb8 [ B747B6BB015E552F49C634BB19540F3D, 5000AD41BD101BC06D595484B6E58DEEBB962939ACF4B24DE515771D1C4AE3ED ] avgwd C:\Program Files\AVG\AVG2014\avgwdsvc.exe
    16:01:54.0718 0x0cb8 avgwd - ok
    16:01:54.0904 0x0cb8 [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep C:\Windows\system32\drivers\Beep.sys
    16:01:54.0927 0x0cb8 Beep - ok
    16:01:55.0349 0x0cb8 [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE C:\Windows\System32\bfe.dll
    16:01:55.0509 0x0cb8 BFE - ok
    16:01:55.0679 0x0cb8 [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS C:\Windows\system32\qmgr.dll
    16:01:55.0737 0x0cb8 BITS - ok
    16:01:55.0790 0x0cb8 [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    16:01:55.0796 0x0cb8 blbdrive - ok
    16:01:55.0849 0x0cb8 [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    16:01:55.0856 0x0cb8 bowser - ok
    16:01:55.0898 0x0cb8 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    16:01:55.0903 0x0cb8 BrFiltLo - ok
    16:01:55.0923 0x0cb8 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    16:01:55.0926 0x0cb8 BrFiltUp - ok
    16:01:55.0960 0x0cb8 [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser C:\Windows\System32\browser.dll
    16:01:55.0967 0x0cb8 Browser - ok
    16:01:56.0024 0x0cb8 [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid C:\Windows\system32\drivers\brserid.sys
    16:01:56.0032 0x0cb8 Brserid - ok
    16:01:56.0065 0x0cb8 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    16:01:56.0070 0x0cb8 BrSerWdm - ok
    16:01:56.0126 0x0cb8 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    16:01:56.0130 0x0cb8 BrUsbMdm - ok
    16:01:56.0187 0x0cb8 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    16:01:56.0190 0x0cb8 BrUsbSer - ok
    16:01:56.0263 0x0cb8 [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    16:01:56.0267 0x0cb8 BTHMODEM - ok
    16:01:56.0317 0x0cb8 catchme - ok
    16:01:56.0371 0x0cb8 [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    16:01:56.0379 0x0cb8 cdfs - ok
    16:01:56.0460 0x0cb8 [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    16:01:56.0467 0x0cb8 cdrom - ok
    16:01:56.0520 0x0cb8 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc C:\Windows\System32\certprop.dll
    16:01:56.0524 0x0cb8 CertPropSvc - ok
    16:01:56.0586 0x0cb8 [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass C:\Windows\system32\drivers\circlass.sys
    16:01:56.0591 0x0cb8 circlass - ok
    16:01:56.0686 0x0cb8 [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS C:\Windows\system32\CLFS.sys
    16:01:56.0702 0x0cb8 CLFS - ok
    16:01:56.0805 0x0cb8 [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:01:56.0812 0x0cb8 clr_optimization_v2.0.50727_32 - ok
    16:01:56.0929 0x0cb8 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:01:56.0939 0x0cb8 clr_optimization_v4.0.30319_32 - ok
    16:01:57.0009 0x0cb8 [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    16:01:57.0013 0x0cb8 CmBatt - ok
    16:01:57.0046 0x0cb8 [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    16:01:57.0050 0x0cb8 cmdide - ok
    16:01:57.0116 0x0cb8 [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    16:01:57.0119 0x0cb8 Compbatt - ok
    16:01:57.0128 0x0cb8 COMSysApp - ok
    16:01:57.0151 0x0cb8 [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    16:01:57.0156 0x0cb8 crcdisk - ok
    16:01:57.0206 0x0cb8 [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe C:\Windows\system32\drivers\crusoe.sys
    16:01:57.0213 0x0cb8 Crusoe - ok
    16:01:57.0314 0x0cb8 [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    16:01:57.0324 0x0cb8 CryptSvc - ok
    16:01:57.0471 0x0cb8 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch C:\Windows\system32\rpcss.dll
    16:01:57.0517 0x0cb8 DcomLaunch - ok
    16:01:57.0590 0x0cb8 DeviceManager - ok
    16:01:57.0640 0x0cb8 [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    16:01:57.0646 0x0cb8 DfsC - ok
    16:01:57.0831 0x0cb8 [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR C:\Windows\system32\DFSR.exe
    16:01:57.0975 0x0cb8 DFSR - ok
    16:01:58.0084 0x0cb8 [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    16:01:58.0097 0x0cb8 Dhcp - ok
    16:01:58.0129 0x0cb8 [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk C:\Windows\system32\drivers\disk.sys
    16:01:58.0134 0x0cb8 disk - ok
    16:01:58.0202 0x0cb8 [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache C:\Windows\System32\dnsrslvr.dll
    16:01:58.0210 0x0cb8 Dnscache - ok
    16:01:58.0269 0x0cb8 [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc C:\Windows\System32\dot3svc.dll
    16:01:58.0281 0x0cb8 dot3svc - ok
    16:01:58.0322 0x0cb8 [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS C:\Windows\system32\dps.dll
    16:01:58.0332 0x0cb8 DPS - ok
    16:01:58.0365 0x0cb8 [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    16:01:58.0368 0x0cb8 drmkaud - ok
    16:01:58.0455 0x0cb8 [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    16:01:58.0512 0x0cb8 DXGKrnl - ok
    16:01:58.0546 0x0cb8 [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
    16:01:58.0556 0x0cb8 E1G60 - ok
    16:01:58.0594 0x0cb8 [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost C:\Windows\System32\eapsvc.dll
    16:01:58.0599 0x0cb8 EapHost - ok
    16:01:58.0686 0x0cb8 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache C:\Windows\system32\drivers\ecache.sys
    16:01:58.0703 0x0cb8 Ecache - ok
    16:01:58.0787 0x0cb8 [ 3A511ED3C9A9DA2CD5A50FF46178063A, FA8732D1B078E01EC2337BE1997B58B37BC3C39747D932F8CAB1B98C6BC754F5 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    16:01:58.0823 0x0cb8 ehRecvr - ok
    16:01:58.0845 0x0cb8 [ A3D94C93333619458AF4BDE7531234C5, E01860EDC1AA3D9B58F9EC5BE20838A7C7B0A1F68B0264281AEDD6F5B69AA1BD ] ehSched C:\Windows\ehome\ehsched.exe
    16:01:58.0853 0x0cb8 ehSched - ok
    16:01:58.0862 0x0cb8 [ 487BA5C5BB442BD172F120DC197811C2, C43068044443FFB2368BAD0008DADF5D4218D0DCD9AB9F1D492540DE9CDC7EB9 ] ehstart C:\Windows\ehome\ehstart.dll
    16:01:58.0865 0x0cb8 ehstart - ok
    16:01:58.0931 0x0cb8 [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    16:01:58.0966 0x0cb8 elxstor - ok
    16:01:59.0062 0x0cb8 [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    16:01:59.0106 0x0cb8 EMDMgmt - ok
    16:01:59.0143 0x0cb8 [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev C:\Windows\system32\drivers\errdev.sys
    16:01:59.0146 0x0cb8 ErrDev - ok
    16:01:59.0210 0x0cb8 [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem C:\Windows\system32\es.dll
    16:01:59.0233 0x0cb8 EventSystem - ok
    16:01:59.0291 0x0cb8 [ 0F40E249E4DD0CE47C7CA19C5C8FB48A, EBF4A9DCEF2913095BDDACC64D02925B30CC1D779D21D31A1C3B59532D1C97E3 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
    16:01:59.0301 0x0cb8 ewusbnet - ok
    16:01:59.0391 0x0cb8 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7, 9AAF39AA22372FB8582C1422581C08E61444BF843E1CE2E199EB00FBEA6F9C06 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
    16:01:59.0399 0x0cb8 ew_hwusbdev - ok
    16:01:59.0495 0x0cb8 [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat C:\Windows\system32\drivers\exfat.sys
    16:01:59.0507 0x0cb8 exfat - ok
    16:01:59.0538 0x0cb8 [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    16:01:59.0549 0x0cb8 fastfat - ok
    16:01:59.0599 0x0cb8 [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    16:01:59.0603 0x0cb8 fdc - ok
    16:01:59.0635 0x0cb8 [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost C:\Windows\system32\fdPHost.dll
    16:01:59.0638 0x0cb8 fdPHost - ok
    16:01:59.0663 0x0cb8 [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub C:\Windows\system32\fdrespub.dll
    16:01:59.0667 0x0cb8 FDResPub - ok
    16:01:59.0687 0x0cb8 [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    16:01:59.0698 0x0cb8 FileInfo - ok
    16:01:59.0740 0x0cb8 [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    16:01:59.0744 0x0cb8 Filetrace - ok
    16:01:59.0766 0x0cb8 [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    16:01:59.0789 0x0cb8 flpydisk - ok
    16:01:59.0895 0x0cb8 [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    16:01:59.0909 0x0cb8 FltMgr - ok
    16:02:00.0022 0x0cb8 [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache C:\Windows\system32\FntCache.dll
    16:02:00.0085 0x0cb8 FontCache - ok
    16:02:00.0157 0x0cb8 [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    16:02:00.0161 0x0cb8 FontCache3.0.0.0 - ok
    16:02:00.0192 0x0cb8 [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    16:02:00.0195 0x0cb8 Fs_Rec - ok
    16:02:00.0224 0x0cb8 [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    16:02:00.0230 0x0cb8 gagp30kx - ok
    16:02:00.0281 0x0cb8 [ 75ECD9BBFACA8B6DEDC0C4B27D4DE93A, F77DA5A703783F6B00F9EFF488C15EAD257A17CDC4C444C54299256DD084DEFB ] GpdDevDPort C:\Windows\system32\directport.sys
    16:02:00.0285 0x0cb8 GpdDevDPort - ok
    16:02:00.0320 0x0cb8 [ 6BDC233AD6E8826E90BDC0C71443CB22, 0DDAAABEA394BAA1DC73F3A5747A336C9B11AF181B23820898C7F9D2F16E8EEE ] GpdKbFilter C:\Windows\system32\kbfiltr.sys
    16:02:00.0325 0x0cb8 GpdKbFilter - ok
    16:02:00.0413 0x0cb8 [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc C:\Windows\System32\gpsvc.dll
    16:02:00.0459 0x0cb8 gpsvc - ok
    16:02:00.0568 0x0cb8 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    16:02:00.0578 0x0cb8 gupdate - ok
    16:02:00.0601 0x0cb8 [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    16:02:00.0609 0x0cb8 gupdatem - ok
    16:02:00.0672 0x0cb8 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    16:02:00.0685 0x0cb8 gusvc - ok
    16:02:00.0740 0x0cb8 [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    16:02:00.0758 0x0cb8 HdAudAddService - ok
    16:02:00.0829 0x0cb8 [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    16:02:00.0875 0x0cb8 HDAudBus - ok
    16:02:00.0906 0x0cb8 [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth C:\Windows\system32\drivers\hidbth.sys
    16:02:00.0910 0x0cb8 HidBth - ok
    16:02:00.0936 0x0cb8 [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr C:\Windows\system32\drivers\hidir.sys
    16:02:00.0946 0x0cb8 HidIr - ok
    16:02:01.0008 0x0cb8 [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv C:\Windows\System32\hidserv.dll
    16:02:01.0012 0x0cb8 hidserv - ok
    16:02:01.0049 0x0cb8 [ 3C64042B95E583B366BA4E5D2450235E, B431F9692D66188AFEE372F312581178B14F49D763F8D1100D264623A239002A ] HidUsb C:\Windows\system32\drivers\hidusb.sys
    16:02:01.0053 0x0cb8 HidUsb - ok
    16:02:01.0112 0x0cb8 [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc C:\Windows\system32\kmsvc.dll
    16:02:01.0119 0x0cb8 hkmsvc - ok
    16:02:01.0186 0x0cb8 [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    16:02:01.0190 0x0cb8 HpCISSs - ok
    16:02:01.0255 0x0cb8 [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    16:02:01.0291 0x0cb8 HTTP - ok
    16:02:01.0359 0x0cb8 [ B17651DA8D2E003BB7EF9FCA31819B3A, B521564887C7933A9BCDF407DB4886B10205EEA84A9FC4D1BB66411ED0E2672F ] huawei_cdcacm C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
    16:02:01.0369 0x0cb8 huawei_cdcacm - ok
    16:02:01.0392 0x0cb8 [ 202FC4C97D650ABDAC6C8BF27DD41FC4, FAA4A830D3DB0BE9F302F934602EF80C08E489BCE4C491F1A898731DF5FEBFC3 ] huawei_cdcecm C:\Windows\system32\DRIVERS\ew_jucdcecm.sys
    16:02:01.0398 0x0cb8 huawei_cdcecm - ok
    16:02:01.0441 0x0cb8 [ C36F38662751810F96A4170C0F7DB0F1, C0E1DE17322BA26F2FC93720A76880BB4309B85E606D46A842A8E8E7C869F6CA ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
    16:02:01.0451 0x0cb8 huawei_enumerator - ok
    16:02:01.0502 0x0cb8 [ 283B862A34ABCE1EC6D9EF50F84CDDEA, 0E23D17411393E388A4C24E3F8D9B85E90B9E9F99C7692E81209EB2EA43E0B48 ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
    16:02:01.0506 0x0cb8 huawei_ext_ctrl - ok
    16:02:01.0562 0x0cb8 [ 92CA47DA32009CCC00A5ADED04ABBD78, 2159A632B9C519D94180A2EED24AB8A91BE8717F0C13BEC916CF4F70E4DB5D47 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
    16:02:01.0571 0x0cb8 hwdatacard - ok
    16:02:01.0653 0x0cb8 HWDeviceService.exe - ok
    16:02:01.0681 0x0cb8 hwusbdev - ok
    16:02:01.0727 0x0cb8 [ 1D4D6D24256F61E6B08A3CF8184A78B8, 037218C662C43E588921A8BA72F4AE1BA22983167F1216E06CE5C5820DA8CC7B ] hwusbfake C:\Windows\system32\DRIVERS\ewusbfake.sys
    16:02:01.0735 0x0cb8 hwusbfake - ok
    16:02:01.0787 0x0cb8 [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    16:02:01.0791 0x0cb8 i2omp - ok
    16:02:01.0822 0x0cb8 [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    16:02:01.0827 0x0cb8 i8042prt - ok
    16:02:02.0425 0x0cb8 [ 8266AE06DF974E5BA047B3E9E9E70B3F, 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
    16:02:03.0747 0x0cb8 ialm - ok
    16:02:03.0852 0x0cb8 [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    16:02:03.0883 0x0cb8 iaStorV - ok
    16:02:04.0001 0x0cb8 [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    16:02:04.0077 0x0cb8 idsvc - ok
    16:02:04.0852 0x0cb8 [ 8266AE06DF974E5BA047B3E9E9E70B3F, 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
    16:02:05.0417 0x0cb8 igfx - ok
    16:02:05.0526 0x0cb8 [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp C:\Windows\system32\drivers\iirsp.sys
    16:02:05.0530 0x0cb8 iirsp - ok
    16:02:05.0603 0x0cb8 [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT C:\Windows\System32\ikeext.dll
    16:02:05.0636 0x0cb8 IKEEXT - ok
    16:02:05.0809 0x0cb8 [ 219CA9A36D6DE2EC04F958C907673436, 44B5501263F5DA324E90D59264F8B39F69F4B3EADAFCFC983196A4CEB2C8F54C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
    16:02:05.0941 0x0cb8 IntcAzAudAddService - ok
    16:02:06.0005 0x0cb8 [ 8DAB99684CFE8B4DDD5D6D0C5D55FDAC, 1FE5ED643332F9851B6895F2C0340D81EFD47C5A5F9DAC0F292AFE818C98E04F ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
    16:02:06.0014 0x0cb8 IntcHdmiAddService - ok
    16:02:06.0047 0x0cb8 [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide C:\Windows\system32\drivers\intelide.sys
    16:02:06.0050 0x0cb8 intelide - ok
    16:02:06.0100 0x0cb8 [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    16:02:06.0108 0x0cb8 intelppm - ok
    16:02:06.0155 0x0cb8 [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    16:02:06.0162 0x0cb8 IPBusEnum - ok
    16:02:06.0207 0x0cb8 [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    16:02:06.0212 0x0cb8 IpFilterDriver - ok
    16:02:06.0278 0x0cb8 [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    16:02:06.0292 0x0cb8 iphlpsvc - ok
    16:02:06.0303 0x0cb8 IpInIp - ok
    16:02:06.0328 0x0cb8 [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    16:02:06.0334 0x0cb8 IPMIDRV - ok
    16:02:06.0357 0x0cb8 [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    16:02:06.0366 0x0cb8 IPNAT - ok
    16:02:06.0417 0x0cb8 [ E50A95179211B12946F7E035D60AF560, 69765E2548BA708FF35545EC944DBA1940AD4065AF90E53B97A7792AC231DCF7 ] irda C:\Windows\system32\DRIVERS\irda.sys
    16:02:06.0426 0x0cb8 irda - ok
    16:02:06.0448 0x0cb8 [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    16:02:06.0451 0x0cb8 IRENUM - ok
    16:02:06.0484 0x0cb8 [ CBB0D940221A281BCFEAEA695BD1CDA5, D05D192019524A02FE3FAE6827B98A942FA1AD651BF7AA53530A8A6F4ADFB7EB ] Irmon C:\Windows\System32\irmon.dll
    16:02:06.0494 0x0cb8 Irmon - ok
    16:02:06.0508 0x0cb8 [ 5896B5FF6332AB2BE1582523E9656A67, EA61CF0B108DDA2D32A2A9B28B2AD296E6941839114C99384D343B883ECAB7F8 ] irsir C:\Windows\system32\DRIVERS\irsir.sys
    16:02:06.0512 0x0cb8 irsir - ok
    16:02:06.0563 0x0cb8 [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    16:02:06.0569 0x0cb8 isapnp - ok
    16:02:06.0635 0x0cb8 [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    16:02:06.0647 0x0cb8 iScsiPrt - ok
    16:02:06.0671 0x0cb8 [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    16:02:06.0676 0x0cb8 iteatapi - ok
    16:02:06.0701 0x0cb8 [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid C:\Windows\system32\drivers\iteraid.sys
    16:02:06.0705 0x0cb8 iteraid - ok
    16:02:06.0728 0x0cb8 [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    16:02:06.0732 0x0cb8 kbdclass - ok
    16:02:06.0754 0x0cb8 [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    16:02:06.0758 0x0cb8 kbdhid - ok
    16:02:06.0812 0x0cb8 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso C:\Windows\system32\lsass.exe
    16:02:06.0816 0x0cb8 KeyIso - ok
    16:02:06.0894 0x0cb8 [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    16:02:06.0928 0x0cb8 KSecDD - ok
    16:02:06.0990 0x0cb8 [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm C:\Windows\system32\msdtckrm.dll
    16:02:07.0026 0x0cb8 KtmRm - ok
    16:02:07.0078 0x0cb8 [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer C:\Windows\System32\srvsvc.dll
    16:02:07.0090 0x0cb8 LanmanServer - ok
    16:02:07.0185 0x0cb8 [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    16:02:07.0202 0x0cb8 LanmanWorkstation - ok
    16:02:07.0267 0x0cb8 [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    16:02:07.0273 0x0cb8 lltdio - ok
    16:02:07.0315 0x0cb8 [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    16:02:07.0329 0x0cb8 lltdsvc - ok
    16:02:07.0367 0x0cb8 [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts C:\Windows\System32\lmhsvc.dll
    16:02:07.0371 0x0cb8 lmhosts - ok
    16:02:07.0404 0x0cb8 [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    16:02:07.0412 0x0cb8 LSI_FC - ok
    16:02:07.0435 0x0cb8 [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    16:02:07.0442 0x0cb8 LSI_SAS - ok
    16:02:07.0472 0x0cb8 [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    16:02:07.0480 0x0cb8 LSI_SCSI - ok
    16:02:07.0502 0x0cb8 [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv C:\Windows\system32\drivers\luafv.sys
    16:02:07.0514 0x0cb8 luafv - ok
    16:02:07.0547 0x0cb8 [ 3BD2AD18179DEAD6652E87157FB98E4A, 66416F10BF5E29CA8E47D8DB8A906164669C722EDF985598A605C096A92A87AF ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    16:02:07.0554 0x0cb8 Mcx2Svc - ok
    16:02:07.0591 0x0cb8 [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas C:\Windows\system32\drivers\megasas.sys
    16:02:07.0596 0x0cb8 megasas - ok
    16:02:07.0655 0x0cb8 [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR C:\Windows\system32\drivers\megasr.sys
    16:02:07.0689 0x0cb8 MegaSR - ok
    16:02:07.0716 0x0cb8 [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS C:\Windows\system32\mmcss.dll
    16:02:07.0723 0x0cb8 MMCSS - ok
    16:02:07.0756 0x0cb8 [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem C:\Windows\system32\drivers\modem.sys
    16:02:07.0761 0x0cb8 Modem - ok
    16:02:07.0792 0x0cb8 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    16:02:07.0797 0x0cb8 monitor - ok
    16:02:07.0820 0x0cb8 [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    16:02:07.0824 0x0cb8 mouclass - ok
    16:02:07.0866 0x0cb8 [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid C:\Windows\system32\drivers\mouhid.sys
    16:02:07.0870 0x0cb8 mouhid - ok
    16:02:07.0902 0x0cb8 [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    16:02:07.0908 0x0cb8 MountMgr - ok
    16:02:07.0975 0x0cb8 [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    16:02:07.0985 0x0cb8 MozillaMaintenance - ok
    16:02:08.0009 0x0cb8 [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio C:\Windows\system32\drivers\mpio.sys
    16:02:08.0018 0x0cb8 mpio - ok
    16:02:08.0069 0x0cb8 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    16:02:08.0075 0x0cb8 mpsdrv - ok
    16:02:08.0163 0x0cb8 [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc C:\Windows\system32\mpssvc.dll
    16:02:08.0220 0x0cb8 MpsSvc - ok
    16:02:08.0254 0x0cb8 [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    16:02:08.0260 0x0cb8 Mraid35x - ok
    16:02:08.0297 0x0cb8 [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    16:02:08.0306 0x0cb8 MRxDAV - ok
    16:02:08.0353 0x0cb8 [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    16:02:08.0363 0x0cb8 mrxsmb - ok
    16:02:08.0422 0x0cb8 [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    16:02:08.0436 0x0cb8 mrxsmb10 - ok
    16:02:08.0461 0x0cb8 [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    16:02:08.0468 0x0cb8 mrxsmb20 - ok
    16:02:08.0507 0x0cb8 [ 5457DCFA7C0DA43522F4D9D4049C1472, C8B0FD8F96E4FC5CB4B74D5968E808F44B4371F0A797B1D368E6A6080CB862FD ] msahci C:\Windows\system32\drivers\msahci.sys
    16:02:08.0511 0x0cb8 msahci - ok
    16:02:08.0551 0x0cb8 [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    16:02:08.0559 0x0cb8 msdsm - ok
    16:02:08.0601 0x0cb8 [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC C:\Windows\System32\msdtc.exe
    16:02:08.0613 0x0cb8 MSDTC - ok
    16:02:08.0661 0x0cb8 [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    16:02:08.0670 0x0cb8 Msfs - ok
    16:02:08.0703 0x0cb8 [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    16:02:08.0707 0x0cb8 msisadrv - ok
    16:02:08.0757 0x0cb8 [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    16:02:08.0767 0x0cb8 MSiSCSI - ok
    16:02:08.0798 0x0cb8 msiserver - ok
    16:02:08.0836 0x0cb8 [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    16:02:08.0839 0x0cb8 MSKSSRV - ok
    16:02:08.0853 0x0cb8 [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    16:02:08.0857 0x0cb8 MSPCLOCK - ok
    16:02:08.0871 0x0cb8 [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    16:02:08.0874 0x0cb8 MSPQM - ok
    16:02:08.0946 0x0cb8 [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    16:02:08.0958 0x0cb8 MsRPC - ok
    16:02:08.0989 0x0cb8 [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    16:02:08.0993 0x0cb8 mssmbios - ok
    16:02:09.0013 0x0cb8 [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    16:02:09.0017 0x0cb8 MSTEE - ok
    16:02:09.0049 0x0cb8 [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup C:\Windows\system32\Drivers\mup.sys
    16:02:09.0055 0x0cb8 Mup - ok
    16:02:09.0146 0x0cb8 [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent C:\Windows\system32\qagentRT.dll
    16:02:09.0203 0x0cb8 napagent - ok
    16:02:09.0308 0x0cb8 [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    16:02:09.0319 0x0cb8 NativeWifiP - ok
    16:02:09.0396 0x0cb8 [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS C:\Windows\system32\drivers\ndis.sys
    16:02:09.0470 0x0cb8 NDIS - ok
    16:02:09.0484 0x0cb8 [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    16:02:09.0488 0x0cb8 NdisTapi - ok
    16:02:09.0522 0x0cb8 [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    16:02:09.0531 0x0cb8 Ndisuio - ok
    16:02:09.0597 0x0cb8 [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    16:02:09.0609 0x0cb8 NdisWan - ok
    16:02:09.0647 0x0cb8 [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    16:02:09.0657 0x0cb8 NDProxy - ok
    16:02:09.0693 0x0cb8 [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    16:02:09.0701 0x0cb8 NetBIOS - ok
    16:02:09.0763 0x0cb8 [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
    16:02:09.0776 0x0cb8 netbt - ok
    16:02:09.0801 0x0cb8 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon C:\Windows\system32\lsass.exe
    16:02:09.0804 0x0cb8 Netlogon - ok
    16:02:09.0852 0x0cb8 [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman C:\Windows\System32\netman.dll
    16:02:09.0875 0x0cb8 Netman - ok
    16:02:09.0913 0x0cb8 [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm C:\Windows\System32\netprofm.dll
    16:02:09.0930 0x0cb8 netprofm - ok
    16:02:09.0982 0x0cb8 [ D6C4E4A39A36029AC0813D476FBD0248, A0907D98580D1CD3007365CBBB53E84BEF39001E05912776F68EB0564B54B6EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    16:02:10.0014 0x0cb8 NetTcpPortSharing - ok
    16:02:10.0056 0x0cb8 [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    16:02:10.0061 0x0cb8 nfrd960 - ok
    16:02:10.0111 0x0cb8 [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc C:\Windows\System32\nlasvc.dll
    16:02:10.0125 0x0cb8 NlaSvc - ok
    16:02:10.0175 0x0cb8 [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    16:02:10.0180 0x0cb8 Npfs - ok
    16:02:10.0203 0x0cb8 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi C:\Windows\system32\nsisvc.dll
    16:02:10.0209 0x0cb8 nsi - ok
    16:02:10.0220 0x0cb8 [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    16:02:10.0232 0x0cb8 nsiproxy - ok
    16:02:10.0359 0x0cb8 [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    16:02:10.0447 0x0cb8 Ntfs - ok
    16:02:10.0477 0x0cb8 [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
    16:02:10.0489 0x0cb8 ntrigdigi - ok
    16:02:10.0521 0x0cb8 [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null C:\Windows\system32\drivers\Null.sys
    16:02:10.0525 0x0cb8 Null - ok
    16:02:10.0555 0x0cb8 [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid C:\Windows\system32\drivers\nvraid.sys
    16:02:10.0565 0x0cb8 nvraid - ok
    16:02:10.0592 0x0cb8 [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    16:02:10.0598 0x0cb8 nvstor - ok
    16:02:10.0624 0x0cb8 [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    16:02:10.0633 0x0cb8 nv_agp - ok
    16:02:10.0654 0x0cb8 NwlnkFlt - ok
    16:02:10.0668 0x0cb8 NwlnkFwd - ok
    16:02:10.0708 0x0cb8 [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    16:02:10.0714 0x0cb8 ohci1394 - ok
    16:02:10.0787 0x0cb8 [ B7EDD9FD6387802DFAA795372AECF212, 53E8EACC9CD678BC4FFBD22A0F463A7834B1E68D2741518C65CC8883757CD912 ] OsdService C:\Program Files\OEM\OSD_1.2\OsdService.exe
    16:02:10.0805 0x0cb8 OsdService - ok
    16:02:10.0872 0x0cb8 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    16:02:10.0880 0x0cb8 ose - ok
    16:02:10.0980 0x0cb8 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc C:\Windows\system32\p2psvc.dll
    16:02:11.0026 0x0cb8 p2pimsvc - ok
    16:02:11.0096 0x0cb8 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc C:\Windows\system32\p2psvc.dll
    16:02:11.0129 0x0cb8 p2psvc - ok
    16:02:11.0266 0x0cb8 [ 8A79FDF04A73428597E2CAF9D0D67850, DB438FDE5510AB2F350ED1AC4CF0E99D3CC665FE46533A438A8FDA4DAF950F93 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    16:02:11.0274 0x0cb8 Parport - ok
    16:02:11.0337 0x0cb8 [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr C:\Windows\system32\drivers\partmgr.sys
    16:02:11.0344 0x0cb8 partmgr - ok
    16:02:11.0375 0x0cb8 [ 6C580025C81CAF3AE9E3617C22CAD00E, 64F9061196462085E5DCD3ACB97A0D8FC67CA9A96DDD6E2103AFFF1593AE236A ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
    16:02:11.0378 0x0cb8 Parvdm - ok
    16:02:11.0434 0x0cb8 [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc C:\Windows\System32\pcasvc.dll
    16:02:11.0440 0x0cb8 PcaSvc - ok
    16:02:11.0493 0x0cb8 [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci C:\Windows\system32\drivers\pci.sys
    16:02:11.0505 0x0cb8 pci - ok
    16:02:11.0527 0x0cb8 [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide C:\Windows\system32\drivers\pciide.sys
    16:02:11.0531 0x0cb8 pciide - ok
    16:02:11.0571 0x0cb8 [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    16:02:11.0584 0x0cb8 pcmcia - ok
    16:02:11.0662 0x0cb8 [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    16:02:11.0737 0x0cb8 PEAUTH - ok
    16:02:11.0880 0x0cb8 [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla C:\Windows\system32\pla.dll
    16:02:11.0982 0x0cb8 pla - ok
    16:02:12.0061 0x0cb8 [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    16:02:12.0079 0x0cb8 PlugPlay - ok
    16:02:12.0147 0x0cb8 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    16:02:12.0180 0x0cb8 PNRPAutoReg - ok
    16:02:12.0246 0x0cb8 [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc C:\Windows\system32\p2psvc.dll
    16:02:12.0280 0x0cb8 PNRPsvc - ok
    16:02:12.0328 0x0cb8 [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    16:02:12.0363 0x0cb8 PolicyAgent - ok
    16:02:12.0408 0x0cb8 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    16:02:12.0414 0x0cb8 PptpMiniport - ok
    16:02:12.0439 0x0cb8 [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor C:\Windows\system32\drivers\processr.sys
    16:02:12.0444 0x0cb8 Processor - ok
    16:02:12.0511 0x0cb8 [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc C:\Windows\system32\profsvc.dll
    16:02:12.0525 0x0cb8 ProfSvc - ok
    16:02:12.0545 0x0cb8 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
    16:02:12.0548 0x0cb8 ProtectedStorage - ok
    16:02:12.0717 0x0cb8 [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    16:02:12.0778 0x0cb8 PSched - ok
    16:02:12.0993 0x0cb8 [ 9CCF89372C5A04E97CD89B58AE697796, 4156C2C7726E2DF794E2CEEDD944218D536D445F05C8513D9BD44F575F136971 ] qcusbser C:\Windows\system32\DRIVERS\qcusbser.sys
    16:02:13.0080 0x0cb8 qcusbser - ok
    16:02:13.0607 0x0cb8 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    16:02:14.0142 0x0cb8 ql2300 - ok
    16:02:14.0231 0x0cb8 [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    16:02:14.0240 0x0cb8 ql40xx - ok
    16:02:14.0337 0x0cb8 [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE C:\Windows\system32\qwave.dll
    16:02:14.0393 0x0cb8 QWAVE - ok
    16:02:14.0457 0x0cb8 [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    16:02:14.0461 0x0cb8 QWAVEdrv - ok
    16:02:14.0570 0x0cb8 [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    16:02:14.0574 0x0cb8 RasAcd - ok
    16:02:14.0641 0x0cb8 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto C:\Windows\System32\rasauto.dll
    16:02:14.0650 0x0cb8 RasAuto - ok
    16:02:14.0734 0x0cb8 [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:02:14.0746 0x0cb8 Rasl2tp - ok
    16:02:14.0824 0x0cb8 [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan C:\Windows\System32\rasmans.dll
    16:02:14.0845 0x0cb8 RasMan - ok
    16:02:14.0900 0x0cb8 [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    16:02:14.0906 0x0cb8 RasPppoe - ok
    16:02:14.0967 0x0cb8 [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    16:02:14.0975 0x0cb8 RasSstp - ok
    16:02:15.0047 0x0cb8 [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    16:02:15.0063 0x0cb8 rdbss - ok
    16:02:15.0115 0x0cb8 [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:02:15.0119 0x0cb8 RDPCDD - ok
    16:02:15.0180 0x0cb8 [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    16:02:15.0196 0x0cb8 rdpdr - ok
    16:02:15.0235 0x0cb8 [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    16:02:15.0239 0x0cb8 RDPENCDD - ok
    16:02:15.0333 0x0cb8 [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    16:02:15.0346 0x0cb8 RDPWD - ok
    16:02:15.0440 0x0cb8 [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess C:\Windows\System32\mprdim.dll
    16:02:15.0448 0x0cb8 RemoteAccess - ok
    16:02:15.0511 0x0cb8 [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    16:02:15.0521 0x0cb8 RemoteRegistry - ok
    16:02:15.0573 0x0cb8 [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator C:\Windows\system32\locator.exe
    16:02:15.0593 0x0cb8 RpcLocator - ok
    16:02:15.0671 0x0cb8 [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs C:\Windows\System32\rpcss.dll
    16:02:15.0716 0x0cb8 RpcSs - ok
    16:02:15.0751 0x0cb8 [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    16:02:15.0758 0x0cb8 rspndr - ok
    16:02:15.0810 0x0cb8 [ 2FC33077F85D7DC0D03678C06D43898C, 2C1EAE33E6BBDBEDC6A9D987891DCE34FC9E0FA79CBB1162704AEBBD46319BC0 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
    16:02:15.0819 0x0cb8 RTL8169 - ok
    16:02:15.0872 0x0cb8 [ 918068C01C1CE0258E64BB586385745C, D52EBCE7F18B19D2F4755DDC7DA072C67A5116D92832A43860D673F89B466E8B ] RTL8187Se C:\Windows\system32\DRIVERS\RTL8187Se.sys
    16:02:15.0907 0x0cb8 RTL8187Se - ok
    16:02:15.0963 0x0cb8 [ 830B682CB24206F457EA8A617605209F, D8EA85CA64CC10C5D6E906B15E5FB8EB04470718D254F3C3E6A37DE3C0291444 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
    16:02:15.0970 0x0cb8 RTSTOR - ok
    16:02:15.0989 0x0cb8 [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs C:\Windows\system32\lsass.exe
    16:02:15.0993 0x0cb8 SamSs - ok
    16:02:16.0033 0x0cb8 [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    16:02:16.0041 0x0cb8 sbp2port - ok
    16:02:16.0129 0x0cb8 [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    16:02:16.0139 0x0cb8 SCardSvr - ok
    16:02:16.0388 0x0cb8 [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule C:\Windows\system32\schedsvc.dll
    16:02:16.0452 0x0cb8 Schedule - ok
    16:02:16.0475 0x0cb8 [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc C:\Windows\System32\certprop.dll
    16:02:16.0479 0x0cb8 SCPolicySvc - ok
    16:02:16.0515 0x0cb8 [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    16:02:16.0533 0x0cb8 SDRSVC - ok
    16:02:16.0558 0x0cb8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    16:02:16.0563 0x0cb8 secdrv - ok
    16:02:16.0591 0x0cb8 [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon C:\Windows\system32\seclogon.dll
    16:02:16.0597 0x0cb8 seclogon - ok
    16:02:16.0621 0x0cb8 [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS C:\Windows\system32\sens.dll
    16:02:16.0628 0x0cb8 SENS - ok
    16:02:16.0673 0x0cb8 [ CE9EC966638EF0B10B864DDEDF62A099, 2DEC5A8C947D87C12B342F15B8A552A0D49B979A2AC32D2C97FC7A3A76C34524 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    16:02:16.0678 0x0cb8 Serenum - ok
    16:02:16.0728 0x0cb8 [ 6D663022DB3E7058907784AE14B69898, 54263888C64A7F010D3B5E399369B0F3FF3AF0A0DE8ADB502B98277533E4D45F ] Serial C:\Windows\system32\DRIVERS\serial.sys
    16:02:16.0736 0x0cb8 Serial - ok
    16:02:16.0780 0x0cb8 [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    16:02:16.0784 0x0cb8 sermouse - ok
    16:02:16.0840 0x0cb8 [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv C:\Windows\system32\sessenv.dll
    16:02:16.0850 0x0cb8 SessionEnv - ok
    16:02:16.0873 0x0cb8 [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    16:02:16.0877 0x0cb8 sffdisk - ok
    16:02:16.0905 0x0cb8 [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    16:02:16.0908 0x0cb8 sffp_mmc - ok
    16:02:16.0955 0x0cb8 [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    16:02:16.0959 0x0cb8 sffp_sd - ok
    16:02:16.0984 0x0cb8 [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    16:02:16.0988 0x0cb8 sfloppy - ok
    16:02:17.0046 0x0cb8 [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    16:02:17.0103 0x0cb8 SharedAccess - ok
    16:02:17.0176 0x0cb8 [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    16:02:17.0195 0x0cb8 ShellHWDetection - ok
    16:02:17.0229 0x0cb8 [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp C:\Windows\system32\drivers\sisagp.sys
    16:02:17.0236 0x0cb8 sisagp - ok
    16:02:17.0273 0x0cb8 [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    16:02:17.0279 0x0cb8 SiSRaid2 - ok
    16:02:17.0318 0x0cb8 [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    16:02:17.0325 0x0cb8 SiSRaid4 - ok
    16:02:17.0593 0x0cb8 [ 9F712B26EE3B0242DE997A42FD302E2C, 12663EB108F158282A965EE70980627C2F2332BA7944D7DE03B78E18BEB87D26 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    16:02:17.0834 0x0cb8 Skype C2C Service - ok
    16:02:18.0150 0x0cb8 [ 7C15061CD0372487903B07B9BB03AFAD, FB96CDA29C7C1E8A315BA89E8B150918E59F32CE749D3EF43FCBEB3FB57BF1C6 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    16:02:18.0234 0x0cb8 SkypeUpdate - ok
    16:02:19.0128 0x0cb8 [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc C:\Windows\system32\SLsvc.exe
    16:02:20.0633 0x0cb8 slsvc - ok
    16:02:20.0739 0x0cb8 [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify C:\Windows\system32\SLUINotify.dll
    16:02:20.0764 0x0cb8 SLUINotify - ok
    16:02:20.0836 0x0cb8 [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb C:\Windows\system32\DRIVERS\smb.sys
    16:02:20.0865 0x0cb8 Smb - ok
    16:02:20.0963 0x0cb8 [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    16:02:20.0968 0x0cb8 SNMPTRAP - ok
    16:02:20.0999 0x0cb8 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr C:\Windows\system32\drivers\spldr.sys
    16:02:21.0004 0x0cb8 spldr - ok
    16:02:21.0062 0x0cb8 [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler C:\Windows\System32\spoolsv.exe
    16:02:21.0084 0x0cb8 Spooler - ok
    16:02:21.0194 0x0cb8 [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv C:\Windows\system32\DRIVERS\srv.sys
    16:02:21.0233 0x0cb8 srv - ok
    16:02:21.0379 0x0cb8 [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    16:02:21.0438 0x0cb8 srv2 - ok
    16:02:21.0476


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    aswMBR is stil running, but there were 3 Trojans found by AVG in this time.
    I clicked option on AVG to remove it and it did.
    I see there are some files listed in aswMBR screen, I'll post when it completes.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    Found something:

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2014-01-01 16:07:14
    16:07:14.522 OS Version: Windows 6.0.6002 Service Pack 2
    16:07:14.522 Number of processors: 2 586 0xF0D
    16:07:14.525 ComputerName: LAPTOP-PC UserName: Laptop
    16:07:20.770 Initialize success
    16:23:04.596 The log file has been saved successfully to "C:\Users\Laptop\Documents\aswMBR.txt"


    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2014-01-01 16:07:14
    16:07:14.522 OS Version: Windows 6.0.6002 Service Pack 2
    16:07:14.522 Number of processors: 2 586 0xF0D
    16:07:14.525 ComputerName: LAPTOP-PC UserName: Laptop
    16:07:20.770 Initialize success
    16:23:04.596 The log file has been saved successfully to "C:\Users\Laptop\Documents\aswMBR.txt"
    16:25:33.002 AVAST engine defs: 14010100
    16:34:01.761 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    16:34:01.855 Disk 0 Vendor: FUJITSU_MHZ2160BH 00000009 Size: 152627MB BusType: 3
    16:34:02.445 Disk 0 MBR read successfully
    16:34:02.451 Disk 0 MBR scan
    16:34:03.878 Disk 0 Windows VISTA default MBR code
    16:34:03.917 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9500 MB offset 2048
    16:34:04.451 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 19458048
    16:34:04.548 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 141625 MB offset 22530048
    16:34:04.681 Disk 0 scanning sectors +312578048
    16:34:05.498 Disk 0 scanning C:\Windows\system32\drivers
    16:35:20.421 Service scanning
    16:37:47.988 Modules scanning
    16:38:28.037 Disk 0 trace - called modules:
    16:38:28.103 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
    16:38:28.116 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85db6ac8]
    16:38:28.128 3 CLASSPNP.SYS[83ba38b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x849408a0]
    16:38:45.849 AVAST engine scan C:\Windows
    16:38:53.710 AVAST engine scan C:\Windows\system32
    16:50:05.008 AVAST engine scan C:\Windows\system32\drivers
    16:50:54.807 AVAST engine scan C:\Users\Laptop
    16:59:53.795 File: C:\Users\Laptop\AppData\Local\temp\chrome.exe **INFECTED** Win32:Dropper-gen [Drp]
    16:59:58.138 File: C:\Users\Laptop\AppData\Local\temp\kgtdohfp.exe **INFECTED** Win32:Dropper-gen [Drp]
    17:00:16.737 File: C:\Users\Laptop\AppData\Local\temp\msotuo.bat **INFECTED** Win32:Malware-gen
    17:01:25.766 File: C:\Users\Laptop\AppData\Local\temp\~tmf2866005090776815605.tmp **INFECTED** Win32:Malware-gen
    17:01:26.057 File: C:\Users\Laptop\AppData\Local\temp\~tmf3907897545022973279.tmp **INFECTED** Win32:Malware-gen
    17:09:48.030 AVAST engine scan C:\ProgramData
    17:17:11.094 Scan finished successfully
    17:20:30.009 Disk 0 MBR has been saved successfully to "C:\Users\Laptop\Documents\MBR.dat"
    17:20:30.097 The log file has been saved successfully to "C:\Users\Laptop\Documents\aswMBR.txt"


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-12-2013
    Ran by Laptop (administrator) on LAPTOP-PC on 01-01-2014 18:02:36
    Running from C:\Users\Laptop\Desktop
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal

    ==================== Processes (Whitelisted) ===================

    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
    () C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
    () C:\ProgramData\DatacardService\HWDeviceService.exe
    (TODO: <公司名稱>) C:\Program Files\OEM\OSD_1.2\OsdService.exe
    (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
    (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
    () C:\Program Files\Spare Messaging\MessagingApp.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    () C:\Program Files\Mobilni Internet\ModemListener.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (The TechGuys) C:\Program Files\The TechGuys\Launch\Launch.exe
    (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    (ODM) C:\Program Files\OEM\OSD_1.2\osd.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (Microsoft Corporation) C:\Windows\System32\conime.exe
    (Microsoft Corporation) C:\Windows\ehome\ehsched.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
    (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
    () C:\Program Files\Broadband to go\Broadband to go.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
    (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
    (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
    () C:\Users\Laptop\AppData\Local\temp\008e3d40.exe
    (Microsoft Corporation) C:\Windows\System32\wsqmcons.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6139904 2008-05-07] (Realtek Semiconductor)
    HKLM\...\Run: [SpareMessaging] - C:\Program Files\Spare Messaging\MessagingApp.exe [42824 2007-11-28] ()
    HKLM\...\Run: [ModemListener] - C:\Program Files\Mobilni Internet\ModemListener.exe [98304 2010-07-12] ()
    HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [Skytel] - C:\Windows\SkyTel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
    HKLM\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF"&"inst=NzctNjMyNzYyMjI3LVBMKzktWE8zNisxLU4xRCsxLVFJWDErNC1YMjAxMCsyLUZMMTArMS1MSUMrODgtU1AxKzEtU1AxVEIrMS1TUDFTMisxLVNVRCsxLVMxSSsxLVNVMysxLUxTRCsyLUREVCsw"&"prod=90"&"ver=10.0.1382
    HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [135680 2008-07-17] (Microsoft Corporation)
    HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-09-12] (Google Inc.)
    HKCU\...\CurrentVersion\Windows: [Load] C:\Users\Laptop\LOCALS~1\Temp\msotuo.bat <===== ATTENTION
    HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
    SearchScopes: HKLM - DefaultScope value is missing.
    SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGI
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}
    SearchScopes: HKCU - {4186E915-6684-410A-A99C-66AF1C7C2FBF} URL = http://search.avg.com/?d=4e04ea29&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
    SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGI_en-GBIE398
    BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    DPF: {73848533-39E1-49F1-9363-28054268C094} https://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} https://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\..\Interfaces\{B69C798C-C9E4-4294-9585-642735622220}: [NameServer]212.129.64.220 212.129.64.221

    FireFox:
    ========
    FF ProfilePath: C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default
    FF SelectedSearchEngine: search
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
    FF Extension: Microsoft .NET Framework Assistant - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF Extension: The Camelizer - Amazon Price Tracker - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\Extensions\izer@camelcamelcamel.com.xpi
    FF Extension: Property Bee - C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\Extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi
    FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
    FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com
    CHR RestoreOnStartup: "hxxp://www.google.com"
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll No File
    CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
    CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
    CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
    CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Extension: (Google Drive) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
    CHR Extension: (YouTube) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    CHR Extension: (Google Search) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
    CHR Extension: (Skype Click to Call) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0
    CHR Extension: (Google Wallet) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
    CHR Extension: (Gmail) - C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

    ========================== Services (Whitelisted) =================

    R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
    R2 DeviceManager; C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe [40960 2010-06-17] ()
    R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] ()
    R2 OsdService; C:\Program Files\OEM\OSD_1.2\OsdService.exe [94208 2008-02-22] (TODO: <公司名稱>)
    R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
    S2 vToolbarUpdater17.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]

    ==================== Drivers (Whitelisted) ====================

    R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
    R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-11-10] (AVG Technologies)
    R3 GpdDevDPort; C:\Windows\system32\directport.sys [7168 2008-05-21] ()
    R3 GpdKbFilter; C:\Windows\system32\kbfiltr.sys [8192 2008-04-22] (Windows (R) Codename Longhorn DDK provider)
    S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [89984 2011-01-13] (Huawei Technologies Co., Ltd.)
    S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [64128 2011-01-13] (Huawei Technologies Co., Ltd.)
    S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2011-01-13] (Huawei Technologies Co., Ltd.)
    S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2008-12-30] (Huawei Technologies Co., Ltd.)
    S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2008-01-21] (Microsoft Corporation)
    S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [103552 2010-06-17] (TCT International Mobile Ltd)
    R3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [331776 2008-07-10] (Realtek Semiconductor Corporation )
    S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [197504 2009-07-22] (Sierra Wireless Inc.)
    S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [148992 2009-07-22] (Sierra Wireless Inc.)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
    S3 catchme; \??\C:\ComboFix\catchme.sys [x]
    S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
    S3 swmsflt; \SystemRoot\System32\drivers\swmsflt.sys [x]
    S3 SWUMX20; system32\DRIVERS\swumx20.sys [x]
    U3 aswMBR; \??\C:\Users\Laptop\AppData\Local\Temp\aswMBR.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-01-01 18:07 - 2014-01-01 18:07 - 00000000 _____ C:\Users\Laptop\AppData\Roaming\system.ini
    2014-01-01 18:05 - 2014-01-01 17:59 - 00329216 __RSH C:\ProgramData\819827392234.exe
    2014-01-01 18:04 - 2014-01-01 18:07 - 00000216 _____ C:\Users\Laptop\AppData\Roaming\msconfig.ini
    2014-01-01 18:03 - 2014-01-01 18:05 - 00000000 ___HD C:\ProgramData\COMHOST
    2014-01-01 18:02 - 2014-01-01 18:07 - 00017702 _____ C:\Users\Laptop\Desktop\FRST.txt
    2014-01-01 18:02 - 2014-01-01 18:02 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\WinRAR
    2014-01-01 17:58 - 2014-01-01 17:58 - 00000000 ____D C:\FRST
    2014-01-01 17:56 - 2014-01-01 17:51 - 01064333 _____ (Farbar) C:\Users\Laptop\Desktop\FRST.exe
    2014-01-01 17:51 - 2014-01-01 17:51 - 01064333 _____ (Farbar) C:\Users\Laptop\Downloads\FRST.exe
    2014-01-01 17:20 - 2014-01-01 17:20 - 00000512 _____ C:\Users\Laptop\Documents\MBR.dat
    2014-01-01 16:23 - 2014-01-01 17:20 - 00003065 _____ C:\Users\Laptop\Documents\aswMBR.txt
    2014-01-01 16:00 - 2014-01-01 16:06 - 00175754 _____ C:\Users\Laptop\Downloads\report.txt
    2014-01-01 15:45 - 2014-01-01 15:45 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Laptop\Downloads\tdsskiller.exe
    2014-01-01 15:42 - 2014-01-01 15:43 - 04745728 _____ (AVAST Software) C:\Users\Laptop\Downloads\aswMBR.exe
    2014-01-01 10:58 - 2014-01-01 10:58 - 00072696 _____ C:\Users\Laptop\Desktop\OTL-after.Txt
    2014-01-01 10:52 - 2014-01-01 10:52 - 00146136 _____ C:\Windows\Minidump\Mini010114-01.dmp
    2014-01-01 10:51 - 2014-01-01 10:51 - 139320433 _____ C:\Windows\MEMORY.DMP
    2014-01-01 09:50 - 2014-01-01 09:50 - 00072696 _____ C:\Users\Laptop\Downloads\OTL-after.Txt
    2014-01-01 09:26 - 2014-01-01 09:26 - 00001392 _____ C:\Users\Laptop\Desktop\Adw.txt
    2014-01-01 04:52 - 2014-01-01 04:52 - 00000104 _____ C:\Users\Laptop\Desktop\Recycle Bin - Shortcut.lnk
    2014-01-01 04:50 - 2014-01-01 04:50 - 00070982 _____ C:\Users\Laptop\Desktop\OTL-before.Txt
    2014-01-01 03:34 - 2014-01-01 03:34 - 00000495 _____ C:\Users\Laptop\Desktop\OTL - Shortcut.lnk
    2014-01-01 03:33 - 2014-01-01 03:33 - 00000536 _____ C:\Users\Laptop\Desktop\AdwCleaner - Shortcut.lnk
    2014-01-01 02:37 - 2014-01-01 02:37 - 00001564 _____ C:\Users\Laptop\Desktop\Computer.lnk
    2014-01-01 02:36 - 2014-01-01 02:36 - 00000288 _____ C:\Users\Laptop\AppData\Roaming\76278BBE.reg
    2014-01-01 02:13 - 2014-01-01 03:22 - 00000000 ____D C:\Users\Laptop\AppData\Local\{E223DA60-E642-818A-1CC6-4EB4FC1AB41C}
    2014-01-01 00:47 - 2014-01-01 00:47 - 00010970 _____ C:\ComboFix.txt
    2014-01-01 00:19 - 2014-01-01 00:47 - 00000000 ____D C:\ComboFix
    2014-01-01 00:19 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe
    2014-01-01 00:19 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe
    2014-01-01 00:19 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-01-01 00:19 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-01-01 00:19 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-01-01 00:19 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe
    2014-01-01 00:19 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe
    2014-01-01 00:19 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe
    2014-01-01 00:15 - 2014-01-01 00:47 - 00000000 ____D C:\Qoobox
    2014-01-01 00:13 - 2014-01-01 00:45 - 00000000 ____D C:\Windows\erdnt
    2014-01-01 00:02 - 2014-01-01 00:03 - 05160176 ____R (Swearware) C:\Users\Laptop\Desktop\ComboFix.exe
    2013-12-31 21:42 - 2013-12-31 21:42 - 00000512 _____ C:\PhysicalMBR.bin
    2013-12-31 17:36 - 2013-12-31 17:36 - 00000000 ____D C:\_OTL
    2013-12-31 17:21 - 2014-01-01 09:23 - 00000000 ____D C:\AdwCleaner
    2013-12-31 15:56 - 2013-12-31 15:56 - 01233962 _____ C:\Users\Laptop\Downloads\AdwCleaner.exe
    2013-12-31 01:29 - 2013-12-31 01:29 - 00035056 _____ C:\Users\Laptop\Downloads\Extras.Txt
    2013-12-31 01:23 - 2014-01-01 09:49 - 00072696 _____ C:\Users\Laptop\Downloads\OTL.Txt
    2013-12-30 23:14 - 2013-12-30 23:14 - 00602112 _____ (OldTimer Tools) C:\Users\Laptop\Downloads\OTL.exe
    2013-12-30 19:06 - 2013-12-30 19:07 - 00000000 ____D C:\Users\Laptop\AppData\Local\dumps
    2013-12-30 01:01 - 2014-01-01 03:16 - 00004328 _____ C:\Windows\PFRO.log
    2013-12-30 00:13 - 2013-12-30 00:13 - 00000871 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-12-21 01:24 - 2013-12-21 01:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2013-12-12 02:37 - 2013-11-14 23:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2013-12-12 02:37 - 2013-11-14 22:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2013-12-12 02:37 - 2013-11-14 22:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2013-12-12 02:37 - 2013-11-14 22:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2013-12-12 02:37 - 2013-11-14 22:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2013-12-12 02:37 - 2013-11-14 22:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2013-12-12 02:37 - 2013-11-14 22:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2013-12-12 02:37 - 2013-11-14 22:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2013-12-12 02:37 - 2013-11-14 22:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2013-12-12 02:37 - 2013-11-14 22:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2013-12-12 02:37 - 2013-11-14 22:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2013-12-12 02:37 - 2013-11-14 22:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2013-12-12 02:37 - 2013-11-14 22:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2013-12-12 02:37 - 2013-11-14 22:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2013-12-12 02:37 - 2013-11-14 22:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2013-12-12 02:37 - 2013-11-14 22:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2013-12-12 00:33 - 2013-10-30 02:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
    2013-12-12 00:33 - 2013-10-30 01:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
    2013-12-12 00:33 - 2013-10-30 00:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
    2013-12-12 00:32 - 2013-10-11 02:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
    2013-12-12 00:32 - 2013-10-11 02:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
    2013-12-12 00:32 - 2013-10-11 02:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll
    2013-12-12 00:32 - 2013-10-11 00:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
    2013-12-12 00:32 - 2013-10-11 00:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
    2013-12-12 00:31 - 2013-10-30 00:35 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2013-12-12 00:30 - 2013-10-22 07:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll

    ==================== One Month Modified Files and Folders =======

    2014-01-01 18:07 - 2014-01-01 18:07 - 00000000 _____ C:\Users\Laptop\AppData\Roaming\system.ini
    2014-01-01 18:07 - 2014-01-01 18:04 - 00000216 _____ C:\Users\Laptop\AppData\Roaming\msconfig.ini
    2014-01-01 18:07 - 2014-01-01 18:02 - 00017702 _____ C:\Users\Laptop\Desktop\FRST.txt
    2014-01-01 18:06 - 2012-07-18 20:09 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-01-01 18:05 - 2014-01-01 18:03 - 00000000 ___HD C:\ProgramData\COMHOST
    2014-01-01 18:02 - 2014-01-01 18:02 - 00000000 ____D C:\Users\Laptop\AppData\Roaming\WinRAR
    2014-01-01 17:59 - 2014-01-01 18:05 - 00329216 __RSH C:\ProgramData\819827392234.exe
    2014-01-01 17:58 - 2014-01-01 17:58 - 00000000 ____D C:\FRST
    2014-01-01 17:51 - 2014-01-01 17:56 - 01064333 _____ (Farbar) C:\Users\Laptop\Desktop\FRST.exe
    2014-01-01 17:51 - 2014-01-01 17:51 - 01064333 _____ (Farbar) C:\Users\Laptop\Downloads\FRST.exe
    2014-01-01 17:24 - 2006-11-02 12:47 - 00005184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-01-01 17:24 - 2006-11-02 12:47 - 00005184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-01-01 17:20 - 2014-01-01 17:20 - 00000512 _____ C:\Users\Laptop\Documents\MBR.dat
    2014-01-01 17:20 - 2014-01-01 16:23 - 00003065 _____ C:\Users\Laptop\Documents\aswMBR.txt
    2014-01-01 17:17 - 2010-09-28 23:10 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-01-01 17:10 - 2010-10-24 09:20 - 00000000 ____D C:\ProgramData\MFAData
    2014-01-01 17:06 - 2010-09-19 17:29 - 01529444 _____ C:\Windows\WindowsUpdate.log
    2014-01-01 16:06 - 2014-01-01 16:00 - 00175754 _____ C:\Users\Laptop\Downloads\report.txt
    2014-01-01 15:45 - 2014-01-01 15:45 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Laptop\Downloads\tdsskiller.exe
    2014-01-01 15:43 - 2014-01-01 15:42 - 04745728 _____ (AVAST Software) C:\Users\Laptop\Downloads\aswMBR.exe
    2014-01-01 13:18 - 2006-11-02 12:37 - 00000000 ___RD C:\Users\Public\Recorded TV
    2014-01-01 13:17 - 2010-09-28 23:10 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-01-01 13:16 - 2006-11-02 13:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2014-01-01 11:30 - 2006-11-02 13:01 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2014-01-01 10:58 - 2014-01-01 10:58 - 00072696 _____ C:\Users\Laptop\Desktop\OTL-after.Txt
    2014-01-01 10:52 - 2014-01-01 10:52 - 00146136 _____ C:\Windows\Minidump\Mini010114-01.dmp
    2014-01-01 10:52 - 2011-02-07 01:44 - 00000000 ____D C:\Windows\Minidump
    2014-01-01 10:51 - 2014-01-01 10:51 - 139320433 _____ C:\Windows\MEMORY.DMP
    2014-01-01 09:50 - 2014-01-01 09:50 - 00072696 _____ C:\Users\Laptop\Downloads\OTL-after.Txt
    2014-01-01 09:49 - 2013-12-31 01:23 - 00072696 _____ C:\Users\Laptop\Downloads\OTL.Txt
    2014-01-01 09:47 - 2006-11-02 10:33 - 00740680 _____ C:\Windows\system32\PerfStringBackup.INI
    2014-01-01 09:26 - 2014-01-01 09:26 - 00001392 _____ C:\Users\Laptop\Desktop\Adw.txt
    2014-01-01 09:23 - 2013-12-31 17:21 - 00000000 ____D C:\AdwCleaner
    2014-01-01 04:52 - 2014-01-01 04:52 - 00000104 _____ C:\Users\Laptop\Desktop\Recycle Bin - Shortcut.lnk
    2014-01-01 04:50 - 2014-01-01 04:50 - 00070982 _____ C:\Users\Laptop\Desktop\OTL-before.Txt
    2014-01-01 03:54 - 2010-09-27 19:21 - 00000000 ____D C:\Mirjana
    2014-01-01 03:34 - 2014-01-01 03:34 - 00000495 _____ C:\Users\Laptop\Desktop\OTL - Shortcut.lnk
    2014-01-01 03:33 - 2014-01-01 03:33 - 00000536 _____ C:\Users\Laptop\Desktop\AdwCleaner - Shortcut.lnk
    2014-01-01 03:23 - 2013-09-25 21:34 - 00000000 ____D C:\ProgramData\AVG2014
    2014-01-01 03:22 - 2014-01-01 02:13 - 00000000 ____D C:\Users\Laptop\AppData\Local\{E223DA60-E642-818A-1CC6-4EB4FC1AB41C}
    2014-01-01 03:16 - 2013-12-30 01:01 - 00004328 _____ C:\Windows\PFRO.log
    2014-01-01 03:16 - 2006-11-02 11:18 - 00000000 ____D C:\Windows\schemas
    2014-01-01 02:37 - 2014-01-01 02:37 - 00001564 _____ C:\Users\Laptop\Desktop\Computer.lnk
    2014-01-01 02:36 - 2014-01-01 02:36 - 00000288 _____ C:\Users\Laptop\AppData\Roaming\76278BBE.reg
    2014-01-01 00:47 - 2014-01-01 00:47 - 00010970 _____ C:\ComboFix.txt
    2014-01-01 00:47 - 2014-01-01 00:19 - 00000000 ____D C:\ComboFix
    2014-01-01 00:47 - 2014-01-01 00:15 - 00000000 ____D C:\Qoobox
    2014-01-01 00:47 - 2006-11-02 11:18 - 00000000 ___RD C:\Users\Public
    2014-01-01 00:45 - 2014-01-01 00:13 - 00000000 ____D C:\Windows\erdnt
    2014-01-01 00:43 - 2006-11-02 10:23 - 00000215 _____ C:\Windows\system.ini
    2014-01-01 00:03 - 2014-01-01 00:02 - 05160176 ____R (Swearware) C:\Users\Laptop\Desktop\ComboFix.exe
    2013-12-31 21:42 - 2013-12-31 21:42 - 00000512 _____ C:\PhysicalMBR.bin
    2013-12-31 17:36 - 2013-12-31 17:36 - 00000000 ____D C:\_OTL
    2013-12-31 15:56 - 2013-12-31 15:56 - 01233962 _____ C:\Users\Laptop\Downloads\AdwCleaner.exe
    2013-12-31 01:29 - 2013-12-31 01:29 - 00035056 _____ C:\Users\Laptop\Downloads\Extras.Txt
    2013-12-30 23:14 - 2013-12-30 23:14 - 00602112 _____ (OldTimer Tools) C:\Users\Laptop\Downloads\OTL.exe
    2013-12-30 21:41 - 2011-12-26 20:41 - 00000742 _____ C:\Users\Laptop\Desktop\pesme.txt
    2013-12-30 19:07 - 2013-12-30 19:06 - 00000000 ____D C:\Users\Laptop\AppData\Local\dumps
    2013-12-30 02:27 - 2006-11-02 12:37 - 00000000 ____D C:\Windows\twain_32
    2013-12-30 00:13 - 2013-12-30 00:13 - 00000871 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-12-30 00:13 - 2010-11-21 01:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-12-21 15:43 - 2012-04-26 20:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2013-12-21 01:26 - 2013-12-21 01:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2013-12-20 02:47 - 2010-09-19 17:33 - 00000000 ____D C:\Users\Laptop
    2013-12-12 21:41 - 2013-05-05 22:44 - 00000000 ___RD C:\Program Files\Skype
    2013-12-12 02:47 - 2006-11-02 10:23 - 00000240 _____ C:\Windows\win.ini
    2013-12-12 02:44 - 2013-07-14 01:33 - 00000000 ____D C:\Windows\system32\MRT
    2013-12-12 02:40 - 2006-11-02 10:24 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2013-12-10 22:10 - 2012-07-18 20:08 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2013-12-10 22:10 - 2011-05-21 16:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2013-12-10 10:22 - 2008-09-12 17:29 - 00000000 ____D C:\Program Files\Google
    2013-12-05 21:37 - 2011-12-27 00:21 - 00001936 _____ C:\Users\Public\Desktop\Google Chrome.lnk

    Files to move or delete:
    ====================
    C:\Users\Laptop\AppData\Roaming\system.ini
    C:\ProgramData\819827392234.exe
    C:\Users\Laptop\avgremover.exe
    C:\Users\Laptop\avg_free_x86_all_2011_1120a3152.exe
    C:\Users\Laptop\ccsetup236.exe
    C:\Users\Laptop\mbam-setup-1.46.exe
    C:\Users\Laptop\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe
    C:\Users\Laptop\SkypeSetupFull.exe
    C:\Users\Laptop\winzip145.exe
    C:\Users\Laptop\word2007-kb974631-fullfile-x86-glb.exe
    C:\Users\Laptop\AppData\Roaming\msconfig.ini


    Some content of TEMP:
    ====================
    C:\Users\Laptop\AppData\Local\temp\008e3d40.exe
    C:\Users\Laptop\AppData\Local\temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-01-01 15:44

    ==================== End Of Log ============================


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-12-2013
    Ran by Laptop at 2014-01-01 18:09:29
    Running from C:\Users\Laptop\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

    ==================== Installed Programs ======================

    3Connect (Version: 2.0.0 - 3 Mobile Broadband)
    7-Zip 4.65 (Version: - )
    Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
    Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
    Adobe Reader 8.3.1 (Version: 8.3.1 - Adobe Systems Incorporated)
    Agere Systems HDA Modem (Version: - Agere Systems)
    AVG 2014 (Version: 14.0.3658 - AVG Technologies)
    AVG 2014 (Version: 14.0.4259 - AVG Technologies)
    AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
    Broadband to go (Version: 11.300.05.06.394 - Huawei Technologies Co.,Ltd)
    CCleaner (Version: 2.36 - Piriform)
    Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)
    CyberLink YouCam (Version: 1.0.1622 - CyberLink Corp.)
    eircom mobile broadband (Version: 11.300.05.04.474 - Huawei Technologies Co.,Ltd)
    Google Chrome (Version: 31.0.1650.63 - Google Inc.)
    Google Earth Plug-in (Version: 7.1.2.2041 - Google)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
    Google Update Helper (Version: 1.3.22.3 - Google Inc.)
    Huawei modem (Version: - )
    Intel(R) Graphics Media Accelerator Driver (Version: - Intel Corporation)
    Java 7 Update 7 (Version: 7.0.70 - Oracle)
    Java(TM) 6 Update 39 (Version: 6.0.390 - Oracle)
    Launch (Version: 1.0.0 - The TechGuys)
    Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Works (Version: 9.7.0621 - Microsoft Corporation)
    Mobilni Internet (Version: - Mobilni Internet)
    Mozilla Firefox 26.0 (x86 en-GB) (Version: 26.0 - Mozilla)
    Mozilla Maintenance Service (Version: 26.0 - Mozilla)
    O2 Broadband (Version: 11.302.09.13.116 - Huawei Technologies Co.,Ltd)
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation)
    OSD_1.2 (Version: 1.0.0 - OEM)
    Power2Go (Version: 5.6.3321a - CyberLink Corp.)
    Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000 - Realtek)
    Realtek High Definition Audio Driver (Version: 6.0.1.5618 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (Version: - Realtek Semiconductor Corp.)
    Skype Click to Call (Version: 6.13.13771 - Skype Technologies S.A.)
    Skype™ 6.3 (Version: 6.3.105 - Skype Technologies S.A.)
    Spare Messaging (Version: 1.00.0000 - Spare Backup, Inc)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
    Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

    ==================== Restore Points =========================

    05-11-2013 14:36:42 Scheduled Checkpoint
    07-11-2013 00:33:04 Scheduled Checkpoint
    07-11-2013 22:00:23 Scheduled Checkpoint
    10-11-2013 19:57:32 Scheduled Checkpoint
    11-11-2013 21:03:04 Scheduled Checkpoint
    14-11-2013 01:02:28 Windows Update
    01-12-2013 21:06:43 Scheduled Checkpoint
    12-12-2013 02:32:36 Windows Update
    29-12-2013 03:13:15 Scheduled Checkpoint
    29-12-2013 20:33:22 Scheduled Checkpoint
    31-12-2013 17:50:07 OTL Restore Point - 31/12/2013 17:50:06
    31-12-2013 21:42:30 OTL Restore Point - 31/12/2013 21:42:30

    ==================== Hosts content: ==========================

    2006-11-02 10:23 - 2013-12-31 17:49 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
    Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
    Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
    Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
    Task: {51F79D52-09F3-4927-825F-5D633AD71979} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-28] (Google Inc.)
    Task: {7A5C19D4-714D-490F-A89E-D54500D02D9C} - System32\Tasks\task17135539 => C:\Users\Laptop\AppData\Local\Temp\temp1764937569.exe <==== ATTENTION
    Task: {7F07BF6A-9CB5-4EC7-8F88-29FC4194D646} - System32\Tasks\task18809524 => C:\Users\Laptop\AppData\Local\Temp\temp601693151.exe <==== ATTENTION
    Task: {81CA2254-7D25-4716-97CD-2C6275E7C352} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
    Task: {853B68ED-ADD2-4A05-A1D3-A2F1871D6A98} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-28] (Google Inc.)
    Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-21] ()
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2008-07-31 16:43 - 2008-07-31 16:43 - 00021200 _____ () C:\Program Files\The TechGuys\Launch\MVVMFramework.dll
    2013-06-06 21:06 - 2007-08-23 15:39 - 00014848 _____ () C:\Program Files\Broadband to go\isaputrace.dll
    2013-06-06 21:06 - 2009-04-15 09:24 - 00098304 _____ () C:\Program Files\Broadband to go\DeviceMgrPlugin.dll
    2013-06-06 21:06 - 2009-04-15 09:20 - 00118784 _____ () C:\Program Files\Broadband to go\NetInfoPlugin.dll
    2013-06-06 21:06 - 2009-04-15 09:17 - 00086016 _____ () C:\Program Files\Broadband to go\DialUpPlugin.dll
    2013-06-06 21:06 - 2009-04-15 09:26 - 00057344 _____ () C:\Program Files\Broadband to go\ConfigFilePlugin.dll
    2013-06-06 21:06 - 2009-04-15 09:06 - 00856064 _____ () C:\Program Files\Broadband to go\NDISAPI.dll
    2013-06-06 21:06 - 2008-11-08 14:15 - 00151552 _____ () C:\Program Files\Broadband to go\DetectDev.dll
    2013-06-06 21:06 - 2008-11-08 14:15 - 00552960 _____ () C:\Program Files\Broadband to go\atcomm.dll
    2013-06-06 21:06 - 2008-11-08 14:15 - 00061440 _____ () C:\Program Files\Broadband to go\XCodec.dll
    2013-06-06 21:06 - 2008-11-08 14:15 - 00061440 _____ () C:\Program Files\Broadband to go\DeviceOperate.dll
    2013-06-06 21:06 - 2009-04-15 09:32 - 00135168 _____ () C:\Program Files\Broadband to go\LocaleMgrPlugin.dll
    2013-06-06 21:06 - 2009-04-15 09:30 - 00032768 _____ () C:\Program Files\Broadband to go\NotifyServicePlugin.dll
    2013-06-06 21:06 - 2009-04-15 09:16 - 00159744 _____ () C:\Program Files\Broadband to go\DeviceMgrUIPlugin.dll
    2013-06-06 21:06 - 2007-07-31 14:50 - 00090112 _____ () C:\Program Files\Broadband to go\FileManager.dll
    2013-06-06 21:06 - 2009-04-15 09:31 - 00159744 _____ () C:\Program Files\Broadband to go\SMSPlugin.dll
    2013-12-05 21:37 - 2013-12-04 02:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
    2013-12-05 21:37 - 2013-12-04 02:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
    2013-12-05 21:36 - 2013-12-04 02:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
    2013-12-05 21:36 - 2013-12-04 02:47 - 00702416 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
    2013-12-05 21:36 - 2013-12-04 02:47 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll
    2013-12-05 21:37 - 2013-12-04 02:48 - 13586896 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
    2013-12-21 01:26 - 2013-12-21 01:26 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
    2013-12-10 22:10 - 2013-12-10 22:10 - 16242056 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================


    ==================== Faulty Device Manager Devices =============

    Name: Microsoft 6to4 Adapter
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Microsoft 6to4 Adapter #2
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver

    Name: Microsoft 6to4 Adapter #3
    Description: Microsoft 6to4 Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
    Resolution: Update the driver


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/01/2014 01:17:57 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/01/2014 11:10:57 AM) (Source: Windows Search Service) (User: )
    Description: The entry <C:\USERS\LAPTOP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\8BFDNKT5.DEFAULT\CACHE\A\7D> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (01/01/2014 11:10:57 AM) (Source: Windows Search Service) (User: )
    Description: The entry <C:\USERS\LAPTOP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\8BFDNKT5.DEFAULT\CACHE\A\7D> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (01/01/2014 10:53:30 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/01/2014 09:26:39 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/24/2008 00:03:03 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/24/2008 00:07:21 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/01/2014 04:00:49 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/01/2014 03:24:18 AM) (Source: Application Hang) (User: )
    Description: The program iexplore.exe version 9.0.8112.16526 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: f74
    Start Time: 01cf06a0a2449d56
    Termination Time: 0

    Error: (01/01/2014 03:18:57 AM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
    Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.


    System errors:
    =============
    Error: (01/01/2014 01:18:56 PM) (Source: DCOM) (User: )
    Description: {7F6316B4-4D69-4765-B0A3-B2598F2FA80A}

    Error: (01/01/2014 01:18:06 PM) (Source: Service Control Manager) (User: )
    Description: vToolbarUpdater17.2.0%%2

    Error: (01/01/2014 01:18:06 PM) (Source: Service Control Manager) (User: )
    Description: Parallel port driver%%1058

    Error: (01/01/2014 11:30:05 AM) (Source: DCOM) (User: )
    Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

    Error: (01/01/2014 10:53:37 AM) (Source: Service Control Manager) (User: )
    Description: vToolbarUpdater17.2.0%%2

    Error: (01/01/2014 10:53:37 AM) (Source: Service Control Manager) (User: )
    Description: Parallel port driver%%1058

    Error: (01/01/2014 10:52:10 AM) (Source: EventLog) (User: )
    Description: The previous system shutdown at 10:50:55 on 01/01/2014 was unexpected.

    Error: (01/01/2014 09:26:40 AM) (Source: Service Control Manager) (User: )
    Description: vToolbarUpdater17.2.0%%2

    Error: (01/01/2014 09:26:40 AM) (Source: Service Control Manager) (User: )
    Description: Parallel port driver%%1058

    Error: (04/24/2008 00:03:31 AM) (Source: DCOM) (User: )
    Description: {7F6316B4-4D69-4765-B0A3-B2598F2FA80A}


    Microsoft Office Sessions:
    =========================
    Error: (01/01/2014 01:17:57 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/01/2014 11:10:57 AM) (Source: Windows Search Service)(User: )
    Description: Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)
    C:\USERS\LAPTOP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\8BFDNKT5.DEFAULT\CACHE\A\7D

    Error: (01/01/2014 11:10:57 AM) (Source: Windows Search Service)(User: )
    Description: Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)
    C:\USERS\LAPTOP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\8BFDNKT5.DEFAULT\CACHE\A\7D

    Error: (01/01/2014 10:53:30 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/01/2014 09:26:39 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/24/2008 00:03:03 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (04/24/2008 00:07:21 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/01/2014 04:00:49 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/01/2014 03:24:18 AM) (Source: Application Hang)(User: )
    Description: iexplore.exe9.0.8112.16526f7401cf06a0a2449d560

    Error: (01/01/2014 03:18:57 AM) (Source: SideBySide)(User: )
    Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe


    CodeIntegrity Errors:
    ===================================
    Date: 2014-01-01 18:07:17.324
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 18:07:16.445
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 18:07:15.383
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 18:07:14.147
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 18:07:12.668
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 18:07:11.512
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 18:07:10.197
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 18:07:08.865
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 09:36:23.395
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-01-01 09:36:22.724
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Percentage of memory in use: 81%
    Total physical RAM: 984.18 MB
    Available physical RAM: 184.77 MB
    Total Pagefile: 2716.01 MB
    Available Pagefile: 1051.94 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1895.64 MB

    ==================== Drives ================================

    Drive c: (Vista) (Fixed) (Total:138.31 GB) (Free:79.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (Broadband to go) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
    Drive s: (System) (Fixed) (Total:1.46 GB) (Free:1.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: C8FE0ADA)
    Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
    Partition 2: (Active) - (Size=1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=138 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    Download attached fixlist.txt file and save it to the Desktop.

    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    Hi Jsa112,

    I can't connect to internet on that laptop any more. When I started again AVG was turned off. I clicked on it, but nothing happened. I try to go to C:/Program data/AVG but i don't have permission.

    Do I need to be connected to internet in order to run this script? I am typing this from another laptop which I can use temporary to download things. Or should I fix AVG before running the script?

    Thank you!


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    don't worry about avg for the time being

    use that other PC to download the fixlist.txt and put it onto the infected PC


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-12-2013
    Ran by Laptop at 2014-01-01 20:59:57 Run:1
    Running from C:\Users\Laptop\Desktop
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    () C:\Users\Laptop\AppData\Local\temp\008e3d40.exe
    HKCU\...\CurrentVersion\Windows: [Load] C:\Users\Laptop\LOCALS~1\Temp\msotuo.bat <===== ATTENTION
    2014-01-01 18:07 - 2014-01-01 18:07 - 00000000 _____ C:\Users\Laptop\AppData\Roaming\system.ini
    2014-01-01 18:05 - 2014-01-01 17:59 - 00329216 __RSH C:\ProgramData\819827392234.exe
    2014-01-01 18:04 - 2014-01-01 18:07 - 00000216 _____ C:\Users\Laptop\AppData\Roaming\msconfig.ini
    2014-01-01 18:03 - 2014-01-01 18:05 - 00000000 ___HD C:\ProgramData\COMHOST
    2014-01-01 17:59 - 2014-01-01 18:05 - 00329216 __RSH C:\ProgramData\819827392234.exe
    C:\Users\Laptop\AppData\Roaming\system.ini
    C:\ProgramData\819827392234.exe
    C:\Users\Laptop\AppData\Roaming\msconfig.ini
    Task: {7A5C19D4-714D-490F-A89E-D54500D02D9C} - System32\Tasks\task17135539 => C:\Users\Laptop\AppData\Local\Temp\temp1764937569.exe <==== ATTENTION
    Task: {7F07BF6A-9CB5-4EC7-8F88-29FC4194D646} - System32\Tasks\task18809524 => C:\Users\Laptop\AppData\Local\Temp\temp601693151.exe <==== ATTENTION

    *****************

    C:\Users\Laptop\AppData\Local\temp\008e3d40.exe => No running process found
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
    C:\Users\Laptop\AppData\Roaming\system.ini => Moved successfully.
    C:\ProgramData\819827392234.exe => Moved successfully.
    C:\Users\Laptop\AppData\Roaming\msconfig.ini => Moved successfully.
    C:\ProgramData\COMHOST => Moved successfully.
    "C:\ProgramData\819827392234.exe" => File/Directory not found.
    "C:\Users\Laptop\AppData\Roaming\system.ini" => File/Directory not found.
    "C:\ProgramData\819827392234.exe" => File/Directory not found.
    "C:\Users\Laptop\AppData\Roaming\msconfig.ini" => File/Directory not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A5C19D4-714D-490F-A89E-D54500D02D9C} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A5C19D4-714D-490F-A89E-D54500D02D9C} => Key deleted successfully.
    C:\Windows\System32\Tasks\task17135539 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task17135539 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F07BF6A-9CB5-4EC7-8F88-29FC4194D646} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F07BF6A-9CB5-4EC7-8F88-29FC4194D646} => Key deleted successfully.
    C:\Windows\System32\Tasks\task18809524 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task18809524 => Key deleted successfully.

    ==== End of Fixlog ====


  • Registered Users, Registered Users 2 Posts: 251 ✭✭sandra_b


    Shell I restart now?


  • Registered Users, Registered Users 2 Posts: 840 ✭✭✭jsa112


    yeah and tell me how its running, hopefully that will have removed it


  • Advertisement
Advertisement