Solved internet explorer 9 uninstall

January 20, 2014 at 12:33:23
Specs: Windows Vista

I recently installed for the first time a wifi. since then or coincidence? my I.E 9 has virtually stopped working, freezing up, takes ages to download any request ect. However I also have Mozilla Firefox which seems to work quite well but possibly not as fast as before?

I would appreciate any help

Ian Hamilton


See More: internet explorer 9 uninstall

Report •


#1
January 20, 2014 at 16:59:09

You could try IE Reset:

IE > Tools > Internet Options > Advanced > Reset button.

You will loose your customizations and addons but the addons soon come back with usage.

Always pop back and let us know the outcome - thanks


Report •

#2
January 21, 2014 at 08:43:30
✔ Best Answer

As long as the new wireless router is connected and configured correctly, it is pretty safe to assume it's an issue with your computer.

If what Derek posted in response #1 made IE run better for you, I would bet your computer has been infected with a virus. This will only be a temporary fix so plan on having your computer repaired soon. In the meantime, make sure your AV software is up-to-date and that you're running routine scans!

FYI, you can also reset FireFox or Chrome for that matter. See link below:
http://en.kioskea.net/faq/6361-rese...

Law of Logical Argument: Anything is possible if you don't know what you're talking about.


Report •

#3
January 22, 2014 at 06:43:59

Thanks for that Derek, much appreciated. I will try that

Report •

Related Solutions

#4
January 22, 2014 at 07:10:50

Hi Newbie10, Many thanks for your answer regarding my problems with IE 9.
As a matter of interest I run very regular virus checks and have just done so using what was recommended by Virgin and that is F-Secure it tells me there is no virus spyware or
Riskware problems. As I say I generally run a scan once or twice a week. A friend of mine also seemed to have similar problems with version 9? and went back to IE 8 which I am now trying. "what do you think"? You also said I should get my computer fixed can you elaborate on that. I currently run Vista on my Desktop
I am extremely grateful for your help Newbie10
Ian Hamilton



Report •

#5
January 22, 2014 at 08:03:11

No problem.

Since I can't see or work on your computer myself, I have to make assumptions based on the info that is presented. Since you posted your issue on this forum, you obviously know that there is something wrong to cause IE9 to behave that way. While it could be the browser itself whether it's a bad or corrupted install or a faulty or infected add-on or it could be a virus that infected your system that is causing it to act that way.

The only reason I mentioned to be prepared to have your computer worked on is because while some virus infections can be noticed immediately, typically they come on slowly as they start to infect various aspects of your computer until all of a sudden the computer just stops working all together.

I could be wrong, but it wouldn't be the first time I've seen something like this happen. As far as your AntiVirus software goes, I've never used that one, but I can say that not all AV's find and detect all viruses. I would recommend downloading and running Malwarebytes to see if it finds anything that your AV missed. That very will could resolve your problem.

Law of Logical Argument: Anything is possible if you don't know what you're talking about.


Report •

#6
January 22, 2014 at 08:40:32

Yes, I would definitely run MalwareBytes on it. It often finds what AV's miss (particularly malware rather than viruses) which is why we suggest it often on these forums. You can get it here (icon top right):
http://www.filehippo.com/download_m...

There are other things we can suggest but try that first.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#7
January 22, 2014 at 11:42:35

Thanks again guys, I will do just that(download the free version as a trial)? my problem is its just taking forever to do anything like, download. As I said I got rid of V9 and reinstalled V8 that on its own did very little. I will hopefully get a successful of Malwarebytes and run that and see what happens, anyway will keep you posted.
Ian.H

Report •

#8
January 22, 2014 at 11:47:59

Not sure if they call it a trial or not but the version from the green icon top right in the link I gave has no time limit. It might have some limitations (support, automatic updates etc) but it will still find and fix anything it finds.

Always pop back and let us know the outcome - thanks


Report •

#9
January 27, 2014 at 08:41:26

Hi Derek, you still out there? Thank you for your reply on the 22nd and apologies for my late response, been away for a couple of days. Anyway things not improved much.
I have downloaded a couple of different virus checkers but all say "No viruses found!?
so I suppose a good thing? I then did as you guys suggested and downloaded the Malwarebyte which certainly showed a few things (see attached). However trying to delete the problems shown seems to work until I re-run the program and lo and behold
the show up again on the re-run (as if never deleted. Do I need to tick the check box on every item or simply just ask it to remove all shown?
Derek, what would you recommend as a virus checker? and do you have the full version of Malwarebyte, is it a worthwhile buy?

Report •

#10
January 27, 2014 at 09:38:22

MalwareBytes has a knack of finding what AV's miss, which is why we suggest it. I should have said that only the quick scan is usually necessary, although there is nothing lost by doing the full one. This is how you use it:
http://www.bleepingcomputer.com/vir...
As I recall the items should have been pre-ticked. By the way, you said "see attached" but I didn't find anything.

I normally use MWB as an on-demand checker and a free Antivirus. What AV you use is very much a matter of opinion. In fact BitDefender cloud (free) had good reviews lately. One of the helpers here rates Avast (free) very highly although it now seems to be getting a bit bloated, pushy and wants to install Google toolbar etc (which you can decline). Off the top of my head I would have thought the full paid for MWB would be a good bet but I only use freebies. MS Microsoft Essentials (free) is used by others although lately it has had poor reviews. In short AV's are a bit of a minefield so you just have to look at the latest reviews (tests) and toss up that decision coin.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#11
January 27, 2014 at 13:13:31

Hi Derek, I am resending this to you as I think my first attempt 30 mins or so ago probably failed? When I tried to send it, it asked me to log in again and when I did the message disappeared, I think? Anyway what I was trying to say was I have been trying to run the prog you suggested MalwareBytes and it did show 140 infections in red but all the boxes were unchecked so I added a tick to all the individual boxes but it has not made any difference after several re-runs it still shows around 140? malicious entry's.
I think I mentioned I have downloaded a couple of Av and none of them including my own (F-secure from Virgin) showed any viruses,(thankful for small mercies). I thought I would add a screen capture to let you see what was going on but could not even manage that,
"not having a great deal of luck"?? and the thought of reformatting my hard drive does not fill me with great excitement so I will hack away for a wee while yet. I will keep you posted if that's ok and hope I am not taking up too much of your time.
Still have not figured how to add the attachment!

Report •

#12
January 27, 2014 at 13:21:40

That's odd. I feel certain MWB normally ticks the items automatically. Despite the fact that other AV's find nothing I am suspicious. Some viruses and similar are quite adept at stopping programs such as MWB from running.

I am going to ask a fellow helper (Johnw) if he is able to join us. If so he is likely to run a number of specialist programs to firstly see if there is an infection and if so to clean the computer. He is in Perth Australia so don't expect anything too soon (it's only 5.20 am there right now). We could continue but I think it best to wait because he has a wide experience of this sort of thing.

Always pop back and let us know the outcome - thanks


Report •

#13
January 27, 2014 at 13:25:10

Derek just before I go, I rerun again MalwareByte and it came back with 140 malicious problems BUT the boxes were all unchecked. I ticked all the boxes and asked for them to be removed.... same problem the program thinks for a while but says it is not responding and then greys out and says it is closing as there is a problem?? this has happened several times using MalwareByte I an now tearing whats left of my hair out?

Thanks again for your help
Ian.H


Report •

#14
January 27, 2014 at 13:26:55

Yeah, sounds very suspicious - see my #12. We must be sure that there is no infection before proceeding further. After that (if necessary) we can look at the IE issue.

If you can copy/paste the MWB log on here it would help.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#15
January 27, 2014 at 13:29:12

I'm glad your there mate hear fro you at some point.


Report •

#16
January 27, 2014 at 14:33:56

Hi folks.

Lots of things to fix, I will get a better picture if this will run.

Download OTL from any of the following links, save & run from your Desktop.
http://oldtimer.geekstogo.com/OTL.exe
http://itxassociates.com/OT-Tools/O...
http://www.itxassociates.com/OT-Too...
Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)
When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Change Drivers to All
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Click Run Scan and let the program run uninterrupted.
When the scan is complete, two text files will be created on your Desktop
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized


Upload the logs using this. I upload to Imgur.com for images & load.to for files ( neither need an account ) Give us the link please.

Image Uploader
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru

How to use for files.
http://i.imgur.com/FhtnM6c.gif
http://i.imgur.com/yBtjlpb.gif
http://i.imgur.com/txFkgpT.gif

message edited by Johnw


Report •

#17
January 28, 2014 at 08:00:19

Hi Guys, I refer to above #16,
I have downloaded OTL and run it as requested, it finished ok and produced as you said 2 files on notepad on my desktop OTL.Txt and Extras.txt. Now this is where I am a bit confused?
I downloaded: www.softpedia.com/get/intern and used i.imgur/FhtnM6c... so now have an uploader! but how do I load the notepad files onto the uploader? I can drag and drop them onto this uploader but if I try and open them up to see the contents it says "open in folder" which in turn shows every folder I have, this cant be right?
Can I send these notepad files by email ?


Report •

#18
January 28, 2014 at 13:51:04

"this cant be right?"
Opp's sorry, my SS is wrong, here is an amended one, if you still are having a problem, PM me your email address.

http://i.imgur.com/yBtjlpb.gif


Report •

#19
February 3, 2014 at 13:16:11

Hi Johnw
Thanks for hanging on in with me and for the help you are giving me.
I am unfortunately still not sure what I am supposed to be doing you guys are away above my limited knowledge, but finding it very interesting.
I can use the OTL, run it and see the resultant files "OTL.Txt and Extras.Txt which come up on my desktop ok. Where I am losing the plot is "how the hell do I send them to you as you asked? I just cant seem to get that bit to work.
I have looked at "http://i.imgur.com/yBtjlpb.gif" and it displays the new page but cant seem to download that (unless I am looking at the wrong link")
My email address is? sending them by email fees able? I have loaded these two files onto an email and saved it just in case its ok with you and have an email I can send it to?

Anyway mate Thanks again

Ian .H


message edited by ihsc24909


Report •

#20
February 3, 2014 at 13:27:43

I have emailed you Ian, you can edit your email address now, out of your Post #19

Report •

#21
February 3, 2014 at 13:31:51

ihsc24909

Yes, do edit out that email address or the spammers engines will find it and you'll get junk email forever.

Always pop back and let us know the outcome - thanks


Report •

#22
February 4, 2014 at 02:33:18

Johnw

Thanks for the good advice I have taken out my email address re #19.


Report •

#23
February 4, 2014 at 02:35:34

Derek, thanks for that, and I will keep you posted as to how things are progressing.

Report •

#24
February 4, 2014 at 03:45:47

Ok Ian, got your logs & I can see the problems.

Run both of these in this order.

1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/BWELEfV.gif
http://i.imgur.com/4luY3rU.gif
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Please download AdwCleaner by Xplode onto your Desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/qO92huz.gif
http://i.imgur.com/qzTUYkX.gif
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#25
February 5, 2014 at 12:33:15

Good Morning Johnw
I read your email and I will comply. I tried to download the suggested AdweCleaner
softpedia.com (both of them) but was prevented by the Malwarebyte's frustrated or what?
As I only have the malware on trial I suppose I could uninstall and try and download the Adware and try again, this I will do and be back in touch although might not be tomorrow?
I tell you mate a sharp learning curve or what, but a big thank you
Ian.H

Report •

#26
February 5, 2014 at 15:26:15

Evening Ian, the nasties in your comp are doing their job, all quite normal, we just have to find a way around/outsmart them.

Report •

#27
February 10, 2014 at 14:20:03

Here are the next steps.

1: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
To run Unhide, simply download it to your Desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.
When Unhide is complete, it will create a logfile on the Windows Desktop called Unhide.txt.
Copy & Paste the contents of the log in your next post please. Let me know if it doesn't produce a log.

2: Reboot

3: Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.


Report •

#28
February 12, 2014 at 08:25:31

Hi Johnw
Here is the log file created by "Unhide" duly posted as asked for #27

Thanks again
Ian.H

PS I will now try and run RogueKiller and let you know.

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 02/12/2014 03:54:17 PM
Windows Version: Windows Vista

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 203102 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 2624 files processed.

Processing the G:\ drive
Finished processing the G:\ drive. 0 files processed.

Processing the H:\ drive
Finished processing the H:\ drive. 0 files processed.

Processing the I:\ drive
Finished processing the I:\ drive. 0 files processed.

Processing the J:\ drive
Finished processing the J:\ drive. 0 files processed.

The C:\Users\Ian\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/for...

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Program finished at: 02/12/2014 04:00:35 PM
Execution time: 0 hours(s), 6 minute(s), and 17 seconds(s)



Report •

#29
February 12, 2014 at 11:58:58

Back again Johnw,
Here is the report from the RogueKiller Scan, good luck as I said earlier glad you are there.

RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Ian [Admin rights]
Mode : Remove -- Date : 02/12/2014 19:55:20
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU][PUM] HKLM\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU][PUM] HKLM\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] IAT @explorer.exe (CloseServiceHandle) : ADVAPI32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62C92110)
[Inline] IAT @explorer.exe (OpenServiceW) : ADVAPI32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62C91FAB)
[Inline] IAT @explorer.exe (TerminateThread) : KERNEL32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62C91C9C)
[Inline] EAT @explorer.exe (NtCreateProcess) : ntdll.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62CBE630)
[Inline] EAT @explorer.exe (NtCreateProcessEx) : ntdll.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62CBE560)
[Inline] EAT @explorer.exe (NtCreateUserProcess) : ntdll.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62CBE5C0)
[Inline] EAT @explorer.exe (ZwCreateProcess) : ntdll.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62CBE630)
[Inline] EAT @explorer.exe (ZwCreateProcessEx) : ntdll.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62CBE560)
[Inline] EAT @explorer.exe (ZwCreateUserProcess) : ntdll.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62CBE5C0)
[Inline] EAT @explorer.exe (CopyFileExW) : kernel32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62C934A9)
[Inline] EAT @explorer.exe (CreateDirectoryExW) : kernel32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62C93383)
[Inline] EAT @explorer.exe (CreateDirectoryW) : kernel32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62C93266)
[Inline] EAT @explorer.exe (CreateMutexExW) : kernel32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62C92C42)
[Inline] EAT @explorer.exe (CreateRemoteThread) : kernel32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62C92791)
[Inline] EAT @explorer.exe (GetFileSizeEx) : kernel32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62C93973)
[Inline] EAT @explorer.exe (OpenMutexA) : kernel32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62C92ACF)
[Inline] EAT @explorer.exe (OpenMutexW) : kernel32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62C929AB)
[Inline] EAT @explorer.exe (TerminateThread) : kernel32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62C91C9C)
[Inline] EAT @explorer.exe (WriteProcessMemory) : kernel32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62C92D71)
[Inline] EAT @explorer.exe (CloseServiceHandle) : ADVAPI32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62C92110)
[Inline] EAT @explorer.exe (ControlService) : ADVAPI32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62C91FC2)
[Inline] EAT @explorer.exe (CreateServiceA) : ADVAPI32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62C9253D)
[Inline] EAT @explorer.exe (CreateServiceW) : ADVAPI32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62C92572)
[Inline] EAT @explorer.exe (OpenServiceA) : ADVAPI32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62C91F94)
[Inline] EAT @explorer.exe (OpenServiceW) : ADVAPI32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62C91FAB)
[Inline] EAT @explorer.exe (SetWindowsHookExA) : USER32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62C91E47)
[Inline] EAT @explorer.exe (SetWindowsHookExW) : USER32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62C91E63)
[Inline] EAT @explorer.exe (recv) : WS2_32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62C925A7)
[Inline] EAT @explorer.exe (send) : WS2_32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x62C9269C)
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35F5AD66)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35F5AD66)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35F5AD66)
[Inline] EAT @iexplore.exe (NtMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x719F0022)
[Inline] EAT @iexplore.exe (ZwMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x719F0022)
[Inline] EAT @iexplore.exe (CoCreateInstanceEx) : ole32.dll -> HOOKED (Unknown @ 0x717D0022)
[Inline] EAT @iexplore.exe (GetAddrInfoExW) : WS2_32.dll -> HOOKED (Unknown @ 0x71120022)
[Inline] EAT @iexplore.exe (connect) : WS2_32.dll -> HOOKED (Unknown @ 0x710D0022)
[Inline] EAT @iexplore.exe (getaddrinfo) : WS2_32.dll -> HOOKED (Unknown @ 0x71080022)
[Address] IAT @iexplore.exe (SHGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x72B54927)
[Address] IAT @iexplore.exe (SHRegGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x72B54984)
[Address] IAT @iexplore.exe (SHSetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x72B72BC2)
[Address] IAT @iexplore.exe (PathIsURLW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x72B5FA79)
[Inline] EAT @iexplore.exe (NtMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x719F0022)
[Inline] EAT @iexplore.exe (ZwMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x719F0022)
[Inline] EAT @iexplore.exe (CoCreateInstanceEx) : ole32.dll -> HOOKED (Unknown @ 0x717B0022)
[Inline] EAT @iexplore.exe (GetAddrInfoExW) : WS2_32.dll -> HOOKED (Unknown @ 0x71100022)
[Inline] EAT @iexplore.exe (connect) : WS2_32.dll -> HOOKED (Unknown @ 0x710B0022)
[Inline] EAT @iexplore.exe (getaddrinfo) : WS2_32.dll -> HOOKED (Unknown @ 0x71060022)
[Inline] EAT @iexplore.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35F5AD66)
[Inline] EAT @iexplore.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35F5AD66)
[Inline] EAT @iexplore.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35F5AD66)
[Address] IAT @iexplore.exe (SHGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x72B54927)
[Address] IAT @iexplore.exe (SHRegGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x72B54984)
[Address] IAT @iexplore.exe (SHSetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x72B72BC2)
[Address] IAT @iexplore.exe (PathIsURLW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x72B5FA79)
[Inline] EAT @iexplore.exe (NtMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x719F0022)
[Inline] EAT @iexplore.exe (ZwMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x719F0022)
[Inline] EAT @iexplore.exe (CoCreateInstanceEx) : ole32.dll -> HOOKED (Unknown @ 0x717B0022)
[Inline] EAT @iexplore.exe (GetAddrInfoExW) : WS2_32.dll -> HOOKED (Unknown @ 0x71100022)
[Inline] EAT @iexplore.exe (connect) : WS2_32.dll -> HOOKED (Unknown @ 0x710B0022)
[Inline] EAT @iexplore.exe (getaddrinfo) : WS2_32.dll -> HOOKED (Unknown @ 0x71060022)
[Address] IAT @iexplore.exe (SHGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x72B54927)
[Address] IAT @iexplore.exe (SHRegGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x72B54984)
[Address] IAT @iexplore.exe (SHSetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x72B72BC2)
[Address] IAT @iexplore.exe (PathIsURLW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x72B5FA79)
[Inline] EAT @iexplore.exe (NtMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x719F0022)
[Inline] EAT @iexplore.exe (ZwMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x719F0022)
[Inline] EAT @iexplore.exe (CoCreateInstanceEx) : ole32.dll -> HOOKED (Unknown @ 0x717B0022)
[Inline] EAT @iexplore.exe (GetAddrInfoExW) : WS2_32.dll -> HOOKED (Unknown @ 0x71100022)
[Inline] EAT @iexplore.exe (connect) : WS2_32.dll -> HOOKED (Unknown @ 0x710B0022)
[Inline] EAT @iexplore.exe (getaddrinfo) : WS2_32.dll -> HOOKED (Unknown @ 0x71060022)
[Address] IAT @iexplore.exe (SHGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x72B54927)
[Address] IAT @iexplore.exe (SHRegGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x72B54984)
[Address] IAT @iexplore.exe (SHSetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x72B72BC2)
[Address] IAT @iexplore.exe (PathIsURLW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x72B5FA79)
[Inline] EAT @iexplore.exe (NtMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x719F0022)
[Inline] EAT @iexplore.exe (ZwMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x719F0022)
[Inline] EAT @iexplore.exe (CoCreateInstanceEx) : ole32.dll -> HOOKED (Unknown @ 0x717B0022)
[Inline] EAT @iexplore.exe (GetAddrInfoExW) : WS2_32.dll -> HOOKED (Unknown @ 0x71100022)
[Inline] EAT @iexplore.exe (connect) : WS2_32.dll -> HOOKED (Unknown @ 0x710B0022)
[Inline] EAT @iexplore.exe (getaddrinfo) : WS2_32.dll -> HOOKED (Unknown @ 0x71060022)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD50 00AACS-00ZUB SCSI Disk Device +++++
--- User ---
[MBR] ae0b0062449143846e5e3bbf7e67874a
[BSP] 7b28f606b51c23d51a595d374a5f7156 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 456456 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 934822350 | Size: 20481 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE4 @ USB) HP USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_D_02122014_195520.txt >>
RKreport[0]_S_02122014_194728.txt


Report •

#30
February 12, 2014 at 13:30:30

"Here is the report from the RogueKiller Scan"

"+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE4 @ USB) HP USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )"

Double check the instructions Ian, you appear to have a USB connected, if so, print or write out instructions & tick them off as you comply.

Skip RogueKiller for now, we can run it again later.


Report •

#31
February 12, 2014 at 13:30:48

Run Defogger & then Combofix.
http://majorgeeks.com/Defogger_d708...
http://www.bleepingcomputer.com/dow...
Please download DeFogger and save it to your Desktop
Once downloaded, double-click on the DeFogger icon to start the tool.
Double click DeFogger to run the tool.
The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.
This program can enable and disable CD emulation, often required in removing difficult malware. Some CD Emulation programs use a hidden driver that may be seen as a rootkit or that will interfere with the proper operation of the anti-rootkit scanner.

Download ComboFix to your Desktop & then run. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"

If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#32
February 17, 2014 at 08:37:47

Hi Johnw,
Hope you are still with me.I have complied (hopefully) with your last instructions #31
and pasted two logs :

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:01 on 17/02/2014 (Ian)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

AND

ComboFix 14-02-16.01 - Ian 17/02/2014 15:29:10.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2047.756 [GMT 0:00]
Running from: c:\users\Ian\Desktop\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Computer Security *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Computer Security *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WinDHCPsvc
.
.
((((((((((((((((((((((((( Files Created from 2014-01-17 to 2014-02-17 )))))))))))))))))))))))))))))))
.
.
2014-02-13 19:54 . 2014-02-05 08:49 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-12 14:17 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-02-10 19:38 . 2014-02-10 19:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-10 19:38 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-10 17:53 . 2014-02-10 17:53 -------- d-----w- c:\program files\sweetpacks bundle uninstaller
2014-02-10 16:27 . 2014-02-10 17:33 -------- d-----w- C:\AdwCleaner
2014-02-10 16:19 . 2014-02-10 20:27 -------- d-----w- c:\programdata\Updater
2014-02-10 16:11 . 2014-02-10 16:11 -------- d-----w- c:\users\Ian\AppData\Local\Opera Software
2014-02-10 16:11 . 2014-02-10 16:11 -------- d-----w- c:\users\Ian\AppData\Roaming\Opera Software
2014-02-10 16:11 . 2014-02-10 18:01 -------- d-----w- c:\program files\Opera
2014-02-10 15:22 . 2014-02-10 15:22 -------- d-----w- c:\programdata\SetApp
2014-02-10 15:21 . 2014-02-10 16:15 -------- d-----w- c:\programdata\InstallMate
2014-02-10 15:07 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2659F15-8B09-46D7-87ED-1EDA09F29390}\mpengine.dll
2014-02-05 15:53 . 2014-02-17 14:28 -------- d-----w- c:\users\Ian\AppData\Local\FileTypeAssistant
2014-02-05 13:43 . 2014-02-05 13:43 54016 ----a-w- c:\windows\system32\drivers\tihdkwor.sys
2014-02-05 13:21 . 2014-02-05 13:21 -------- d-----w- c:\users\Ian\AppData\Roaming\CleanMyPC Software
2014-02-05 12:20 . 2014-02-05 12:20 -------- d-----w- c:\windows\ERUNT
2014-01-28 15:53 . 2014-01-28 15:54 -------- d-----w- c:\users\Ian\Temp Downloads
2014-01-28 14:56 . 2014-01-28 15:19 -------- d-----w- c:\users\Ian\AppData\Roaming\Image Uploader
2014-01-28 14:56 . 2014-02-03 20:20 -------- d-----w- c:\program files\Image Uploader
2014-01-28 14:56 . 2014-01-28 14:56 -------- d-----w- c:\programdata\Image Uploader
2014-01-23 20:15 . 2014-01-23 20:15 -------- d-----w- c:\users\Ian\AppData\Roaming\AVG
2014-01-23 20:09 . 2014-01-23 20:22 -------- d-----w- c:\programdata\AVG
2014-01-23 20:06 . 2014-01-23 20:06 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-01-22 22:56 . 2014-01-22 22:56 -------- d-----w- c:\users\Ian\AppData\Roaming\TuneUp Software
2014-01-22 22:54 . 2014-01-23 20:25 -------- d-----w- c:\program files\AVG
2014-01-22 22:51 . 2014-01-22 23:31 -------- d-----w- c:\users\Ian\AppData\Local\Avg2014
2014-01-22 22:51 . 2014-01-22 22:51 -------- d-----w- c:\users\Ian\AppData\Local\MFAData
2014-01-22 20:37 . 2014-01-22 20:37 107256 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2014-01-22 19:46 . 2014-01-22 19:46 -------- d-----w- c:\users\Ian\AppData\Roaming\Malwarebytes
2014-01-22 19:46 . 2014-01-22 19:46 -------- d-----w- c:\programdata\Malwarebytes
2014-01-20 17:16 . 2014-01-20 17:16 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-19 21:46 . 2014-01-19 21:46 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-05 11:01 . 2012-04-10 18:13 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 11:01 . 2011-06-03 09:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-16 09:59 . 2011-05-17 12:30 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-11-30 18:57 . 2013-11-30 18:49 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys
2013-11-25 21:56 . 2013-11-25 21:56 210712 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-11-25 21:56 . 2013-11-25 21:56 149272 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-11-25 21:49 . 2013-11-25 21:49 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-05-12 21:37 . 2013-05-23 19:08 406304 ----a-w- c:\program files\setup.exe
2011-05-18 19:28 . 2014-02-05 12:56 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{45BBE08D-81C5-4A67-AF20-B2A077C67747}]
2013-08-20 09:25 1539008 ----a-w- c:\program files\F-Secure\apps\OnlineSafety\browser\install\fs_ie_https\fs_ie_https.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Registry Cleaner Scheduler"="c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2013-12-14 1403680]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-18 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-05-18 30192]
"Live! Central 3"="c:\program files\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe" [2010-12-07 503969]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"F-Secure Hoster (49534)"="c:\program files\F-Secure\fshoster32.exe" [2013-10-30 191528]
"F-Secure Manager"="c:\program files\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE" [2013-09-25 310208]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-01-31 10959464]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-01-22 4962320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Walgreens PictureMover.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Walgreens PictureMover.lnk
backup=c:\windows\pss\Walgreens PictureMover.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Users^Ian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-05-11 10:37 958576 ------w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 20:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-10-15 10:14 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 18:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mobilegeni daemon]
2013-10-18 08:40 738496 ----a-w- c:\program files\Mobogenie\DaemonProcess.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 15:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 02:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2012-01-31 18:09 10959464 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ServiceManager.exe]
2012-03-07 10:59 10208568 ----a-w- c:\program files\Virgin Media\Service Manager\ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-11-14 16:45 20587680 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 08:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-05-18 17:01 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-09-02 18:19 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0700Mon.exe]
2010-08-18 00:00 28672 ----a-w- c:\windows\V0700Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3821336757-804075763-824847514-1000]
"EnableNotificationsRef"=dword:00000001
.
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-08-22 1242976]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-05 10:41 1211720 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 11:01]
.
2014-02-17 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-10-17 11:16]
.
2014-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-18 19:12]
.
2014-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-18 19:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aldi.com/
mSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
TCP: DhcpNameServer = 192.168.0.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\hg116lbd.default\
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-17 16:02
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fshoster]
"ImagePath"="\"c:\program files\F-Secure\fshoster32.exe\" -hosterid:0"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\F-Secure\My Services Agent\Protected]
@Denied: ) (Everyone)
"AgentIdentifier"="591d2648-ff82-4639-aff9-b899e053a21b"
"AuthorizationCode"=""
"49534_AgentIdentifier"="591d2648-ff82-4639-aff9-b899e053a21b"
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2014\avgrsx.exe
c:\program files\AVG\AVG2014\avgcsrvx.exe
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\AVG\AVG2014\avgfws.exe
c:\program files\AVG\AVG2014\avgidsagent.exe
c:\program files\AVG\AVG2014\avgwdsvc.exe
c:\program files\F-Secure\apps\CCF_Reputation\fsorsp.exe
c:\program files\F-Secure\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Trusteer\Rapport\bin\RapportService.exe
c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Virgin Media\Service Manager\ServicepointService.exe
c:\program files\AVG\AVG2014\avgnsx.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\program files\AVG\AVG2014\avgemcx.exe
c:\windows\System32\WUDFHost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
c:\program files\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe
.
**************************************************************************
.
Completion time: 2014-02-17 16:12:38 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-17 16:12
.
Pre-Run: 362,741,485,568 bytes free
Post-Run: 363,134,959,616 bytes free
.
- - End Of File - - 5138F74F04D6A36BDD92A04E150BF3FE
671B81004FDD1588FA9ED1331C9CECA9


Please Note I did turn of my Anti Virus and Firewall applications before running this.
John I hope this is ok and you can gleen something from it?
Best Regards Ian.H


Report •

#33
February 17, 2014 at 09:13:10

"Hope you are still with me.
Yep, still here Ian, going to bed after posting this.

I have complied (hopefully) with your last instructions #31
and pasted two logs :
Good job.

Next step.

Run ESET Online Scanner, Copy and Paste the contents of the log please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
You may have to download ESET from a good computer, put it on a flash/thumb/pen drive & run it from there, if your comp is unbootable, or won't let you download.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner? I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the Desktop<.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

#34
February 17, 2014 at 14:44:34

Morning Johnw, hope you slept well.

Well! I ran the ESET online scanner from my PC and it downloaded and ran ok?

"C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt"). Does not seem to exist?

Unfortunatly it will not let me run and see the log file from the desktop it says it cannot find the file? I have also looked in C: prog file.... and there is no .txt file but loads of other files relating to ESET
so I have sent what I have (results) to you by email again as I could not get them pasted into this post. John sorry for the inconvenience.

Hope this is ok
Ian.H



Report •

#35
February 17, 2014 at 15:06:03

"I could not get them pasted into this post"
Something like this is what you should have Ian.
Break it up into 2,3 or more pieces to allow it to fit into your post

Post #18
http://www.computing.net/answers/wi...


Report •

#36
February 19, 2014 at 09:27:17

Hi John,I am at a loss?
Tried agai and downloaded.... http://www.eset.com/us/online-scann...
But it does not give me an option to download to a Flash/thumb/pen ,,ect? It just downloads into my pc C:drive prog files ..ect and scans automatically. therefor I cannot creat the SysRescue as you instructed?
However I did disable my Av and Firewall and all other ascociated with the Av and Firewall.
It ran on for over an hour and came up with the following but still did not produce a log file?? lots of other files but no ...log.txt??
But did say No Threats Found
Scanned 177617 files
Infected 0
cleaned 0

Is there anything else I can do
Ian.H


Report •

#37
February 19, 2014 at 15:41:56

" but still did not produce a log file?? lots of other files but no ...log.txt??
But did say No Threats Found"

That's normal Ian, refer the end of my post #33

Are you printing or writing the instructions down?

Please download Rkill from any one of these links and save it to your Desktop. Copy & Paste the contents of the log in your reply.
http://www.technibble.com/rkill-rep...
Rkill.com
http://download.bleepingcomputer.co...
Rkill.scr
http://download.bleepingcomputer.co...
Rkill.pif
http://download.bleepingcomputer.co...
Now double click on Rkill to run it. If the first one doesn't work try the next one.
This will help remove certain processes and should restore any file associations and your desktop. Note: Your system is still infected as Rkill does not delete files - it merely helps to temporarily disable the infections, allowing us to start the cleansing process.
Do NOT reboot your machine. Each time you reboot, Rkill is disabled and you would have to run it again in order for it to be effective.

Run TDSSKiller. Copy & Paste the contents of the log in your next post please.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://usa.kaspersky.com/downloads/...
http://support.kaspersky.com/faq/?q...
http://support.kaspersky.com/viruse...
Anti-rootkit utility TDSSKiller
http://support.kaspersky.com/faq/?q...
If TDSS doesn't run, use FixTDSS
http://www.symantec.com/content/en/...
Download FixTDSS and save it to your Desktop.
Double click on the FixTDSS.exe icon to run it.
Click the "I Accept" button, then the "Proceed" button to begin
The tool will restart your computer automatically - click OK to allow it to do so
The tool will begin it's scan on reboot > click "run" to begin
It will report if an infected MBR is found > click the "repair" button
If you do not specify a full pathname, TDSSKiller will save the log in the same folder that the executable resides in.


Report •

#38
February 20, 2014 at 12:50:52

Hi Johnw,
Glad you are still out there, well I followed your instructions,ticking off as I went and downloaded to desktop and ran Rkill it did produce a log file onto desktop see below.

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 02/20/2014 08:32:47 PM in x86 mode.
Windows Version: Windows Vista (TM) Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 02/20/2014 08:34:36 PM
Execution time: 0 hours(s), 1 minute(s), and 49 seconds(s)

............................................................................................


I also ran TDSSKiller (kaspersky), it also ran ok, but did NOT supply a log file to desktop but produced a pop-up saying:-
No Threats Found.
Processed 424 objects.
Found............... 0 Threats
Neutralized........0 Threats
Quarantined......0 Object6sIt also on that pop up there is a huge report , but it will not allow you to do anything like: copy/ move absolutly nothing. I looked down this report and at the end of every line it said "ok" also at the very bottom in concludes by saying
Dedected Object count: 0
Actual Detected Count :0
I have not run FixTDSS as I am assuming what I have given you from my TDSS run is ok for you as it appeard to me ok? but I am sure you will let me know.

Thanks again Johnw all this is all much appreciated

Best Regards Ian.H


Report •

#39
February 20, 2014 at 14:09:37

"as it appeard to me ok?"
Yep, all good Ian, now back to this.

Download the latest version of RogueKiller & run again.


Report •

#40
February 23, 2014 at 12:41:14

Hi John,
Again been away for a bit, however downloaded RougueKiller and ran it. It appeared to run a lot quicker this time and I dont think produced as many errors?? However You be that judge of that one. Below is a copy of the report it produced, I did this time remove all peripherals and usb connections prior to running, so hope all is ok this time?
I.E seems to be running a bit better (a lot better) but still takes a fair time to let me open up things , although I can actually get into I.E much easier now?
Again John Thanks you so much.
Ian.H

RogueKiller V8.8.8 [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Ian [Admin rights]
Mode : Remove -- Date : 02/23/2014 20:26:10
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] IAT @explorer.exe (CloseServiceHandle) : ADVAPI32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F8F2110)
[Inline] IAT @explorer.exe (OpenServiceW) : ADVAPI32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F8F1FAB)
[Inline] IAT @explorer.exe (TerminateThread) : KERNEL32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F8F1C9C)
[Inline] EAT @explorer.exe (NtCreateProcess) : ntdll.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F91E630)
[Inline] EAT @explorer.exe (NtCreateProcessEx) : ntdll.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F91E560)
[Inline] EAT @explorer.exe (NtCreateUserProcess) : ntdll.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F91E5C0)
[Inline] EAT @explorer.exe (ZwCreateProcess) : ntdll.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F91E630)
[Inline] EAT @explorer.exe (ZwCreateProcessEx) : ntdll.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F91E560)
[Inline] EAT @explorer.exe (ZwCreateUserProcess) : ntdll.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F91E5C0)
[Inline] EAT @explorer.exe (CopyFileExW) : kernel32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F8F34A9)
[Inline] EAT @explorer.exe (CreateDirectoryExW) : kernel32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F8F3383)
[Inline] EAT @explorer.exe (CreateDirectoryW) : kernel32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F8F3266)
[Inline] EAT @explorer.exe (CreateMutexExW) : kernel32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F8F2C42)
[Inline] EAT @explorer.exe (CreateRemoteThread) : kernel32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F8F2791)
[Inline] EAT @explorer.exe (GetFileSizeEx) : kernel32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F8F3973)
[Inline] EAT @explorer.exe (OpenMutexA) : kernel32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F8F2ACF)
[Inline] EAT @explorer.exe (OpenMutexW) : kernel32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F8F29AB)
[Inline] EAT @explorer.exe (TerminateThread) : kernel32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F8F1C9C)
[Inline] EAT @explorer.exe (WriteProcessMemory) : kernel32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F8F2D71)
[Inline] EAT @explorer.exe (CloseServiceHandle) : ADVAPI32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F8F2110)
[Inline] EAT @explorer.exe (ControlService) : ADVAPI32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F8F1FC2)
[Inline] EAT @explorer.exe (CreateServiceA) : ADVAPI32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F8F253D)
[Inline] EAT @explorer.exe (CreateServiceW) : ADVAPI32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F8F2572)
[Inline] EAT @explorer.exe (OpenServiceA) : ADVAPI32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F8F1F94)
[Inline] EAT @explorer.exe (OpenServiceW) : ADVAPI32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F8F1FAB)
[Inline] EAT @explorer.exe (SetWindowsHookExA) : USER32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F8F1E47)
[Inline] EAT @explorer.exe (SetWindowsHookExW) : USER32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F8F1E63)
[Inline] EAT @explorer.exe (recv) : WS2_32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F8F25A7)
[Inline] EAT @explorer.exe (send) : WS2_32.dll -> HOOKED (c:\program files\f-secure\apps\computersecurity\hips\fshook32.dll @ 0x5F8F269C)
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35AB6366)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35AB6366)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35AB6366)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD50 00AACS-00ZUB SCSI Disk Device +++++
--- User ---
[MBR] ae0b0062449143846e5e3bbf7e67874a
[BSP] 7b28f606b51c23d51a595d374a5f7156 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 456456 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 934822350 | Size: 20481 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

Finished : << RKreport[0]_D_02232014_202610.txt >>
RKreport[0]_D_02122014_195520.txt;RKreport[0]_S_02122014_194728.txt;RKreport[0]_S_02232014_195900.txt
RKreport[0]_S_02232014_200148.txt;RKreport[0]_S_02232014_202529.txt


Report •

#41
February 23, 2014 at 12:50:56

Hi Ian, it's those Hooked entries that are still causing problems.

Lets remove these programs that were part of the cause of all of this.

If you want safe replacements of them, let me know.

1: Download & run IObit Uninstaller. Uninstall > CleanMyPC, DriverCure & RegClean Pro.
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.freewarefiles.com/IObit-...
http://www.majorgeeks.com/files/det...
http://www.iobit.com/advanceduninst...
Do a Standard Uninstall & then the Powerfull Scan to remove all the lurking bits.
http://i.imgur.com/olyCkcJ.gif
http://i.imgur.com/cKc5Chi.gif

2: I use these on every comp I work on, every day.
Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://i.imgur.com/JZLYOLf.gif
http://i.imgur.com/4kfaeGW.gif

3: Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/wiseregi...
http://i.imgur.com/Qy7HWcA.gif

Download Security Check by screen317 from one of the following links and save it to your Desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.


Report •

#42
February 24, 2014 at 04:51:25

Hi Johnw,
An update for you with I suppose 90% success first of all:
Downloaded and ran IObit Uninstaller found Clean my Pc and uninstalled ok used the Power Scan option to remove threads ect.
I could not find at all DriverCure? nor could I find RegCleanPro (I know I did have that at one time) However I took a chance and went into RegEdit and did a find and located a folder for Reg Clean this had no content ? so I took a chance and deleted it. I have still not located DriverCure dont recognise that at all?

I downloaded and ran Wise Disc Cleaner, it found 3914 files of 415 MB also found 5046 traces (all in Common Cleaner) duly deleted.

Advance Cleaner: 131files found a total of 12.4 MB duly deleted

Slimming Down : 11 items of which I got rid of 9.

..................................................

Wise Reg Cleaner: Total of 216 problems 44 of them unsafe, I could remove all but 3.
ie: 1. Activex/com 7 problems recommended to ignore
2. Firewall settings 4 problems recommended to ignore
3. Uninstaller (poss IO uninstaller newly downloaded) 33 probs recom to ignore


Download Security Check.....and here we have a problem? it will not let me into it.
it says website declined to show this webpage?? Should I sut down my Av's and Firewall do you think these are blocking?

Hope you ok with this John let me know.
Best Regards Ian.H


Report •

#43
February 24, 2014 at 05:00:04

"it says website declined to show this webpage??"
What browser Ian?

Report •

#44
February 24, 2014 at 05:03:34

"I could remove all but 3"
That's normal Ian, the number could be anything, the default settings have auto determined how many not to remove..

Report •

#45
February 24, 2014 at 05:21:03

"Download Security Check..."

I have zipped it up, uploaded it & called it Ian.
http://www.load.to/olaT4zkyBb/Ian.zip


Report •

#46
February 24, 2014 at 06:38:39

John, you are a clever chap,
If you are still up 10:36 your time?.....If not dont worry alway another day?
Anyway here are the results:

Results of screen317's Security Check version 0.99.73
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Disabled!
AVG Internet Security 2014
Computer Security
Antivirus up to date!
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Malwarebytes Anti-Malware version 1.75.0.1300
Wise Disk Cleaner 8.04
Wise Registry Cleaner 7.94
Java(TM) 6 Update 33
Java 7 Update 51
[color=red][b]Java version out of Date![/b][/color]
Adobe Flash Player 12.0.0.70
Adobe Reader 8
Adobe Reader XI
Mozilla Firefox (27.0)
Google Chrome 32.0.1700.102
Google Chrome 32.0.1700.107
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
F-Secure apps ComputerSecurity Anti-Virus\FSGK32.EXE
F-Secure apps ComputerSecurity Anti-Virus\fssm32.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: 1 %
[b][u]````````````````````End of Log``````````````````````[/b][/u]

Are we heading in the right direction?
Regards Ian.H


Report •

#47
February 24, 2014 at 14:44:46

Still need to know the answer to my post #43.

I see you have 3 browsers installed, which is fine, did you try the download in all 3?


Report •

#48
February 26, 2014 at 03:14:59

Hi Johnw, my apologies in my mind I thought I had answered, oop's

Re - #43 I used I.E 9
(the only other browser is Mozilla Firefox). Did not try this. But did you not take care of this "see #45"?
Do you want me to download Security Check using Mozilla and run it?

message edited by ihsc24909


Report •

#49
February 26, 2014 at 04:04:28

"it says website declined to show this webpage??"
That is not normal.

The point of the exercise is to work out if it only happens in IE9.

If you get the same message using Firefox, that then provides a clue in what direction to head.


Report •

#50
February 26, 2014 at 06:05:54

John I retried the security run again downloading it from Mozilla. Again it said this was a harfull site but I assumed this was A/V Firewall not recognising and doing its job?
John I know its getting late where you are so remember tomorrow is another day.
Again my sincere thanks
The log is shown below

Results of screen317's Security Check version 0.99.79
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Disabled!
AVG Internet Security 2014
Computer Security
Antivirus up to date!
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Malwarebytes Anti-Malware version 1.75.0.1300
Wise Disk Cleaner 8.04
Wise Registry Cleaner 7.94
Java(TM) 6 Update 33
Java 7 Update 51
Adobe Flash Player 12.0.0.70
Adobe Reader 8
Adobe Reader XI
Mozilla Firefox (27.0)
Google Chrome 32.0.1700.102
Google Chrome 32.0.1700.107
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
F-Secure apps ComputerSecurity Anti-Virus\FSGK32.EXE
F-Secure apps ComputerSecurity Anti-Virus\fssm32.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: 1 %
[b][u]````````````````````End of Log``````````````````````[/b][/u]

Report •

#51
February 26, 2014 at 08:51:26

Hi John,Just to let you know I ran malwarebytes and have supplied the mbam log for your perusal. I think things are begining to look better?
Hope you slept well, here from you at some point.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.20.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Ian :: IAN-PC [administrator]

26/02/2014 15:37:42
mbam-log-2014-02-26 (15-37-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246984
Time elapsed: 13 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Best Regards
Ian.H


Report •

#52
February 26, 2014 at 12:28:37

I'm up early Ian, need to be out early.

"was a harfull site but I assumed this was A/V Firewall not recognising and doing its job?"
Yep, that's because it is an exe, normally a small window pops up somewhere asking for permission.

"F-Secure apps ComputerSecurity Anti-Virus\FSGK32.EXE
F-Secure apps ComputerSecurity Anti-Virus\fssm32.exe"
You need to remove the above, use their tool ( it will dig deeper than just those 2 files ) & then double check it is gone by running screen317's Security Check again.
F-Secure Uninstallation Tool
http://www.freewarefiles.com/F-Secu...
http://www.softpedia.com/get/Tweak/...
http://www.bleepingcomputer.com/dow...


Report •

#53
March 2, 2014 at 09:31:15

Hi John,
Hope you are well and sorry for the slow response "been away for a few days.
I have done as you asked in our last communication #52 downloaded and ran the
F-Secure Uninstallation Tool which removed my antivirus F-Secure. I still have AVG full version on trial so I am still covered. The result of running the security check 317 is as follows and hope it is ok and progressing well. I have to say my I.E. is running a lot better.

Results of screen317's Security Check version 0.99.79
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Disabled!
AVG Internet Security 2014
Antivirus up to date!
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Malwarebytes Anti-Malware version 1.75.0.1300
Wise Disk Cleaner 8.04
Wise Registry Cleaner 7.94
Java(TM) 6 Update 33
Java 7 Update 51
Adobe Flash Player 12.0.0.70
Adobe Reader 8
Adobe Reader XI
Mozilla Firefox (27.0)
Google Chrome 32.0.1700.102
Google Chrome 32.0.1700.107
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: 2 % [color=red][b]Defragment your hard drive soon! (Do NOT defrag if SSD!)[/b][/color]
[b][u]````````````````````End of Log``````````````````````[/b][/u]

Thanks again John mate and hear from you at some point.

Ian


Report •

#54
March 2, 2014 at 13:59:46

Quite a bit to still do Ian, I am just going to go through things slowly.

Internet Explorer 9
Internet Explorer 8
Uninstall the version you are not using from Control Panel ( Not IObit Uninstaller )

Java(TM) 6 Update 33
Java 7 Update 51
If you don't need Java uninstall it. If you know you have a program using Java, it will squawk & tell you that it needs Java. You then let me know what the program is & I will give you a FREE alternative.

message edited by Johnw


Report •

#55
March 2, 2014 at 15:33:27

Hi John
will try this tomorrow I seem to think I tried to remove I.E 8 when I installed 9 but for some reasoning would not let me? but will try and find and remove v8 if I can't then will try and get rid of V9? will be back soon?
Best Regards

Ian


Report •

#56
March 2, 2014 at 15:43:43

ihsc24909

I'm not following this long thread in detail but you normally uninstall a version of IE to go back to whatever version you had before. If you currently have IE9 it will not let you remove IE8, even though it is still lurking there.

Always pop back and let us know the outcome - thanks


Report •

#57
March 2, 2014 at 16:05:20

Thanks Derek, I am just putting the product number into a reinstall of Vista in a laptop, for one of our singers.

Shall install IE9 & see what it does.


Report •

#58
March 2, 2014 at 21:45:35

"If you currently have IE9 it will not let you remove IE8, even though it is still lurking there"

You are right Derek, it is not available for uninstalling, but when I ran screen317's Security Check, it was there lurking.

This is after installing SP1 & 2, plus a small amount of updates.
http://i.imgur.com/92WuUNW.gif

message edited by Johnw


Report •

#59
March 3, 2014 at 09:02:03

EDIT: Intended for John (mainly).

I've not examined this in depth but my understanding is that Vista comes with IE7. If you then install IE8 and later IE9 you can if you wish uninstall IE9 then IE8 and go back to IE7 (not recommended obviously). That seems to imply that it is normal for all previous IE versions to remain lurking, at least in part.

Err.. hope I haven't missed the point about what you are saying.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#60
March 3, 2014 at 09:27:11

Hi John,You be well tucked up by this time but, maybe good breakfast reading??

Re #54 I have now deleted the two Java files as requested. I have also uninstalled Google Chrome as I normaly use Google Desktop.
But a bit confused as to what I should do Regarding the Internet Explorer scenario. I am running I.E.9 with as you say 8 lurking in the background, what would you like me to do? Should I get rid of I.E.9 and use the older version 8? (see #55 / 58).
I ran the security check again and is the same as before with the exception Java gone,
as you would expect.
Regards Ian
.


Report •

#61
March 3, 2014 at 09:43:49

Hi Derek,
Nice to know you still out there, I take it that your comments on #59 were meant for John. I am just a bit confused as to whats next? You are probably (more than probably correct) Vista came with I.E 7?? (cant remember) Anyway see what John has in store for me when he is available.

Best Regards
Ian.H
PS: As I said to John its been a great learning curve for me thanks to you guys. Just wished I had some of your knowledge.


Report •

#62
March 3, 2014 at 11:33:23

"Re #54 I have now deleted the two Java files as requested"
Run Javara to double check if it's all gone Ian.
To remove old and redundant versions of the Java Runtime Environment:
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://singularlabs.com/software/ja...

"But a bit confused as to what I should do Regarding the Internet Explorer scenario"
Nothing.

"I still have AVG full version on trial so I am still covered"
Ian, I would uninstall AVG trial & use the Free one I use.
http://www.avg.com/us-en/utilities

Microsoft Security Essentials ( MSE )
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.microsoft.com/security_e...
http://www.microsoft.com/security_e...
Can Microsoft Security Essentials ( MSE ) protect me from online banking and shopping.
http://answers.microsoft.com/en-us/...

Back to bed for me.


Report •

#63
March 3, 2014 at 12:55:24

Johnw
Re- #62 I downloaded Javara from "singularlabs" and not sure what it did other than said run succesfully?

I downgraded from the full version AVG to the free one, ok?

I downloaded "Microsoft Security Essentials" but did not continue with it as it wanted to remove any other AV & Antispy. Are you sure you want me to run this considering you advised to run with AVG free?
I think I had this on my PC a while ago because it seemed to affect my start up and close down time dramatically. Maybe a figment of my immagination or even maybe the start of the troubles, what do you think John.
Hope you slept well


Report •

#64
March 3, 2014 at 13:54:15

"I downgraded from the full version AVG to the free one, ok?"
Yep, keep that.

Download the latest version of RogueKiller & run again.


Report •

#65
March 4, 2014 at 03:28:00

John,
After pre-scan and then scan nothing was shown to be fixed or deleted or?
The new download log of RogueKiller showed as follows:

RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Ian [Admin rights]
Mode : Scan -- Date : 03/04/2014 09:54:46
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35BF7766)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35BF7766)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35BF7766)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD50 00AACS-00ZUB SCSI Disk Device +++++
--- User ---
[MBR] ae0b0062449143846e5e3bbf7e67874a
[BSP] 7b28f606b51c23d51a595d374a5f7156 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 456456 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 934822350 | Size: 20481 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

Finished : << RKreport[0]_S_03042014_095446.txt >>

Are we getting there?
Regards Ian



Report •

#66
March 4, 2014 at 03:32:39

John, my mistake there were items to be deleted and fixed. I just did not look at the various tabs...idiot?
I have fixed them and will run a scan and look at the report again

Ian


Report •

#67
March 4, 2014 at 06:30:40

John,
I re-ran RogueKiller and checked the various tabs, I deleted what I could and did a fix on those to be fixed? I noticed it produces several reports all around the same time. Below are copy's of two, the others look identical so no use supplying them?
Could the various report be generated as I go through the tabs fixing them?
What is MBR although reported nothing to fix or delete?
Its about bed time over there so have a good one

RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Ian [Admin rights]
Mode : Scan -- Date : 03/04/2014 14:03:04
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35BF7766)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35BF7766)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35BF7766)
[Inline] EAT @iexplore.exe (NtMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x719F0022)
[Inline] EAT @iexplore.exe (ZwMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x719F0022)
[Inline] EAT @iexplore.exe (CoCreateInstanceEx) : ole32.dll -> HOOKED (Unknown @ 0x717D0022)
[Inline] EAT @iexplore.exe (GetAddrInfoExW) : WS2_32.dll -> HOOKED (Unknown @ 0x71120022)
[Inline] EAT @iexplore.exe (connect) : WS2_32.dll -> HOOKED (Unknown @ 0x710D0022)
[Inline] EAT @iexplore.exe (getaddrinfo) : WS2_32.dll -> HOOKED (Unknown @ 0x71080022)
[Address] IAT @iexplore.exe (SHGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x6F7B4927)
[Address] IAT @iexplore.exe (SHRegGetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x6F7B4984)
[Address] IAT @iexplore.exe (SHSetValueW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x6F7D2BC2)
[Address] IAT @iexplore.exe (PathIsURLW) : SHLWAPI.dll -> HOOKED (C:\Program Files\Internet Explorer\IEShims.dll @ 0x6F7BFA79)
[Inline] EAT @iexplore.exe (NtMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x719F0022)
[Inline] EAT @iexplore.exe (ZwMapViewOfSection) : ntdll.dll -> HOOKED (Unknown @ 0x719F0022)
[Inline] EAT @iexplore.exe (CoCreateInstanceEx) : ole32.dll -> HOOKED (Unknown @ 0x717B0022)
[Inline] EAT @iexplore.exe (GetAddrInfoExW) : WS2_32.dll -> HOOKED (Unknown @ 0x71100022)
[Inline] EAT @iexplore.exe (connect) : WS2_32.dll -> HOOKED (Unknown @ 0x710B0022)
[Inline] EAT @iexplore.exe (getaddrinfo) : WS2_32.dll -> HOOKED (Unknown @ 0x71060022)
[Inline] EAT @iexplore.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35BF7766)
[Inline] EAT @iexplore.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35BF7766)
[Inline] EAT @iexplore.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35BF7766)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD50 00AACS-00ZUB SCSI Disk Device +++++
--- User ---
[MBR] ae0b0062449143846e5e3bbf7e67874a
[BSP] 7b28f606b51c23d51a595d374a5f7156 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 456456 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 934822350 | Size: 20481 Mo
User = LL1 ... OK!


RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Ian [Admin rights]
Mode : ProxyFix -- Date : 03/04/2014 14:08:20
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[0]_PR_03042014_140820.txt >>
RKreport[0]_D_03042014_140742.txt;RKreport[0]_H_03042014_140812.txt;RKreport[0]_S_03042014_140304.txt


Report •

#68
March 4, 2014 at 11:54:44

"did a fix on those to be fixed?"
Ian, none or your reports show anything to be fixed. Only do as listed.

1: Make sure RogueKiller is on your Desktop

2: Quit all programs that you may have started.

3: Shutdown your antivirus to avoid any conflicts.

4: Please disconnect any USB or external drives from the computer before you run this scan!

After Prescan

1: Click Scan

2: Click the Driver tab

3: Click Delete

4: Give me the final report.

message edited by Johnw


Report •

#69
March 5, 2014 at 05:02:21

Hi John,
I guess its your evening time now? so you probably relaxing??
I have re run RougeKiller according to your instructions and given the report, see below. Hope its correct this time, and now for a spot of lunch.

RogueKiller V8.8.10 [Feb 28 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/rog...
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Ian [Admin rights]
Mode : Remove -- Date : 03/05/2014 12:52:04
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35843C66)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35843C66)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35843C66)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD50 00AACS-00ZUB SCSI Disk Device +++++
--- User ---
[MBR] ae0b0062449143846e5e3bbf7e67874a
[BSP] 7b28f606b51c23d51a595d374a5f7156 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 456456 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 934822350 | Size: 20481 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

Finished : << RKreport[0]_D_03052014_125203.txt >>
RKreport[0]_S_03052014_125104.txt


Report •

#70
March 5, 2014 at 05:35:29

Still got those Hooked files Ian.

1. Download ZHPDiag from one of these links. Copy & Paste the contents of the log into your next reply.
http://en.kioskea.net/download/diag...
http://en.kioskea.net/download/down...
http://telechargement.zebulon.fr/te...
Screenshots ( SS ) How to install.
http://i.imgur.com/bzQcspa.gif
http://i.imgur.com/Hs29C2s.gif
http://i.imgur.com/BTjebOK.gif
http://i.imgur.com/87sQnNO.gif
http://i.imgur.com/z0YGy5b.gif
http://i.imgur.com/lU7mHna.gif
http://i.imgur.com/o0dE8Lz.gif

(Don't be alarmed if the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message.)

2. Save the file on your Desktop.

3. Double click on ZHPDiag.exe and follow the installation instructions.

(For Vista and Win 7 users, click right to ensure you execute with admin right)

The tool creates two icons ZHPDiag and ZHPFix.

4. Double click on the short cut ZHPDiag on your Destktop.

5. If you need to change the language, click on the little house, (bottom right) and change to English.

6. Click on the "Configure" button.

7. Click on the Magnifying glass "Default diagnosis with legitimate".

8. Click on "Search" and answer yes if a message appears.

Wait for the tool to finished (maybe a long time) A ZHPDiag log will be on the Desktop.

9. Close ZHPDiag.


Report •

#71
March 5, 2014 at 06:22:53

Hi John,
I stoped my A.V and Firewall and ran as per your instructions. It took no time at all to complete, huge log follows:-

Log is too big for one entry do will try and break it up on several ?

~ Report of ZHPDiag v2014.3.2.6 - Nicolas Coolman (03/03/2014)
~ Launched by Ian (05/03/2014 14:07:35)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps...
~ Translated by
~ Version State :
~ White List : Deactivate by user
~ Elevation of privilege : OK
~ User Account Control : Activate by user


---\\ Internet browsers
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
MFIE: Mozilla Firefox 27.0

---\\ Windows product information
~ Langage: Anglais
Windows Vista (TM) Home Premium, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows Automatic Updates : OK

---\\ System protection software
AVG 2014 v14.0.3705
Malwarebytes Anti-Malware version 1.75.0.1300
Trusteer Endpoint Protection v3.5.1304.48
ESET Online Scanner v3

---\\ System optimization software

---\\ Sharing software PeerToPeer

---\\ Surveillance software
Adobe Flash Player 12 Plugin
Adobe Reader XI

---\\ Information on the system
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046.6 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 340 GB (76%) free of 446 GB

---\\ Connection to the system mode
~ Computer Name: IAN-PC
~ User Name: Ian
~ All Users Names: UpdatusUser, Ian, Guest, Administrator,
~ Unselected Option: None
Logged in as Administrator

---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\Ian\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Ian\AppData\Roaming\
~ %Desktop% : C:\Users\Ian\Desktop\
~ %Favorites% : C:\Users\Ian\Favorites\
~ %LocalAppData% : C:\Users\Ian\AppData\Local\
~ %StartMenu% : C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 340 Go of 446 Go)
D: Hard drive, Flash drive, Thumb drive (Free 13 Go of 20 Go)
E: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)

---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: 49 Scanned in 00mn 00s

---\\ Search Generic System Files
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Windows Explorer.) (.11/04/2009 - 06:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Windows Start-Up Application.) (.19/01/2008 - 07:33:37.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.679EAED8E703235BA81AA2E58F4E2D16] - (.Microsoft Corporation - Internet Extensions for Win32.) (.05/02/2014 - 08:50:39.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Windows Logon Application.) (.11/04/2009 - 06:28:13.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 13:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 06:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 05:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 04:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 14:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 04:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - i8042 Port Driver.) (.19/01/2008 - 05:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 05:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 13:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 04:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - NT File System Driver.) (.03/03/2013 - 19:07:52.) -- C:\Windows\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Parallel Port Driver.) (.02/11/2006 - 08:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 05:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 09:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 04:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 04:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.21/08/2012 - 11:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s

---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/83
~ Mes Videos (My Videos) : 1/4
~ Mes Favoris (My Favorites) : 1/79
~ Mes Documents (My Documents) : 2/194
~ Mon Bureau (My Desktop) : 0/26
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 00s

---\\ Process running
[MD5.AD1D6D9736F109DBDBA254C0C74FA554] - (.Bitberry Software - Bitberry Software Update Checker.) -- C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe [1545592] [PID.2948]
[MD5.9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F] - (.Google - Google Desktop.) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192] [PID.3108]
[MD5.BB9ACD507A735FA9FE524FCE0AEBB493] - (.Trusteer Ltd. - RapportService.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe [2484504] [PID.3260]
[MD5.E6080D3F7BCA2498A5DE46E221394CB3] - (.Creative Technology Ltd - CTLVCentral3.exe.) -- C:\Program Files\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe [503969] [PID.3404]
[MD5.60F3CCC045AE48B2736D042714DF445E] - (.Microsoft Corporation - IType.exe.) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe [1442888] [PID.4128]
[MD5.7CEB241A5A11F4B49C7C3F3B68E31228] - (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1406024] [PID.4176]
[MD5.DF9696309B85201A20D165145995F0D7] - (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10959464] [PID.4296]
[MD5.47C9EF1600EDD9EBD8155EB6B5206B6B] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821984] [PID.4344]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.4552]
[MD5.16EE5FC85A65296FFFC4BA8BDDDD0933] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe [4962320] [PID.4640]
[MD5.C2CE8F6754BFB1C138F1E99D814160F6] - (.Microsoft Corporation - dpupdchk.exe.) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe [447560] [PID.2024]
[MD5.492DC8B4FEC81DDBE40CE98D1B013CD3] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe [841096] [PID.2712]
[MD5.66EA3B698F9A7EA2DBF0E4B246B6C958] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8349696] [PID.868]
[MD5.AAB5D06A40C99D8E2737B3EF931A9E16] - (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Service.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe [729616] [PID.3200]
[MD5.1142C6B381C692FD0CD321D094C13896] - (.AVG Technologies CZ, s.r.o. - AVG Scanning Core Module - Server Part.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe [591888] [PID.3256]
[MD5.E4284FCF99FEA13A7E1836F87AE356F6] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 311.0.) -- C:\Windows\system32\nvvsvc.exe [639776] [PID.4300]
[MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.4324]
[MD5.FC0BF82B3968F1D8CD13B3F721668193] - (.Trusteer Ltd. - RapportMgmtService.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120] [PID.4460]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Microsoft Software Licensing Service.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.5132]
[MD5.8619BE54EC51A74A2C3F82B313AB445E] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [873248] [PID.1428]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.2844]
[MD5.A1545B731579895D8CC44FC0481C1192] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\Windows\System32\alg.exe [59392] [PID.3020]
[MD5.45982902C522F1883A2B403844CA9B07] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe [3788816] [PID.3196]
[MD5.B747B6BB015E552F49C634BB19540F3D] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008] [PID.3284]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.4076]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.4232]
[MD5.6D4028D458EAAA1782099750790DC8C9] - (.Nero AG - Nero BackItUp.) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [853288] [PID.4320]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.4840]
[MD5.17E0BEF5CA5C9CE52CC8082AC6EBC449] - (.No owner - RichVideo Module.) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024] [PID.5000]
[MD5.9B5C2E057324B1B215B20DECCD400B6D] - (.Radialpoint SafeCare Inc. - No Comment.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe [10294584] [PID.5392]
[MD5.8D0494ED7595C293FD78362B7207D492] - (.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe [892944] [PID.6096]
[MD5.9A280422ADC9F517EC5AD6B6A3DB5CC1] - (.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe [680976] [PID.6136]
[MD5.5A0C788C5BC5F2C993CB60940ADCF95E] - (.X10 - X10 Module.) -- C:\Program Files\Common Files\X10\Common\X10nets.exe [20480] [PID.5772]
~ Processes Running: Scanned in 00mn 01s

---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://www.google.com
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Store v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [booedmolknjekdopkepjjeckmjkdpfgl] Extutil v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [eemcgdkfndhakfknompkggombfjjjeno] Bookmark Manager v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [ennkphjdgehloodpbhlhldgbnhmacadg] Settings v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [idhngdhcfkoamngbedgpaokgjbnpdiji] RealDownloader v.1.3.3 (Désactivé)
G2 - GCE: Preference [User Data\Default] [lifbcibllhkdhoafpjfnlhfpfgnpldfl] Skype Click to Call v.6.13.0.13771, (Désactivé)
G2 - GCE: Preference [User Data\Default] [lmmhpfbhngkongobaoibpmnijjokabmj] Radialpoint SPD Extension v.1.0 (Désactivé)
G2 - GCE: Preference [User Data\Default] [mfehgcgbbipciphmccgaenjidiccnmng] Cloud Print v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [mgndgikekgjfcpckkfioiadnlibdjbkf] Chrome v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.0 (Activé)
~ Google Browser: 15 Scanned in 00mn 01s

---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\hg116lbd.default\prefs.js
C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\hg116lbd.default\user.js
M3 - MFPP: Plugins - [Ian] -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\hg116lbd.default\searchplugins\inbox-search.xml
M2 - MFEP: prefs.js [Ian - hg116lbd.default\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com] [] Plus-HD-2.3 v (..) =>Adware.PlusHD
M2 - MFEP: prefs.js [Ian - hg116lbd.default\{7ffa5f54-1c4f-46de-8576-c271a0dd482f}] [] Gamesbar v3.2.0.37 (..) =>Adware.GamesBar
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll
P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 12.0.7.148.) -- C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.20913.0.) -- c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@nvidia.com/3DVision] - (.NVIDIA Corporation - NVIDIA 3D Vision plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
P2 - FPN: [HKLM] [@nvidia.com/3DVisionStreaming] - (.NVIDIA Corporation - NVIDIA 3D Vision Streaming plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
P2 - FPN: [HKLM] [@oberon-media.com/ONCAdapter] - (.Oberon-Media - npapicomadapter.) -- C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
P2 - FPN: [HKLM] [@radialpoint.com/SPA,version=1] - (.Virgin Media - No Comment.) -- C:\Program Files\Virgin Media\Service Manager\nprpspa.dll
P2 - FPN: [HKLM] [@real.com/nppl3260;version=16.0.3.51] - (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- c:\program files\real\realplayer\Netscape6\nppl3260.dll
P2 - FPN: [HKLM] [@real.com/nprndlchromebrowserrecordext;version=1.3.3] - (.RealNetworks, Inc. - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In.) -- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
P2 - FPN: [HKLM] [@real.com/nprndlhtml5videoshim;version=1.3.3] - (.RealNetworks, Inc. - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In.) -- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
P2 - FPN: [HKLM] [@real.com/nprndlpepperflashvideoshim;version=1.3.3] - (.RealNetworks, Inc. - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In.) -- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
P2 - FPN: [HKLM] [@real.com/nprpchromebrowserrecordext;version=15.0.6.14] - (.RealNetworks, Inc. - RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
P2 - FPN: [HKLM] [@real.com/nprphtml5videoshim;version=15.0.6.14] - (.RealNetworks, Inc. - RealPlayer(tm) HTML5VideoShim Plug-In.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
P2 - FPN: [HKLM] [@real.com/nprpplugin;version=16.0.3.51] - (.RealPlayer - RealPlayer Download Plugin.) -- c:\program files\real\realplayer\Netscape6\nprpplugin.dll
P2 - FPN: [HKLM] [@realnetworks.com/npdlplugin;version=1] - (.RealDownloader - RealDownloader Plugin.) -- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll
P2 - FPN: [HKLM] [@TrendMicro.com/FFExtension] - (...) -- C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (.not file.)
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.05.) -- C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
~ Firefox Browser: 23 Scanned in 00mn 00s


Report •

#72
March 5, 2014 at 06:24:26

John
2nd Part
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 11.0.05.) (No version) -- (.not file.)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
~ IE Browser: 12 Scanned in 00mn 00s

---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s

---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19

---\\ Browser Helper Objects (O2)
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} . (.IObit - Uninstall for explorer.) -- C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll =>Trojan.Trojan.FindFDSearch
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
~ BHO: 6 Scanned in 00mn 00s

---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Orphan key
~ Toolbar: Scanned in 00mn 00s

---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Adobe Reader XI.lnk . (.Adobe Systems Incorporated - Adobe Reader.) -- C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
O4 - GS\Desktop [Public]: AVG 2014.lnk . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe
O4 - GS\Desktop [Public]: HP Solution Center.lnk . (.Hewlett-Packard Company - hpqdirec.exe.) -- C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe
O4 - GS\Desktop [Public]: IObit Uninstaller.lnk . (.IObit - Uninstall Programs.) -- C:\Program Files\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
O4 - GS\Desktop [Public]: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: PhotoImpact 12.lnk . (.Ulead Systems, Inc. - PhotoImpact Launcher.) -- C:\Program Files\Ulead Systems\Ulead PhotoImpact 12\Iedit.exe
O4 - GS\Desktop [Public]: QuickTime Player.lnk . (.Apple Inc. - QuickTime Player.) -- C:\Program Files\QuickTime\QuickTimePlayer.exe =>.Apple Inc
O4 - GS\Desktop [Public]: RealPlayer.lnk . (.RealNetworks, Inc. - RealPlayer.) -- C:\Program Files\Real\RealPlayer\realplay.exe
O4 - GS\Desktop [Public]: Skype.lnk . (...) -- C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
O4 - GS\Desktop [Public]: Walgreens PictureMover.lnk . (.Hewlett-Packard Company - PictureMover Application.) -- C:\Program Files\Walgreens PictureMover\Bin\PictureMover.exe
O4 - GS\Desktop [Public]: Wise Disk Cleaner.lnk . (.WiseCleaner.com - Wise Disk Cleaner.) -- C:\Program Files\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe
O4 - GS\Desktop [Public]: Wise Registry Cleaner.lnk . (.WiseCleaner.com - Wise Registry Cleaner.) -- C:\Program Files\Wise\Wise Registry Cleaner\WiseRegCleaner.exe
O4 - GS\Program [Public]: Adobe Reader XI.lnk . (...) -- C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
O4 - GS\Program [Public]: Apple Software Update.lnk . (...) -- C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe =>.Apple Inc
O4 - GS\Program [Public]: I.R.I.S. OCR Registration.lnk . (.I.R.I.S. SA - Registration Wizard for I.R.I.S. products.) -- C:\Program Files\HP\Digital Imaging\DocProc\regipe.exe
O4 - GS\Program [Public]: Media Center.lnk . (.Microsoft Corporation - Media Center.) -- C:\Windows\ehome\ehshell.exe
O4 - GS\Program [Public]: Microsoft Office PowerPoint Viewer 2007.lnk . (...) -- C:\Windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe =>.Microsoft Corporation
O4 - GS\Program [Public]: Microsoft Works Task Launcher.lnk . (.Microsoft® Corporation - Microsoft® Works.) -- C:\Program Files\Microsoft Works\MSWorks.exe =>.Microsoft Corporation
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Windows Calendar.lnk . (.Microsoft Corporation - Windows Calendar.) -- C:\Program Files\Windows Calendar\WinCal.exe
O4 - GS\Program [Public]: Windows Collaboration.lnk . (.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe =>.Microsoft Corporation
O4 - GS\Program [Public]: Windows Contacts.lnk . (.Microsoft Corporation - Windows Contacts.) -- C:\Program Files\Windows Mail\wab.exe =>.Microsoft Corporation
O4 - GS\Program [Public]: Windows Defender.lnk . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - GS\Program [Public]: Windows DVD Maker.lnk . (.Microsoft Corporation - Windows DVD Maker.) -- C:\Program Files\Movie Maker\DVDMaker.exe
O4 - GS\Program [Public]: Windows Live.lnk - Orphan key
O4 - GS\Program [Public]: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation
O4 - GS\Program [Public]: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\MOVIEMK.exe =>.Microsoft Corporation
O4 - GS\Program [Public]: Windows Photo Gallery.lnk . (.Microsoft Corporation - Windows Photo Gallery.) -- C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe
O4 - GS\Accessories [Public]: Calculator.lnk . (.Microsoft Corporation - Windows Calculator.) -- C:\Windows\System32\calc.exe
O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Windows Mobility Center.) -- C:\Windows\System32\mblctr.exe
O4 - GS\Accessories [Public]: NetworkProjection.lnk . (.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\System32\NetProj.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) -- C:\Windows\System32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) -- C:\Windows\System32\mstsc.exe
O4 - GS\Accessories [Public]: Sidebar.lnk . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) -- C:\Windows\System32\SnippingTool.exe
O4 - GS\Accessories [Public]: Sound Recorder.lnk . (.Microsoft Corporation - Windows Sound Recorder.) -- C:\Windows\System32\SoundRecorder.exe
O4 - GS\Accessories [Public]: Sync Center.lnk . (.Microsoft Corporation - Microsoft Sync Center.) -- C:\Windows\System32\mobsync.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Welcome Center.lnk . (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
O4 - GS\SystemTools [Public]: Backup.lnk . (.Microsoft Corporation - Microsoft® Windows Backup.) -- C:\Windows\System32\sdclt.exe
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) -- C:\Windows\System32\charmap.exe
O4 - GS\SystemTools [Public]: dfrgui.lnk . (.Microsoft Corporation - Microsoft® Disk Defragmenter.) -- C:\Windows\System32\dfrgui.exe
O4 - GS\SystemTools [Public]: Disk Cleanup.lnk . (.Microsoft Corporation - Disk Space Cleanup Manager for Windows.) -- C:\Windows\System32\cleanmgr.exe
O4 - GS\SystemTools [Public]: migwiz.lnk . (.Microsoft Corporation - Windows Easy Transfer.) -- C:\Windows\System32\migwiz\migwiz.exe
O4 - GS\SystemTools [Public]: System Information.lnk . (.Microsoft Corporation - System Information.) -- C:\Windows\System32\msinfo32.exe
O4 - GS\SystemTools [Public]: System Restore.lnk . (.Microsoft Corporation - Microsoft® Windows System Restore.) -- C:\Windows\System32\rstrui.exe
O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (...) -- C:\Windows\System32\taskschd.msc
O4 - GS\Accessories [UpdatusUser]: Command Prompt.lnk . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\cmd.exe
O4 - GS\Accessories [UpdatusUser]: Notepad.lnk . (.Microsoft Corporation - Notepad.) -- C:\Windows\System32\notepad.exe
O4 - GS\Accessories [UpdatusUser]: Run.lnk - Orphan key
O4 - GS\Accessories [UpdatusUser]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\explorer.exe
O4 - GS\SendTo [UpdatusUser]: Notepad.lnk . (.Microsoft Corporation - Notepad.) -- C:\Windows\System32\notepad.exe
O4 - GS\QuickLaunch [Ian]: FreeFileViewer.lnk . (.Bitberry Software - Free File Viewer.) -- C:\Program Files\FreeFileViewer\FreeFileViewer.exe
O4 - GS\QuickLaunch [Ian]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Ian]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O4 - GS\Program [Ian]: Create Amazing Presentations.lnk - Orphan key
O4 - GS\Program [Ian]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Ian]: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation
O4 - GS\Program [Ian]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O4 - GS\Accessories [Ian]: Command Prompt.lnk . (.Microsoft Corporation - Windows Command Processor.) -- C:\Windows\System32\cmd.exe
O4 - GS\Accessories [Ian]: Notepad.lnk . (.Microsoft Corporation - Notepad.) -- C:\Windows\System32\notepad.exe
O4 - GS\Accessories [Ian]: Run.lnk - Orphan key
O4 - GS\Accessories [Ian]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\explorer.exe
O4 - GS\SystemTools [Ian]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo [Ian]: Notepad.lnk . (.Microsoft Corporation - Notepad.) -- C:\Windows\System32\notepad.exe
O4 - GS\SendTo [Ian]: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - GS\Desktop [Ian]: HP Photosmart Essential 2.01 (2).lnk . (.Hewlett-Packard Development Co. L.P. - HP Photosmart Essential Software.) -- C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe =>.Hewlett-Packard Co
O4 - GS\Desktop [Ian]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Ian]: Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
O4 - GS\Desktop [Ian]: Microsoft Works Task Launcher.lnk . (.Microsoft® Corporation - Microsoft® Works.) -- C:\Program Files\Microsoft Works\MSWorks.exe =>.Microsoft Corporation
O4 - GS\Desktop [Ian]: Notepad.lnk . (.Microsoft Corporation - Notepad.) -- C:\Windows\System32\notepad.exe
O4 - GS\Desktop [Ian]: PhotoImpact 12.lnk . (.Ulead Systems, Inc. - PhotoImpact Launcher.) -- C:\Program Files\Ulead Systems\Ulead PhotoImpact 12\Iedit.exe
O4 - GS\Desktop [Ian]: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation
O4 - GS\Desktop [Ian]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Program Files\ZHPDiag\ZHPhep.exe =>.Nicolas Coolman
O4 - GS\Desktop [Ian]: ZHPFix.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe =>.Nicolas Coolman
~ Global Startup: 76 Scanned in 00mn 02s

---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [Google Desktop Search] . (.Google - Google Desktop.) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O4 - HKLM\..\Run: [Live! Central 3] . (.Creative Technology Ltd - CTLVCentral3.exe.) -- C:\Program Files\Creative\Creative Live! Cam\Live! Central 3\CTLVCentral3.exe
O4 - HKLM\..\Run: [itype] . (.Microsoft Corporation - IType.exe.) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-3821336757-804075763-824847514-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
~ Application: Scanned in 00mn 00s

---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} . (.Hewlett-Packard Co. - Leo (Toolbar Extensions) - add-on for Internet Explorer.) -- C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} . (.Hewlett-Packard Co. - Leo (Toolbar Extensions) - add-on for Internet Explorer.) -- C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - E-mail Naming Shim Provider.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Service Provider.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
~ Winsock: 6 Scanned in 00mn 00s

---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} ((no name)) - http://download.macromedia.com/pub/...
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} ((no name)) - http://download.eset.com/special/eo...
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/ge...
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} ((no name)) - http://ccfiles.creative.com/Web/sof...
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} ((no name)) - http://ccfiles.creative.com/Web/sof...
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} ((no name)) - http://ccfiles.creative.com/Web/sof...
~ Objets ActiveX: Scanned in 00mn 00s

---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{11BF7CFF-9F5F-4709-A3CF-39CF30EEFB9B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{11BF7CFF-9F5F-4709-A3CF-39CF30EEFB9B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{11BF7CFF-9F5F-4709-A3CF-39CF30EEFB9B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s

---\\ Extra protocols (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\system32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\Windows\System32\webcheck.dll
~ SSODL: 1 Scanned in 00mn 00s

---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s


Report •

#73
March 5, 2014 at 06:27:57

Johnw
3rd Part

---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AVGIDSAgent (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) . (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) . (.IObit - Product Updater.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: (MBAMScheduler) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 (Nero BackItUp Scheduler 3) . (.Nero AG - Nero BackItUp.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 311.0.) - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Rapport Management Service (RapportMgmtService) . (.Trusteer Ltd. - RapportMgmtService.) - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: RealNetworks Downloader Resolver Service (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) . (.No owner - RichVideo Module.) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServicepointService (ServicepointService) . (.Radialpoint SafeCare Inc. - No Comment.) - C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: X10 Device Network Service (x10nets) . (.X10 - X10 Module.) - C:\Program Files\Common Files\X10\Common\X10nets.exe
~ Services: 17 Scanned in 00mn 20s

---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe
O24 - Desktop General: BackupWallPaper - .(...) - C:\Windows\web\Wallpaper\img24.jpg
O24 - Desktop General: WallPaper - .(...) - C:\Windows\web\Wallpaper\img24.jpg
~ Desktop Component: 4 Scanned in 00mn 00s

---\\ BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 1 Scanned in 00mn 00s

---\\ Task Planned Automatically (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Adobe Flash Player Updater.job [830]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FreeFileViewerUpdateChecker.job [374]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [882]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [886]
[MD5.F7AB315A4D400CA876381D1E188A2E20] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257928]
[MD5.AD1D6D9736F109DBDBA254C0C74FA554] [APT] [FreeFileViewerUpdateChecker] (.Bitberry Software.) -- C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe [1545592]
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [135664]
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [135664]
[MD5.00000000000000000000000000000000] [APT] [PC TuneUp Maestro Disk Defrag Analysis] (...) -- C:\Program Files\CompuClever\PC TuneUp Maestro\pctum.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [PC TuneUp Maestro Scan] (...) -- C:\Program Files\CompuClever\PC TuneUp Maestro\pctum.exe (.not file.) [0]
[MD5.CEC66E3CA216A4783C6FC54B4FE36DBD] [APT] [ProgramRefresh-ATFST] (...) -- C:\Program Files\File Type Assistant\tsasetup.exe [1492080]
[MD5.88B6D362E111D87CBCA6CA94E152B7C6] [APT] [ProgramUpdateCheck] (.Trusted Software ApS.) -- C:\Program Files\File Type Assistant\TSAssist.exe [2749632]
[MD5.2A356FA2650E30E139F0476979548BF6] [APT] [RealPlayerRealUpgradeLogonTaskS-1-5-21-3821336757-804075763-824847514-1000] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [187984]
[MD5.2A356FA2650E30E139F0476979548BF6] [APT] [RealPlayerRealUpgradeScheduledTaskS-1-5-21-3821336757-804075763-824847514-1000] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [187984]
[MD5.2A356FA2650E30E139F0476979548BF6] [APT] [RealUpgradeLogonTaskS-1-5-21-3821336757-804075763-824847514-1000] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [187984]
[MD5.2A356FA2650E30E139F0476979548BF6] [APT] [RealUpgradeScheduledTaskS-1-5-21-3821336757-804075763-824847514-1000] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [187984]
[MD5.D52DC3CD5A3AF6F0CAA14A7FC79E95E3] [APT] [Uninstaller_SkipUac_Administrator] (.IObit.) -- C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [11201344]
[MD5.34EBD4FF6A24D86BB4716D6AFCC1A89B] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [561984]
~ Scheduled Task: 21 Scanned in 00mn 06s

---\\ ActiveSetup Installed Components (O40)
O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Resources.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\system32\ie4uinit.exe
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - IEAK branding.) -- C:\Windows\system32\iedkcs32.dll
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (...) -- C:\Program Files\Java\jre6\bin\regutils.dll
O40 - ASIC: Microsoft Windows Media Player 11.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll =>.Microsoft Corporation
O40 - ASIC: Adobe Shockwave Director 10.2 - {233C1507-6A77-46A4-9443-F871F945D258} . (.Adobe Systems, Inc. - Shockwave ActiveX Control.) -- C:\Windows\system32\Adobe\Director\SwDir_1207148.dll
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - Windows Theme API.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe =>.Microsoft Corporation
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Microsoft Internet Explorer FTP Folder Shell Extension.) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Windows Media Player Resources.) -- C:\Windows\System32\wmploc.dll =>.Microsoft Corporation
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
O40 - ASIC: Macromedia Shockwave Flash - {D27CDB6E-AE6D-11CF-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\system32\Macromed\Flash\Flash32_12_0_0_70.ocx
~ Active Setup: 14 Scanned in 00mn 00s

---\\ Drivers launched at startup (O41)
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (Avgdiskx) . (.AVG Technologies CZ, s.r.o. - AVG File Vault Driver.) - C:\Windows\System32\DRIVERS\avgdiskx.sys
O41 - Driver: (AVGIDSDriver) . (.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Driver..) - C:\Windows\System32\DRIVERS\avgidsdriverx.sys
O41 - Driver: (AVGIDSShim) . (.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Loader Dri.) - C:\Windows\System32\DRIVERS\avgidsshimx.sys
O41 - Driver: (Avgldx86) . (.AVG Technologies CZ, s.r.o. - AVG AVI Loader Driver.) - C:\Windows\System32\DRIVERS\avgldx86.sys
O41 - Driver: (Avgtdix) . (.AVG Technologies CZ, s.r.o. - AVG Network connection watcher.) - C:\Windows\System32\DRIVERS\avgtdix.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: (kbdclass) . (.Microsoft Corporation - Keyboard Class Driver.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver: (kbdhid) . (.Microsoft Corporation - HID Keyboard Filter Driver.) - C:\Windows\System32\DRIVERS\kbdhid.sys
O41 - Driver: (mouclass) . (.Microsoft Corporation - Mouse Class Driver.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - QoS Packet Scheduler.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: (RapportCerberus_59849) . (...) - C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys
O41 - Driver: (RapportEI) . (.Trusteer Ltd. - RapportEI.) - C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver: (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: (Serial) . (.Microsoft Corporation - Serial Device Driver.) - C:\Windows\System32\DRIVERS\serial.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\System32\DRIVERS\smb.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (ws2ifsl) . (.Microsoft Corporation - Winsock2 IFS Layer.) - C:\Windows\system32\drivers\ws2ifsl.sys
~ Drivers: 84 Scanned in 00mn 14s

---\\ Software installed (O42)
O42 - Logiciel: 32 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM] -- {2614F54E-A828-49FA-93BA-45A3F756BFAA}
O42 - Logiciel: AVG 2014 - (.AVG Technologies.) [HKLM] -- AVG
O42 - Logiciel: AVG 2014 - (.AVG Technologies.) [HKLM] -- {34371C5D-866E-462F-896A-BA75EC0EEDAE}
O42 - Logiciel: AVG 2014 - (.AVG Technologies.) [HKLM] -- {5C6CCDAE-C2BF-473B-BB1F-2D1DCC5B98A4}
O42 - Logiciel: Adobe Flash Player 12 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 12 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader XI (11.0.05) - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1033-7B44-AB0000000001}
O42 - Logiciel: Adobe Shockwave Player 12.0 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player
O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {5D09C772-ECB3-442B-9CC6-B4341C78FDC2}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} =>.Apple Inc
O42 - Logiciel: Compatibility Pack for the 2007 Office system - (.Microsoft Corporation.) [HKLM] -- {90120000-0020-0409-0000-0000000FF1CE}
O42 - Logiciel: Creative Live! Cam Chat HD (VF0700) (1.00.05.00) - (.Creative Technology Ltd..) [HKLM] -- Creative VF0700
O42 - Logiciel: Creative Live! Central 3 - (.Creative Technology Ltd.) [HKLM] -- Creative Live! Central 2
O42 - Logiciel: Creative Software AutoUpdate - (.Creative Technology Limited.) [HKLM] -- Creative Software AutoUpdate
O42 - Logiciel: Creative System Information - (.Creative Technology Limited.) [HKLM] -- SysInfo
O42 - Logiciel: ESET Online Scanner v3 - (...) [HKLM] -- ESET Online Scanner
O42 - Logiciel: File Type Assistant - (...) [HKLM] -- Trusted Software Assistant_is1
O42 - Logiciel: Firefox Free Download Packages - (...) [HKCU] -- Firefox Free Download Packages
O42 - Logiciel: Free File Viewer 2012 - (.Bitberry Software.) [HKLM] -- FreeFileViewer_is1
O42 - Logiciel: Google Desktop - (.Google.) [HKLM] -- Google Desktop
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {18455581-E099-4BA8-BC6B-F34B2F06600C} =>Toolbar.Google
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: HP Customer Participation Program 9.0 - (.HP.) [HKLM] -- HPExtendedCapabilities
O42 - Logiciel: HP Imaging Device Functions 9.0 - (.HP.) [HKLM] -- HP Imaging Device Functions
O42 - Logiciel: HP OCR Software 9.0 - (.HP.) [HKLM] -- HPOCR
O42 - Logiciel: HP Photosmart All-In-One Software 9.0 - (.HP.) [HKLM] -- {D64BC2CF-0F12-47d7-B412-B4F3FD684253} =>.Hewlett-Packard Co
O42 - Logiciel: HP Photosmart Essential 2.01 - (.HP.) [HKLM] -- HP Photosmart Essential =>.Hewlett-Packard Co
O42 - Logiciel: HP Smart Web Printing - (.Hewlett-Packard.) [HKLM] -- {415CDA53-9100-476F-A7B2-476691E117C7}
O42 - Logiciel: HP Solution Center 9.0 - (.HP.) [HKLM] -- HP Solution Center & Imaging Support Tools
O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
O42 - Logiciel: IObit Uninstaller - (.IObit.) [HKLM] -- IObitUninstall
O42 - Logiciel: MCE Software Encoder 1.1 - (.CyberLink Corporation.) [HKLM] -- {7655E113-C306-11D9-A373-0050BAE317E1}
O42 - Logiciel: MSXML 4.0 SP2 (KB941833) - (.Microsoft Corporation.) [HKLM] -- {C523D256-313D-4866-B36A-F3DE528246EF}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: MakeDisc - (.CyberLink Corp..) [HKLM] -- {B145EC69-66F5-11D8-9D75-000129760D75}
O42 - Logiciel: Malwarebytes Anti-Malware version 1.75.0.1300 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: MediaShow - (.CyberLink Corporation.) [HKLM] -- {D5A9B7C0-8751-11D8-9D75-000129760D75}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Works - (.Microsoft Corporation.) [HKLM] -- {15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
O42 - Logiciel: Mozilla Firefox 27.0 (x86 en-US) - (.Mozilla.) [HKLM] -- Mozilla Firefox 27.0 (x86 en-US)
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] -- MozillaMaintenanceService
O42 - Logiciel: NVIDIA 3D Vision Controller Driver 296.10 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB
O42 - Logiciel: NVIDIA 3D Vision Driver 311.06 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision
O42 - Logiciel: NVIDIA Drivers - (.NVIDIA Corporation.) [HKLM] -- NVIDIA Drivers
O42 - Logiciel: NVIDIA Graphics Driver 311.06 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver
O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM] -- {DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}
O42 - Logiciel: NVIDIA PhysX System Software 9.12.0213 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX
O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM] -- NVIDIAStereo
O42 - Logiciel: NVIDIA Update 1.11.3 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update
O42 - Logiciel: Nero 8 Essentials - (.Nero AG.) [HKLM] -- {53DF73B1-37F5-4B7F-86ED-FA7CC4041033}
O42 - Logiciel: PhotoNow! 1.0 - (.CyberLink Corporation.) [HKLM] -- {D36DD326-7280-11D8-97C8-000129760CBE}
O42 - Logiciel: PowerDVD - (.CyberLink Corporation.) [HKLM] -- {6811CAA0-BF12-11D4-9EA1-0050BAE317E1}
O42 - Logiciel: PowerDirector - (.CyberLink Corp..) [HKLM] -- InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}
O42 - Logiciel: PowerProducer - (...) [HKLM] -- {B7A0CE06-068E-11D6-97FD-0050BACBF861}
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {B67BAFBA-4C9F-48FA-9496-933E3B255044}
O42 - Logiciel: Rapport - (.Trusteer.) [HKLM] -- {1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}
O42 - Logiciel: RealDownloader - (.RealNetworks, Inc..) [HKLM] -- {C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}
O42 - Logiciel: RealPlayer - (.RealNetworks.) [HKLM] -- RealPlayer 16.0
O42 - Logiciel: RealUpgrade 1.1 - (.RealNetworks, Inc..) [HKLM] -- {28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Shop for HP Supplies - (.HP.) [HKLM] -- Shop for HP Supplies
O42 - Logiciel: Skype Click to Call - (.Skype Technologies S.A..) [HKLM] -- {B6CF2967-C81E-40C0-9815-C05774FEF120}
O42 - Logiciel: Skype™ 6.11 - (.Skype Technologies S.A..) [HKLM] -- {4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
O42 - Logiciel: Spelling Dictionaries Support For Adobe Reader 8 - (.Adobe Systems.) [HKLM] -- {AC76BA86-7AD7-5464-3428-800000000004}
O42 - Logiciel: Trusteer Endpoint Protection - (.Trusteer.) [HKLM] -- Rapport_msi
O42 - Logiciel: Ulead PhotoImpact 12 - (.Ulead System.) [HKLM] -- {11AFE21E-B193-430D-B57A-DFF7815BB962}
O42 - Logiciel: Updater - (.Creative Island Media, LLC.) [HKLM] -- {D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}
O42 - Logiciel: VC 9.0 Runtime - (.Check Point Software Technologies Ltd.) [HKLM] -- {02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
O42 - Logiciel: VCRedistSetup - (.Nero AG.) [HKLM] -- {3921A67A-5AB1-4E48-9444-C71814CF3027}
O42 - Logiciel: Virgin Media Service Manager 4.1.18 - (.Virgin Media.) [HKLM] -- RadialpointClientGateway_is1
O42 - Logiciel: Visual Studio 2012 x86 Redistributables - (.AVG Technologies CZ, s.r.o..) [HKLM] -- {98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}
O42 - Logiciel: Walgreens PictureMover - (.Hewlett-Packard Company.) [HKLM] -- {113DE59D-B57A-4075-9D4F-5803DFA69EB7}
O42 - Logiciel: Wise Disk Cleaner 8.04 - (.WiseCleaner.com, Inc..) [HKLM] -- Wise Disk Cleaner_is1
O42 - Logiciel: Wise Registry Cleaner 7.94 - (.WiseCleaner.com, Inc..) [HKLM] -- Wise Registry Cleaner_is1
O42 - Logiciel: X10 Hardware(TM) - (...) [HKLM] -- X10Hardware
O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}
O42 - Logiciel: swMSM - (.Adobe Systems, Inc.) [HKLM] -- {612C34C7-5E90-47D8-9B5C-0F717DD82726}
~ Logic: 42 Scanned in 00mn 00s


Report •

#74
March 5, 2014 at 06:30:18

Johnw
4thPart
--\\ HKCU & HKLM Software Keys
[HKCU\Software\AVG]
[HKCU\Software\Adobe]
[HKCU\Software\Ahead]
[HKCU\Software\Anti Malware]
[HKCU\Software\AppDataLow\Avg]
[HKCU\Software\AppDataLow\LastScanTime]
[HKCU\Software\AppDataLow\Software\Adobe]
[HKCU\Software\AppDataLow\Software\DynConIE]
[HKCU\Software\AppDataLow\Software\Google]
[HKCU\Software\AppDataLow\Software\JavaSoft]
[HKCU\Software\AppDataLow\Software\Macromedia]
[HKCU\Software\AppDataLow\Software\PassShow]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Bitberry]
[HKCU\Software\CDDB]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Conduit] =>Toolbar.Conduit
[HKCU\Software\Creative Tech]
[HKCU\Software\CyberLink]
[HKCU\Software\ESET]
[HKCU\Software\FileTypeAssistant]
[HKCU\Software\Google]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\IM]
[HKCU\Software\Iris]
[HKCU\Software\JavaSoft]
[HKCU\Software\Licenses]
[HKCU\Software\Macromedia]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MicroVision]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Oberon Media]
[HKCU\Software\Opera Software]
[HKCU\Software\PictureMover]
[HKCU\Software\Policies]
[HKCU\Software\RadialPoint]
[HKCU\Software\RealNetworks]
[HKCU\Software\Realtek]
[HKCU\Software\Redemption]
[HKCU\Software\RegistryTool]
[HKCU\Software\Research In Motion]
[HKCU\Software\Sensible Vision]
[HKCU\Software\Skype]
[HKCU\Software\Software]
[HKCU\Software\Sunisoft]
[HKCU\Software\Sysinternals]
[HKCU\Software\Trolltech]
[HKCU\Software\Trusteer]
[HKCU\Software\Ulead Systems]
[HKCU\Software\WeDlMngr] =>PUP.weDownloadManager
[HKCU\Software\ZebHelpProcess Helper]
[HKCU\Software\file.org]
[HKLM\Software\AGEIA Technologies]
[HKLM\Software\Adobe]
[HKLM\Software\AdwCleaner]
[HKLM\Software\Ahead]
[HKLM\Software\Anti Malware]
[HKLM\Software\AppDataLow]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Ashampoo]
[HKLM\Software\BrowserChoice]
[HKLM\Software\CDDB]
[HKLM\Software\CieoNetUtilities_0eEI]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\ComputerAssociates]
[HKLM\Software\CoreSecurity]
[HKLM\Software\Creative Tech]
[HKLM\Software\CyberLink]
[HKLM\Software\Dolby]
[HKLM\Software\Eset]
[HKLM\Software\Google]
[HKLM\Software\HP]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\IM Providers]
[HKLM\Software\IObit]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\Khronos]
[HKLM\Software\Lake]
[HKLM\Software\Licenses]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware (Trial)]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MimarSinan]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\Nero]
[HKLM\Software\Norton PC Checkup]
[HKLM\Software\ODBC]
[HKLM\Software\OldTimer Tools]
[HKLM\Software\Policies]
[HKLM\Software\Radialpoint]
[HKLM\Software\RealNetworks]
[HKLM\Software\Realtek]
[HKLM\Software\Reg Tool]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RegistryTool]
[HKLM\Software\Research In Motion]
[HKLM\Software\Skype]
[HKLM\Software\Sonic]
[HKLM\Software\Sunisoft]
[HKLM\Software\Swearware]
[HKLM\Software\Symantec]
[HKLM\Software\Trusteer]
[HKLM\Software\TuneUp]
[HKLM\Software\Ulead Systems]
[HKLM\Software\Uniblue]
[HKLM\Software\VBMZ] =>PUP.Duuqu
[HKLM\Software\Windows]
[HKLM\Software\WiseCleaner]
[HKLM\Software\Wow6432Node]
[HKLM\Software\Xing Technology Corp.]
[HKLM\Software\mozilla.org]
~ Key Software: 251 Scanned in 00mn 00s

Report •

#75
March 5, 2014 at 06:31:30

Johnw
5th Part
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 16/09/2013 - 16:24:53 - [0] ----D C:\Program Files\AbiWord
O43 - CFD: 11/12/2007 - 13:52:38 - [12.096] ----D C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
O43 - CFD: 29/05/2013 - 19:14:32 - [162.574] ----D C:\Program Files\Adobe
O43 - CFD: 10/10/2013 - 19:31:53 - [2.316] ----D C:\Program Files\Apple Software Update =>.Apple Inc
O43 - CFD: 23/01/2014 - 20:25:47 - [98.016] ----D C:\Program Files\AVG
O43 - CFD: 20/10/2011 - 13:40:25 - [0] ----D C:\Program Files\CieoNetUtilities_0eEI
O43 - CFD: 17/02/2014 - 16:55:06 - [737.292] ----D C:\Program Files\Common Files
O43 - CFD: 02/05/2012 - 18:14:59 - [51.894] ----D C:\Program Files\Creative
O43 - CFD: 08/01/2008 - 16:16:12 - [18.079] ----D C:\Program Files\CyberLink
O43 - CFD: 23/05/2013 - 19:08:38 - [82.169] ---AD C:\Program Files\Display.Driver
O43 - CFD: 23/05/2013 - 19:08:41 - [1.134] ---AD C:\Program Files\Display.Optimus
O43 - CFD: 23/05/2013 - 19:08:42 - [28.403] ---AD C:\Program Files\Display.Update
O43 - CFD: 19/02/2014 - 15:29:07 - [133.483] ----D C:\Program Files\ESET
O43 - CFD: 03/03/2014 - 22:02:02 - [6.349] ----D C:\Program Files\File Type Assistant
O43 - CFD: 17/10/2012 - 20:26:45 - [51.687] ----D C:\Program Files\FreeFileViewer
O43 - CFD: 23/05/2013 - 19:08:42 - [14.777] ---AD C:\Program Files\GFExperience
O43 - CFD: 03/03/2014 - 17:21:32 - [80.336] ----D C:\Program Files\Google
O43 - CFD: 17/05/2011 - 11:01:37 - [0.261] ---AD C:\Program Files\GoogleEULA
O43 - CFD: 23/05/2013 - 19:08:42 - [3.535] ---AD C:\Program Files\HDAudio
O43 - CFD: 17/05/2011 - 18:13:57 - [0] ----D C:\Program Files\Hewlett-Packard
O43 - CFD: 08/01/2008 - 16:20:00 - [615.619] ----D C:\Program Files\HomeCinema
O43 - CFD: 19/08/2013 - 16:04:55 - [219.470] ----D C:\Program Files\HP
O43 - CFD: 25/09/2012 - 13:21:56 - [58.776] ----D C:\Program Files\InstallShield Installation Information
O43 - CFD: 13/02/2014 - 21:53:39 - [5.579] ----D C:\Program Files\Internet Explorer
O43 - CFD: 24/02/2014 - 10:23:32 - [24.546] ----D C:\Program Files\IObit
O43 - CFD: 03/03/2014 - 16:38:37 - [0.892] ----D C:\Program Files\Java
O43 - CFD: 10/02/2014 - 19:38:57 - [13.247] ----D C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 02/11/2006 - 12:37:34 - [89.066] ----D C:\Program Files\Microsoft Games
O43 - CFD: 12/07/2012 - 20:34:01 - [19.731] ----D C:\Program Files\Microsoft IntelliPoint
O43 - CFD: 12/07/2012 - 20:31:50 - [21.062] ----D C:\Program Files\Microsoft IntelliType Pro
O43 - CFD: 27/11/2012 - 19:36:19 - [665.895] ----D C:\Program Files\Microsoft Office
O43 - CFD: 14/10/2013 - 18:18:25 - [40.851] ----D C:\Program Files\Microsoft Silverlight
O43 - CFD: 27/11/2012 - 19:36:46 - [0.014] ----D C:\Program Files\Microsoft Visual Studio
O43 - CFD: 27/11/2012 - 19:30:03 - [1.204] ----D C:\Program Files\Microsoft Visual Studio 8
O43 - CFD: 11/10/2012 - 18:06:44 - [154.018] ----D C:\Program Files\Microsoft Works
O43 - CFD: 14/06/2011 - 08:33:27 - [7.797] ----D C:\Program Files\Microsoft.NET
O43 - CFD: 27/11/2013 - 19:18:12 - [38.421] ----D C:\Program Files\Mobogenie =>PUP.Mobogenie
O43 - CFD: 12/12/2011 - 22:08:01 - [94.671] ----D C:\Program Files\Movie Maker
O43 - CFD: 24/02/2014 - 11:30:34 - [60.690] ----D C:\Program Files\Mozilla Firefox
O43 - CFD: 05/02/2014 - 15:53:03 - [0.216] ----D C:\Program Files\Mozilla Maintenance Service
O43 - CFD: 23/05/2013 - 19:08:37 - [1.681] ---AD C:\Program Files\MS.NET
O43 - CFD: 27/11/2012 - 19:37:07 - [0.025] ----D C:\Program Files\MSBuild
O43 - CFD: 12/12/2011 - 20:20:21 - [0] ----D C:\Program Files\MSECACHE
O43 - CFD: 18/12/2007 - 09:39:29 - [0] ----D C:\Program Files\MSXML 4.0
O43 - CFD: 26/06/2012 - 16:53:14 - [0] ----D C:\Program Files\NCH Software
O43 - CFD: 11/12/2007 - 12:16:49 - [317.749] ----D C:\Program Files\Nero
O43 - CFD: 23/05/2013 - 19:08:37 - [22.939] ---AD C:\Program Files\NV3DVision
O43 - CFD: 23/05/2013 - 19:08:42 - [4.078] ---AD C:\Program Files\NV3DVisionUSB.Driver
O43 - CFD: 23/05/2013 - 19:08:41 - [9.017] ---AD C:\Program Files\NVI2
O43 - CFD: 17/04/2013 - 12:32:42 - [1381.082] ----D C:\Program Files\NVIDIA Corporation
O43 - CFD: 10/02/2014 - 18:01:12 - [17.316] ----D C:\Program Files\Opera
O43 - CFD: 23/05/2013 - 19:08:41 - [26.299] ---AD C:\Program Files\PhysX
O43 - CFD: 10/10/2013 - 19:34:34 - [73.544] ----D C:\Program Files\QuickTime
O43 - CFD: 02/04/2013 - 19:41:38 - [173.961] ----D C:\Program Files\Real
O43 - CFD: 02/09/2013 - 18:25:04 - [17.591] ----D C:\Program Files\RealNetworks
O43 - CFD: 11/12/2007 - 11:40:37 - [44.817] ----D C:\Program Files\Realtek
O43 - CFD: 02/11/2006 - 12:37:34 - [34.730] ----D C:\Program Files\Reference Assemblies
O43 - CFD: 10/12/2012 - 20:16:34 - [1.431] ----D C:\Program Files\Research In Motion
O43 - CFD: 03/01/2013 - 21:22:05 - [0] ----D C:\Program Files\Roxio
O43 - CFD: 06/12/2013 - 12:30:37 - [41.223] R---D C:\Program Files\Skype
O43 - CFD: 10/02/2014 - 17:53:41 - [0.367] ----D C:\Program Files\sweetpacks bundle uninstaller =>PUP.SweetIM
O43 - CFD: 27/05/2011 - 15:23:14 - [44.058] ----D C:\Program Files\Trusteer
O43 - CFD: 11/12/2007 - 12:07:28 - [367.315] ----D C:\Program Files\Ulead Systems
O43 - CFD: 02/11/2006 - 13:01:55 - [0] ----D C:\Program Files\Uninstall Information
O43 - CFD: 25/09/2012 - 13:21:54 - [31.271] ----D C:\Program Files\Virgin Media
O43 - CFD: 26/09/2012 - 13:00:17 - [15.925] ----D C:\Program Files\Walgreens PictureMover
O43 - CFD: 12/12/2011 - 22:08:01 - [0.966] ----D C:\Program Files\Windows Calendar
O43 - CFD: 12/12/2011 - 22:08:01 - [2.599] ----D C:\Program Files\Windows Collaboration
O43 - CFD: 12/12/2011 - 22:07:59 - [4.259] ----D C:\Program Files\Windows Defender
O43 - CFD: 14/07/2013 - 16:53:30 - [6.745] ----D C:\Program Files\Windows Journal
O43 - CFD: 13/04/2012 - 14:08:01 - [8.631] ----D C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 12/12/2011 - 22:08:01 - [4.273] ----D C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 02/11/2006 - 12:37:34 - [7.585] ----D C:\Program Files\Windows NT
O43 - CFD: 12/12/2011 - 22:08:01 - [12.888] ----D C:\Program Files\Windows Photo Gallery
O43 - CFD: 16/12/2011 - 21:04:32 - [0.128] ----D C:\Program Files\Windows Portable Devices
O43 - CFD: 12/02/2014 - 14:57:40 - [6.220] ----D C:\Program Files\Windows Sidebar
O43 - CFD: 24/02/2014 - 11:45:15 - [14.288] ----D C:\Program Files\Wise
O43 - CFD: 11/12/2007 - 11:52:56 - [0.017] ----D C:\Program Files\X10 Hardware
O43 - CFD: 05/03/2014 - 14:05:05 - [17.268] ----D C:\Program Files\ZHPDiag =>.Nicolas Coolman
O43 - CFD: 29/05/2013 - 19:14:55 - [7.400] ----D C:\Program Files\Common Files\Adobe
O43 - CFD: 10/10/2013 - 19:32:23 - [63.895] ----D C:\Program Files\Common Files\Apple
O43 - CFD: 31/10/2012 - 14:03:43 - [0.082] ----D C:\Program Files\Common Files\DESIGNER
O43 - CFD: 17/05/2011 - 18:13:21 - [0.436] ----D C:\Program Files\Common Files\Hewlett-Packard
O43 - CFD: 17/05/2011 - 18:14:57 - [4.768] ----D C:\Program Files\Common Files\HP
O43 - CFD: 08/01/2008 - 16:15:36 - [7.524] ----D C:\Program Files\Common Files\InstallShield
O43 - CFD: 18/04/2013 - 18:04:15 - [0] ----D C:\Program Files\Common Files\Java
O43 - CFD: 23/08/2013 - 16:21:58 - [432.321] ----D C:\Program Files\Common Files\microsoft shared
O43 - CFD: 11/12/2007 - 12:17:29 - [127.069] ----D C:\Program Files\Common Files\Nero
O43 - CFD: 17/10/2012 - 20:25:38 - [1.298] ----D C:\Program Files\Common Files\Oberon Media
O43 - CFD: 30/05/2013 - 11:18:46 - [4.145] ----D C:\Program Files\Common Files\PX Storage Engine
O43 - CFD: 02/11/2006 - 11:18:33 - [0.003] ----D C:\Program Files\Common Files\Services
O43 - CFD: 02/06/2013 - 22:52:55 - [1.904] ----D C:\Program Files\Common Files\Skype
O43 - CFD: 02/11/2006 - 11:18:33 - [39.198] ----D C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 28/01/2014 - 21:13:45 - [0] ----D C:\Program Files\Common Files\SureThing Shared
O43 - CFD: 29/11/2012 - 19:02:36 - [41.363] ----D C:\Program Files\Common Files\System
O43 - CFD: 11/12/2007 - 12:07:28 - [2.928] ----D C:\Program Files\Common Files\Ulead Systems
O43 - CFD: 11/12/2007 - 11:52:31 - [2.622] ----D C:\Program Files\Common Files\X10
O43 - CFD: 10/12/2012 - 20:16:41 - [0] ----D C:\Program Files\Common Files\XCPCSync.OEM
O43 - CFD: 02/09/2013 - 18:23:15 - [0.336] ----D C:\Program Files\Common Files\xing shared
O43 - CFD: 03/06/2013 - 20:35:42 - [402.673] ----D C:\ProgramData\Adobe
O43 - CFD: 10/10/2013 - 19:31:50 - [22.757] ----D C:\ProgramData\Apple
O43 - CFD: 10/10/2013 - 19:33:46 - [26.332] ----D C:\ProgramData\Apple Computer
O43 - CFD: 02/11/2006 - 13:02:03 - [0] -SH-D C:\ProgramData\Application Data
O43 - CFD: 16/01/2012 - 20:45:56 - [160.402] ----D C:\ProgramData\Ashampoo
O43 - CFD: 23/01/2014 - 20:22:23 - [0.300] ----D C:\ProgramData\AVG
O43 - CFD: 12/09/2011 - 15:20:23 - [57.923] ----D C:\ProgramData\AVG10
O43 - CFD: 10/02/2014 - 17:36:43 - [251.367] ----D C:\ProgramData\AVG2014
O43 - CFD: 17/08/2011 - 18:58:45 - [0.000] ----D C:\ProgramData\Common Files
O43 - CFD: 28/12/2013 - 16:20:55 - [0.024] ----D C:\ProgramData\CompuClever
O43 - CFD: 28/03/2012 - 19:48:51 - [0.024] ----D C:\ProgramData\Creative
O43 - CFD: 08/01/2008 - 16:16:18 - [0.002] ----D C:\ProgramData\CyberLink
O43 - CFD: 02/11/2006 - 13:02:03 - [0] -SH-D C:\ProgramData\Desktop
O43 - CFD: 02/11/2006 - 13:02:03 - [0] -SH-D C:\ProgramData\Documents
O43 - CFD: 01/03/2014 - 16:41:44 - [22.785] ----D C:\ProgramData\F-Secure
O43 - CFD: 01/03/2014 - 16:22:34 - [2.452] ----D C:\ProgramData\F-Secure-UninstallationTool
O43 - CFD: 02/11/2006 - 13:02:03 - [0] -SH-D C:\ProgramData\Favorites
O43 - CFD: 18/05/2011 - 16:56:25 - [0.514] ----D C:\ProgramData\Google
O43 - CFD: 17/05/2011 - 18:12:02 - [0.192] ----D C:\ProgramData\Hewlett-Packard
O43 - CFD: 04/04/2012 - 19:38:44 - [5.480] ----D C:\ProgramData\HP
O43 - CFD: 17/05/2011 - 18:15:36 - [0.001] ----D C:\ProgramData\HP Product Assistant
O43 - CFD: 19/08/2013 - 19:21:55 - [0.000] ----D C:\ProgramData\HPSSUPPLY
O43 - CFD: 24/02/2014 - 10:31:23 - [0.016] ----D C:\ProgramData\Image Uploader
O43 - CFD: 10/02/2014 - 16:15:00 - [6.184] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 11/12/2007 - 12:09:01 - [0.000] ----D C:\ProgramData\InstallShield
O43 - CFD: 26/02/2014 - 13:14:32 - [0.063] ----D C:\ProgramData\IObit
O43 - CFD: 22/01/2014 - 19:46:11 - [7.035] ----D C:\ProgramData\Malwarebytes
O43 - CFD: 21/06/2012 - 14:29:00 - [0.010] ----D C:\ProgramData\McAfee
O43 - CFD: 05/03/2014 - 12:13:43 - [217.935] ----D C:\ProgramData\MFAData
O43 - CFD: 01/03/2014 - 15:54:25 - [339.065] -S--D C:\ProgramData\Microsoft
O43 - CFD: 20/01/2014 - 21:13:26 - [0.059] ----D C:\ProgramData\Microsoft Help
O43 - CFD: 28/06/2012 - 17:44:29 - [0.020] ----D C:\ProgramData\Mozilla
O43 - CFD: 23/04/2012 - 19:03:05 - [0] ----D C:\ProgramData\NCH Software
O43 - CFD: 11/12/2007 - 12:16:50 - [5.130] ----D C:\ProgramData\Nero
O43 - CFD: 25/06/2011 - 10:07:58 - [0.000] ----D C:\ProgramData\Norton
O43 - CFD: 25/06/2011 - 10:02:51 - [0.669] ----D C:\ProgramData\NortonInstaller
O43 - CFD: 05/03/2014 - 12:08:04 - [3.028] ----D C:\ProgramData\NVIDIA
O43 - CFD: 23/08/2011 - 20:04:25 - [2.416] ----D C:\ProgramData\NVIDIA Corporation
O43 - CFD: 17/10/2012 - 20:25:50 - [0.118] ----D C:\ProgramData\Oberon Media
O43 - CFD: 20/01/2014 - 17:26:20 - [0] ----D C:\ProgramData\Oracle
O43 - CFD: 26/09/2012 - 13:00:18 - [12.972] ----D C:\ProgramData\PictureMover
O43 - CFD: 03/03/2014 - 16:20:15 - [0.000] ----D C:\ProgramData\ProductData
O43 - CFD: 05/03/2014 - 13:24:45 - [4.935] ----D C:\ProgramData\Radialpoint
O43 - CFD: 02/09/2013 - 18:22:54 - [3.804] ----D C:\ProgramData\Real
O43 - CFD: 02/09/2013 - 18:25:03 - [3.458] ----D C:\ProgramData\RealNetworks
O43 - CFD: 10/02/2014 - 15:22:13 - [0] ----D C:\ProgramData\SetApp
O43 - CFD: 06/12/2013 - 12:30:44 - [83.463] ----D C:\ProgramData\Skype
O43 - CFD: 02/11/2006 - 13:02:03 - [0] -SH-D C:\ProgramData\Start Menu
O43 - CFD: 04/12/2011 - 14:24:16 - [0.000] ----D C:\ProgramData\Sun
O43 - CFD: 25/06/2011 - 10:03:12 - [0] ----D C:\ProgramData\Symantec
O43 - CFD: 24/02/2014 - 10:25:53 - [0] ---AD C:\ProgramData\TEMP
O43 - CFD: 02/11/2006 - 13:02:04 - [0] -SH-D C:\ProgramData\Templates
O43 - CFD: 25/09/2012 - 13:21:16 - [1.704] ----D C:\ProgramData\Trend Micro
O43 - CFD: 27/05/2011 - 15:20:46 - [246.203] ----D C:\ProgramData\Trusteer
O43 - CFD: 11/12/2007 - 12:07:43 - [0.089] ----D C:\ProgramData\Ulead Systems
O43 - CFD: 10/02/2014 - 17:26:44 - [0] ----D C:\ProgramData\Uniblue
O43 - CFD: 10/02/2014 - 20:27:54 - [1.225] ----D C:\ProgramData\Updater =>PUP.CrossRider
O43 - CFD: 25/09/2012 - 13:21:55 - [2.436] ----D C:\ProgramData\Virgin Media
O43 - CFD: 26/09/2012 - 13:00:19 - [0.049] ----D C:\ProgramData\Walgreens PictureMover
O43 - CFD: 17/05/2011 - 18:20:32 - [0.000] ----D C:\ProgramData\WEBREG
O43 - CFD: 18/12/2007 - 09:59:46 - [0.002] ----D C:\ProgramData\Windows Genuine Advantage
O43 - CFD: 04/08/2011 - 10:20:37 - [0] ----D C:\ProgramData\WindowsSearch
O43 - CFD: 17/05/2011 - 11:02:30 - [0.018] ----D C:\ProgramData\X10 Settings
O43 - CFD: 23/01/2014 - 20:06:23 - [33.195] -SH-D C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
O43 - CFD: 11/12/2007 - 13:52:39 - [6.585] ----D C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
O43 - CFD: 27/12/2013 - 14:08:23 - [1.063] ----D C:\Users\Ian\AppData\Roaming\1O1L1I1PtF1F1C1N
O43 - CFD: 03/06/2013 - 20:33:50 - [4.347] ----D C:\Users\Ian\AppData\Roaming\Adobe
O43 - CFD: 19/05/2012 - 13:40:54 - [1.506] ----D C:\Users\Ian\AppData\Roaming\Anti Malware
O43 - CFD: 11/10/2013 - 10:43:55 - [0.018] ----D C:\Users\Ian\AppData\Roaming\Apple Computer
O43 - CFD: 23/01/2014 - 20:15:35 - [0.004] ----D C:\Users\Ian\AppData\Roaming\AVG
O43 - CFD: 17/08/2011 - 19:54:34 - [0.002] ----D C:\Users\Ian\AppData\Roaming\AVG10
O43 - CFD: 22/01/2014 - 22:58:55 - [0.031] ----D C:\Users\Ian\AppData\Roaming\AVG2014
O43 - CFD: 05/02/2014 - 13:21:50 - [0.008] ----D C:\Users\Ian\AppData\Roaming\CleanMyPC Software
O43 - CFD: 28/12/2013 - 16:20:57 - [11.646] ----D C:\Users\Ian\AppData\Roaming\CompuClever
O43 - CFD: 02/05/2012 - 18:19:18 - [0.001] ----D C:\Users\Ian\AppData\Roaming\Creative
O43 - CFD: 07/08/2013 - 20:39:13 - [0.000] ----D C:\Users\Ian\AppData\Roaming\FreeFileViewer
O43 - CFD: 17/05/2011 - 11:26:18 - [0.001] ----D C:\Users\Ian\AppData\Roaming\Google
O43 - CFD: 02/11/2011 - 20:55:14 - [0.223] ----D C:\Users\Ian\AppData\Roaming\HP
O43 - CFD: 17/05/2011 - 18:18:25 - [0.063] ----D C:\Users\Ian\AppData\Roaming\HPAppData
O43 - CFD: 17/05/2011 - 11:11:03 - [0] ----D C:\Users\Ian\AppData\Roaming\Identities
O43 - CFD: 28/01/2014 - 15:19:43 - [0.006] ----D C:\Users\Ian\AppData\Roaming\Image Uploader
O43 - CFD: 24/02/2014 - 10:23:29 - [0.097] ----D C:\Users\Ian\AppData\Roaming\IObit
O43 - CFD: 17/05/2011 - 11:18:55 - [0.003] ----D C:\Users\Ian\AppData\Roaming\Macromedia
O43 - CFD: 22/01/2014 - 19:46:45 - [1.247] ----D C:\Users\Ian\AppData\Roaming\Malwarebytes
O43 - CFD: 02/11/2006 - 12:37:34 - [0] ----D C:\Users\Ian\AppData\Roaming\Media Center Programs
O43 - CFD: 16/09/2013 - 18:35:09 - [25.561] -S--D C:\Users\Ian\AppData\Roaming\Microsoft
O43 - CFD: 18/05/2011 - 17:02:19 - [27.255] ----D C:\Users\Ian\AppData\Roaming\Mozilla
O43 - CFD: 26/06/2012 - 16:52:41 - [0.005] ----D C:\Users\Ian\AppData\Roaming\NCH Software
O43 - CFD: 10/02/2014 - 16:11:39 - [2.256] ----D C:\Users\Ian\AppData\Roaming\Opera Software
O43 - CFD: 26/09/2012 - 13:01:11 - [18.730] ----D C:\Users\Ian\AppData\Roaming\PictureMover
O43 - CFD: 24/02/2014 - 10:23:48 - [0.005] ----D C:\Users\Ian\AppData\Roaming\ProductData
O43 - CFD: 25/01/2014 - 18:13:14 - [4.928] ----D C:\Users\Ian\AppData\Roaming\Radialpoint
O43 - CFD: 29/12/2012 - 18:31:51 - [74.699] ----D C:\Users\Ian\AppData\Roaming\Real
O43 - CFD: 02/09/2013 - 18:40:53 - [0.027] ----D C:\Users\Ian\AppData\Roaming\RealNetworks
O43 - CFD: 15/10/2012 - 19:09:29 - [8.553] ----D C:\Users\Ian\AppData\Roaming\RegistryTool
O43 - CFD: 06/12/2013 - 12:30:53 - [3.790] ----D C:\Users\Ian\AppData\Roaming\Skype
O43 - CFD: 06/07/2011 - 19:20:55 - [0.013] ----D C:\Users\Ian\AppData\Roaming\Template
O43 - CFD: 27/05/2011 - 15:23:31 - [1.589] ----D C:\Users\Ian\AppData\Roaming\Trusteer
O43 - CFD: 22/01/2014 - 22:56:50 - [0] ----D C:\Users\Ian\AppData\Roaming\TuneUp Software
O43 - CFD: 18/05/2011 - 19:20:33 - [15.449] ----D C:\Users\Ian\AppData\Roaming\Ulead Systems
O43 - CFD: 11/04/2012 - 19:28:52 - [110.736] ----D C:\Users\Ian\AppData\Roaming\Virgin Media
O43 - CFD: 24/02/2014 - 11:43:19 - [0.026] ----D C:\Users\Ian\AppData\Roaming\Wise Disk Cleaner
O43 - CFD: 24/02/2014 - 12:02:28 - [0.447] ----D C:\Users\Ian\AppData\Roaming\Wise Registry Cleaner
O43 - CFD: 05/03/2014 - 14:08:22 - [0.016] ----D C:\Users\Ian\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 14/07/2013 - 18:27:14 - [110.158] ----D C:\Users\Ian\AppData\Local\Adobe
O43 - CFD: 18/07/2012 - 19:41:25 - [0.195] ----D C:\Users\Ian\AppData\Local\Ahead
O43 - CFD: 10/10/2013 - 19:31:57 - [0] ----D C:\Users\Ian\AppData\Local\Apple
O43 - CFD: 17/05/2011 - 11:10:54 - [0] -SH-D C:\Users\Ian\AppData\Local\Application Data
O43 - CFD: 17/05/2011 - 19:34:47 - [0.114] ----D C:\Users\Ian\AppData\Local\Apps
O43 - CFD: 22/01/2014 - 23:31:41 - [3.464] ----D C:\Users\Ian\AppData\Local\Avg2014
O43 - CFD: 27/11/2013 - 19:02:36 - [6.740] ----D C:\Users\Ian\AppData\Local\cache
O43 - CFD: 24/02/2014 - 16:30:34 - [0] ----D C:\Users\Ian\AppData\Local\CrashDumps
O43 - CFD: 17/05/2011 - 19:34:56 - [0] ----D C:\Users\Ian\AppData\Local\Deployment
O43 - CFD: 29/05/2013 - 19:08:56 - [0] ----D C:\Users\Ian\AppData\Local\Downloaded Installations
O43 - CFD: 19/08/2013 - 15:52:10 - [0.029] ----D C:\Users\Ian\AppData\Local\emaze
O43 - CFD: 19/02/2014 - 16:43:25 - [0] ----D C:\Users\Ian\AppData\Local\F-Secure
O43 - CFD: 17/02/2014 - 14:28:16 - [0.018] ----D C:\Users\Ian\AppData\Local\FileTypeAssistant
O43 - CFD: 17/10/2012 - 20:31:46 - [0.000] ----D C:\Users\Ian\AppData\Local\FreeFileViewer
O43 - CFD: 17/12/2013 - 12:44:30 - [496.280] ----D C:\Users\Ian\AppData\Local\Google
O43 - CFD: 07/08/2012 - 17:45:22 - [0] ----D C:\Users\Ian\AppData\Local\Help
O43 - CFD: 17/05/2011 - 11:10:54 - [0] -SH-D C:\Users\Ian\AppData\Local\History
O43 - CFD: 18/05/2011 - 19:25:07 - [0.339] ----D C:\Users\Ian\AppData\Local\HP
O43 - CFD: 20/05/2012 - 09:13:02 - [0] ----D C:\Users\Ian\AppData\Local\LogMeIn Rescue Applet
O43 - CFD: 26/09/2012 - 20:04:46 - [0] ----D C:\Users\Ian\AppData\Local\Macromedia
O43 - CFD: 22/01/2014 - 22:51:01 - [15.315] ----D C:\Users\Ian\AppData\Local\MFAData
O43 - CFD: 16/09/2013 - 18:35:09 - [1132.181] ----D C:\Users\Ian\AppData\Local\Microsoft
O43 - CFD: 17/10/2011 - 13:57:25 - [0.013] ----D C:\Users\Ian\AppData\Local\Microsoft Corporation
O43 - CFD: 10/04/2012 - 19:34:44 - [0.223] ----D C:\Users\Ian\AppData\Local\Microsoft Games
O43 - CFD: 29/05/2013 - 19:58:42 - [0.304] ----D C:\Users\Ian\AppData\Local\Microsoft Help
O43 - CFD: 28/03/2013 - 19:29:03 - [0.064] ----D C:\Users\Ian\AppData\Local\MicroVision Applications
O43 - CFD: 06/11/2013 - 12:14:55 - [103.957] ----D C:\Users\Ian\AppData\Local\Mobogenie =>PUP.Mobogenie
O43 - CFD: 18/05/2011 - 17:01:56 - [105.752] ----D C:\Users\Ian\AppData\Local\Mozilla
O43 - CFD: 10/02/2014 - 16:11:47 - [0] ----D C:\Users\Ian\AppData\Local\Opera Software
O43 - CFD: 03/01/2013 - 21:08:04 - [0] ----D C:\Users\Ian\AppData\Local\PC_Drivers_Headquarters
O43 - CFD: 10/12/2012 - 20:16:45 - [0] ----D C:\Users\Ian\AppData\Local\Research In Motion
O43 - CFD: 05/03/2014 - 14:05:20 - [7.388] ----D C:\Users\Ian\AppData\Local\temp
O43 - CFD: 17/05/2011 - 11:10:54 - [0] -SH-D C:\Users\Ian\AppData\Local\Temporary Internet Files
O43 - CFD: 27/05/2011 - 15:26:07 - [8.526] ----D C:\Users\Ian\AppData\Local\Trusteer
O43 - CFD: 18/05/2011 - 19:25:40 - [265.043] ----D C:\Users\Ian\AppData\Local\VirtualStore
O43 - CFD: 28/06/2011 - 19:09:23 - [0.006] ----D C:\Users\Ian\AppData\Local\WindowsUpdate
O43 - CFD: 03/12/2007 - 18:16:29 - [0.015] R---D C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 17/05/2011 - 11:11:10 - [0.000] R---D C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 29/03/2012 - 19:29:18 - [0.001] ----D C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Creative
O43 - CFD: 03/12/2007 - 18:16:29 - [0.001] R---D C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 09/07/2013 - 20:52:59 - [0.000] R---D C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
~ Program Folder: 244 Scanned in 00mn 26s

Report •

#76
March 5, 2014 at 06:34:11

Johnw
6th Part
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.2A87043E8BA8682CDA2E96D26487363E] - 01/03/2014 - 16:25:07 ---A- . (...) -- C:\Windows\fsavunin_2.log [69]
O44 - LFC:[MD5.8E4321407FB1F947941C05D742C19773] - 01/03/2014 - 16:25:21 ---A- . (...) -- C:\Windows\fsavunin.log [30668]
O44 - LFC:[MD5.54938D4E656842A12049A2E16913C5E5] - 01/03/2014 - 16:25:49 ---A- . (...) -- C:\Windows\daasunin.LOG [788]
O44 - LFC:[MD5.B3D59CA35FF57884C18162E1927EFAA4] - 01/03/2014 - 16:25:52 ---A- . (...) -- C:\Windows\FSLDIN.LOG [3554]
O44 - LFC:[MD5.D3B7E54580F060A9A788282B1D6568D1] - 01/03/2014 - 16:25:54 ---A- . (...) -- C:\Windows\FSGKIAIN.log [7918]
O44 - LFC:[MD5.AE45B203F957B4AC1B8B54CF71581DD3] - 01/03/2014 - 16:26:06 ---A- . (...) -- C:\Windows\FSDEPH.log [400163]
O44 - LFC:[MD5.38891986CF5968B2D3906033FD705413] - 01/03/2014 - 16:26:06 ---A- . (...) -- C:\Windows\FSISU.log [62331972]
O44 - LFC:[MD5.EF98642055BF5E8582D1192C0B723B55] - 01/03/2014 - 16:26:06 ---A- . (...) -- C:\Windows\FSUNINST.log [262482]
O44 - LFC:[MD5.D1FAB89F3125A2720D0EDFDC8F5E96D3] - 01/03/2014 - 16:26:06 ---A- . (...) -- C:\Windows\uninstaller.log [13546]
O44 - LFC:[MD5.B8EC0E5FE8F8C8F6A1EA5FE5D1C7F8D3] - 02/03/2014 - 11:33:42 ---A- . (...) -- C:\Windows\PFRO.log [1225154]
O44 - LFC:[MD5.B5213F96FFC209C11926BFDC5D668801] - 03/03/2014 - 16:29:28 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [760144]
O44 - LFC:[MD5.4FB691E6FF96E3BFD382C9C4F15DCE0E] - 03/03/2014 - 16:29:28 ---A- . (...) -- C:\Windows\System32\perfc009.dat [123700]
O44 - LFC:[MD5.D86E8A8E9FAC756ABFB60577D9631E45] - 03/03/2014 - 16:29:28 ---A- . (...) -- C:\Windows\System32\perfh009.dat [645794]
O44 - LFC:[MD5.E21B90BD14AFFC13D50A2E8A26336561] - 03/03/2014 - 20:45:07 ---A- . (...) -- C:\Windows\epplauncher.mif [2052]
O44 - LFC:[MD5.24BECBEB3767D94B77AA15CCA738CADF] - 05/03/2014 - 12:08:03 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.F73B75DBFD22B9438A0D591560D937A8] - 05/03/2014 - 12:16:38 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1942431]
O44 - LFC:[MD5.F4A3FB2D655BDC4610C60B6D9B3D093E] - 20/02/2014 - 20:32:05 ---A- . (...) -- C:\TDSSKiller.3.0.0.23_20.02.2014_19.42.20_log.txt [373872]
O44 - LFC:[MD5.72F76B12C09B36F26219920D0B2E7EF3] - 23/02/2014 - 20:01:31 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\Windows\System32\FlashPlayerApp.exe [692616]
O44 - LFC:[MD5.FD38EBD137378FE594E7EFEBB5B3E096] - 23/02/2014 - 20:01:31 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [71048]
O44 - LFC:[MD5.6FC34FEEFF33D612CA848DC48FE902F3] - 24/02/2014 - 12:07:56 ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT [410624]
O44 - LFC:[MD5.5A4E556877C429CBB1BD1D0638D6B3F2] - 26/02/2014 - 16:58:20 ---A- . (...) -- C:\Windows\fspplugin.log [20531]
O44 - LFC:[MD5.289E0B3E66EE614DC987F138E830C6D9] - 26/02/2014 - 16:59:22 ---A- . (...) -- C:\Windows\prodsett_copy.ini [20427]
O44 - LFC:[MD5.68CE2AAD9AD091DB6022874984CC212D] - 26/02/2014 - 16:59:28 ---A- . (...) -- C:\Windows\DAASINST.LOG [2350]
O44 - LFC:[MD5.C3AE6E88A992488CFF40015A7559EC1D] - 26/02/2014 - 17:00:45 ---A- . (...) -- C:\Windows\FSAVINST.LOG [67010]
O44 - LFC:[MD5.67C8A9014827017D828314BCEE97CE03] - 26/02/2014 - 17:00:46 ---A- . (...) -- C:\Windows\fsav_db_setup.log [645]
O44 - LFC:[MD5.46ED7B261A8014F148731AEAC612B8AD] - 26/02/2014 - 17:00:51 ---A- . (...) -- C:\Windows\FSAVCSIN.LOG [13220]
O44 - LFC:[MD5.499F76A4E0801B9C2EFD25F16DE4EE05] - 26/02/2014 - 17:00:51 ---A- . (...) -- C:\Windows\FSPROD.log [143036]
O44 - LFC:[MD5.321B19DD3F451D4707F9F7228B202379] - 26/02/2014 - 17:00:51 ---A- . (...) -- C:\Windows\FSSETUP.log [745482]
O44 - LFC:[MD5.5E921B7644E11E99C04A88CD120868E6] - 26/02/2014 - 17:00:51 ---A- . (...) -- C:\Windows\FSSFM.log [980732]
O44 - LFC:[MD5.719CCACFBC0A914AB9516BBE1615E621] - 26/02/2014 - 17:00:53 ---A- . (...) -- C:\Windows\RunSetup.log [116221]
~ Files: 30 Scanned in 00mn 17s

---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.394997CC5BD5AA405CEA911DF09957BD] - 04/03/2014 - 15:15:56 ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin
O45 - LFCP:[MD5.F803D60F9E3875027BC6BA395F203A7B] - 05/03/2014 - 13:09:22 ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db
O45 - LFCP:[MD5.6D89A65890473E4485BA9235C005B8C6] - 05/03/2014 - 13:09:22 ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db
O45 - LFCP:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 05/03/2014 - 13:09:22 ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db
O45 - LFCP:[MD5.DC8C19279ACDD5E9DA849D6927BF70BC] - 05/03/2014 - 13:51:11 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3821336757-804075763-824847514-1000.db
O45 - LFCP:[MD5.753F97053006455B2F239B25692E1E75] - 05/03/2014 - 13:51:11 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-3821336757-804075763-824847514-1000.db
O45 - LFCP:[MD5.2B010EE87D43A7CC1699B9A1D0B5451E] - 22/11/2095 - 04:33:32 ---A- - C:\Windows\Prefetch\AgRobust.db
O45 - LFCP:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 30/11/2095 - 12:59:27 ----D - C:\Windows\Prefetch\ReadyBoot
~ Prefetcher: 8 Scanned in 00mn 00s

---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Local Security Authority-LSA Deny (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Windows Security Configuration Editor Client Engine.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Kerberos Security Package.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll
~ LSA: 7 Scanned in 00mn 00s

---\\ Safe Boot Control (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Serial Mouse Filter Driver.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Serial Mouse Filter Driver.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\Windows\System32\Drivers\volmgrx.sys
~ CSB: 13 Scanned in 00mn 00s

---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
~ TDSD: 3 Scanned in 00mn 00s

---\\ ShareTools MSconfig StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O53 - SMSR:HKLM\...\startupreg\APSDaemon [Key] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O53 - SMSR:HKLM\...\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} [Key] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
O53 - SMSR:HKLM\...\startupreg\ehTray.exe [Key] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O53 - SMSR:HKLM\...\startupreg\GrooveMonitor [Key] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
O53 - SMSR:HKLM\...\startupreg\mobilegeni daemon [Key] . (...) -- C:\Program Files\Mobogenie\DaemonProcess.exe =>PUP.Mobogenie
O53 - SMSR:HKLM\...\startupreg\NeroFilterCheck [Key] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O53 - SMSR:HKLM\...\startupreg\QuickTime Task [Key] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O53 - SMSR:HKLM\...\startupreg\RtHDVCpl [Key] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O53 - SMSR:HKLM\...\startupreg\ServiceManager.exe [Key] . (.Virgin Media - Service Manager.) -- C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
O53 - SMSR:HKLM\...\startupreg\Sidebar [Key] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O53 - SMSR:HKLM\...\startupreg\Skype [Key] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (...) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe (.not file.) =>.Oracle Corporation
O53 - SMSR:HKLM\...\startupreg\swg [Key] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O53 - SMSR:HKLM\...\startupreg\TkBellExe [Key] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe =>.RealNetworks, Inc
O53 - SMSR:HKLM\...\startupreg\V0700Mon.exe [Key] . (.Creative Technology Ltd. - Event Monitoring Applet.) -- C:\Windows\V0700Mon.exe
~ SMSR Keys: 16 Scanned in 00mn 00s

---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\System32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\System32\credssp.dll
~ MSCP: 2 Scanned in 00mn 00s

---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Scanned in 00mn 00s

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoThumbnailCache"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "ClearRecentDocsOnExit"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "BindDirectlyToPropertySetStorage"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoSharedDocuments"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0
~ MWPE Keys: 6 Scanned in 00mn 00s


Report •

#77
March 5, 2014 at 06:35:47

John
7th Part
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.0349BE02F329F4F48F1D48097FD65974] - 19/01/2008 - 05:53:27 ---A- . (.Microsoft Corporation - 1394 Bus Device Driver.) -- C:\Windows\System32\Drivers\1394bus.sys [53376]
O58 - SDL:[MD5.53A3664BCA7BBC1C09744455BF2EA136] - 22/08/2007 - 11:01:58 ---A- . (.NXP Semiconductors Germany GmbH - 3xHybrid.) -- C:\Windows\System32\Drivers\3xHybrid.sys [1242976]
O58 - SDL:[MD5.82B296AE1892FE3DBEE00C9CF92F8AC7] - 11/04/2009 - 06:32:46 ---A- . (.Microsoft Corporation - ACPI Driver for NT.) -- C:\Windows\System32\Drivers\acpi.sys [265688]
O58 - SDL:[MD5.2EDC5BBAC6C651ECE337BDE8ED97C9FB] - 02/11/2006 - 09:51:38 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [420968]
O58 - SDL:[MD5.B84088CA3CDCA97DA44A984C6CE1CCAD] - 02/11/2006 - 09:51:32 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\System32\Drivers\adpahci.sys [297576]
O58 - SDL:[MD5.7880C67BCCC27C86FD05AA2AFB5EA469] - 02/11/2006 - 09:50:35 ---A- . (.Adaptec, Inc. - Adaptec LH Ultra160 Driver (x86).) -- C:\Windows\System32\Drivers\adpu160m.sys [98408]
O58 - SDL:[MD5.9AE713F8E30EFC2ABCCD84904333DF4D] - 02/11/2006 - 09:51:00 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\System32\Drivers\adpu320.sys [147048]
O58 - SDL:[MD5.3911B972B55FEA0478476B2E777B29FA] - 21/04/2011 - 13:58:27 ---A- . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\Windows\System32\Drivers\afd.sys [273408]
O58 - SDL:[MD5.EF23439CDD587F64C2C1B8825CEAD7D8] - 02/11/2006 - 09:49:52 ---A- . (.Microsoft Corporation - 440 NT AGP Filter.) -- C:\Windows\System32\Drivers\AGP440.sys [53864]
O58 - SDL:[MD5.496EDA16A127AC9A38BB285BEF17DBB5] - 10/09/2007 - 12:51:14 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\System32\Drivers\aliide.sys [17592]
O58 - SDL:[MD5.2B13E304C9DFDFA5EB582F6A149FA2C7] - 02/11/2006 - 09:49:59 ---A- . (.Microsoft Corporation - AMD NT AGP Filter.) -- C:\Windows\System32\Drivers\AMDAGP.SYS [54888]
O58 - SDL:[MD5.6F65F4147C54398D7280B18CEBBED215] - 10/09/2007 - 12:51:14 ---A- . (.Microsoft Corporation - AMD IDE Driver.) -- C:\Windows\System32\Drivers\amdide.sys [18104]
O58 - SDL:[MD5.DC487885BCEF9F28EECE6FAC0E5DDFC5] - 02/11/2006 - 08:30:18 ---A- . (.Microsoft Corporation - Processor Device Driver.) -- C:\Windows\System32\Drivers\amdk7.sys [38912]
O58 - SDL:[MD5.0CA0071DA4315B00FC1328CA86B425DA] - 02/11/2006 - 08:30:18 ---A- . (.Microsoft Corporation - Processor Device Driver.) -- C:\Windows\System32\Drivers\amdk8.sys [40960]
O58 - SDL:[MD5.5F673180268BB1FDB69C99B6619FE379] - 02/11/2006 - 09:50:09 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\System32\Drivers\arc.sys [67688]
O58 - SDL:[MD5.957F7540B5E7F602E44648C7DE5A1C05] - 02/11/2006 - 09:50:10 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\System32\Drivers\arcsas.sys [67688]
O58 - SDL:[MD5.53B202ABEE6455406254444303E87BE1] - 19/01/2008 - 05:56:29 ---A- . (.Microsoft Corporation - MS Remote Access serial network driver.) -- C:\Windows\System32\Drivers\asyncmac.sys [17408]
O58 - SDL:[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - 11/04/2009 - 06:32:26 ---A- . (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\Windows\System32\Drivers\atapi.sys [19944]
O58 - SDL:[MD5.64B0052340B8EC28FA8A56B708AE71CC] - 11/04/2009 - 06:32:42 ---A- . (.Microsoft Corporation - ATAPI Driver Extension.) -- C:\Windows\System32\Drivers\ataport.sys [109032]
O58 - SDL:[MD5.B4A79941AB02993E43A6C2248CE932FD] - 25/11/2013 - 21:49:18 ---A- . (.AVG Technologies CZ, s.r.o. - AVG File Vault Driver.) -- C:\Windows\System32\Drivers\avgdiskx.sys [120600]
O58 - SDL:[MD5.92CA68E3361576420C43FC33C47DECF7] - 25/11/2013 - 21:56:22 ---A- . (.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Driver..) -- C:\Windows\System32\Drivers\avgidsdriverx.sys [210712]
O58 - SDL:[MD5.4D792ED58F49235704E580C34391CFF5] - 25/11/2013 - 21:56:22 ---A- . (.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Helper Driver..) -- C:\Windows\System32\Drivers\avgidshx.sys [149272]
O58 - SDL:[MD5.18B3FFED808F032E037ED7F54A838053] - 19/01/2014 - 21:46:54 ---A- . (.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Loader Driver..) -- C:\Windows\System32\Drivers\avgidsshimx.sys [22808]
O58 - SDL:[MD5.578ECC3D911897B2C5B760EDAF8ED6CA] - 31/10/2013 - 23:00:28 ---A- . (.AVG Technologies CZ, s.r.o. - AVG AVI Loader Driver.) -- C:\Windows\System32\Drivers\avgldx86.sys [176952]
O58 - SDL:[MD5.BD1A440B9F126AFE52978A44952B0018] - 31/10/2013 - 22:30:08 ---A- . (.AVG Technologies CZ, s.r.o. - AVG Logging Driver.) -- C:\Windows\System32\Drivers\avglogx.sys [222520]
O58 - SDL:[MD5.7DC192EC714342E7C020C7CF42E394D8] - 01/10/2013 - 00:49:38 ---A- . (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Minifilter Driver.) -- C:\Windows\System32\Drivers\avgmfx86.sys [102712]
O58 - SDL:[MD5.E6322DF686CE1C59D7797FAEF0732454] - 10/09/2013 - 00:43:20 ---A- . (.AVG Technologies CZ, s.r.o. - AVG Anti-Rootkit Driver.) -- C:\Windows\System32\Drivers\avgrkx86.sys [27448]
O58 - SDL:[MD5.E98603F9D1F412F38ADF2F76053F9E5A] - 01/08/2013 - 16:08:52 ---A- . (.AVG Technologies CZ, s.r.o. - AVG Network connection watcher.) -- C:\Windows\System32\Drivers\avgtdix.sys [193848]
O58 - SDL:[MD5.87D8E49D1615D419EFCEDDEFE02161CC] - 02/11/2006 - 09:49:47 ---A- . (.Microsoft Corporation - Battery Class Driver.) -- C:\Windows\System32\Drivers\battc.sys [25192]
O58 - SDL:[MD5.9F5F8F2318DFA3974A6F6A5602733929] - 19/01/2008 - 05:53:30 ---A- . (.Microsoft Corporation - Microsoft BDA Driver Support Library.) -- C:\Windows\System32\Drivers\bdasup.sys [12288]
O58 - SDL:[MD5.67E506B75BD5326A3EC7B70BD014DFB6] - 19/01/2008 - 05:49:10 ---A- . (.Microsoft Corporation - BEEP Driver.) -- C:\Windows\System32\Drivers\beep.sys [6144]
O58 - SDL:[MD5.35F376253F687BDE63976CCB3F2108CA] - 22/02/2011 - 13:23:55 ---A- . (.Microsoft Corporation - NT Lan Manager Datagram Receiver Driver.) -- C:\Windows\System32\Drivers\bowser.sys [69632]
O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 02/11/2006 - 08:24:45 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltLo.sys [13568]
O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 02/11/2006 - 08:24:46 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\System32\Drivers\BrFiltUp.sys [5248]
O58 - SDL:[MD5.B1564976D98E91FC764D5DC28A0297DA] - 11/04/2009 - 05:42:55 ---A- . (.Microsoft Corporation - MAC Bridge Driver.) -- C:\Windows\System32\Drivers\bridge.sys [93696]
O58 - SDL:[MD5.B304E75CFF293029EDDF094246747113] - 02/11/2006 - 08:25:24 ---A- . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) -- C:\Windows\System32\Drivers\BrSerId.sys [71808]
O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 02/11/2006 - 08:24:44 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\System32\Drivers\BrSerWdm.sys [62336]
O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 02/11/2006 - 08:24:44 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\System32\Drivers\BrUsbMdm.sys [12160]
O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 02/11/2006 - 08:24:47 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\System32\Drivers\BrUsbSer.sys [11904]
O58 - SDL:[MD5.AD07C1EC6665B8B35741AB91200C6B68] - 02/11/2006 - 08:55:23 ---A- . (.Microsoft Corporation - Bluetooth Communications Driver.) -- C:\Windows\System32\Drivers\bthmodem.sys [39936]
O58 - SDL:[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - 19/01/2008 - 05:28:02 ---A- . (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\Windows\System32\Drivers\cdfs.sys [70144]
O58 - SDL:[MD5.6B4BFFB9BECD728097024276430DB314] - 11/04/2009 - 04:39:17 ---A- . (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\Windows\System32\Drivers\cdrom.sys [67072]
O58 - SDL:[MD5.DA8E0AFC7BAA226C538EF53AC2F90897] - 02/11/2006 - 08:55:08 ---A- . (.Microsoft Corporation - Consumer IR Class Driver for eHome.) -- C:\Windows\System32\Drivers\circlass.sys [35328]
O58 - SDL:[MD5.0767B09C74D935A590B4879D14463B64] - 11/04/2009 - 06:32:43 ---A- . (.Microsoft Corporation - SCSI Class System Dll.) -- C:\Windows\System32\Drivers\Classpnp.sys [125928]
O58 - SDL:[MD5.59172A0724F2AB769F31D61B0571D75B] - 10/09/2007 - 12:51:14 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\cmdide.sys [19128]
O58 - SDL:[MD5.82B8C91D327CFECF76CB58716F7D4997] - 02/11/2006 - 09:49:32 ---A- . (.Microsoft Corporation - Composite Battery Driver.) -- C:\Windows\System32\Drivers\compbatt.sys [18280]
O58 - SDL:[MD5.36975327EF03949CC378AB01E316B574] - 11/04/2009 - 06:32:30 ---A- . (.Microsoft Corporation - Crash Dump Driver.) -- C:\Windows\System32\Drivers\crashdmp.sys [35304]
O58 - SDL:[MD5.2A213AE086BBEC5E937553C7D9A2B22C] - 02/11/2006 - 09:49:43 ---A- . (.Microsoft Corporation - Disk Block Verification Filter Driver.) -- C:\Windows\System32\Drivers\crcdisk.sys [22632]
O58 - SDL:[MD5.22A7F883508176489F559EE745B5BF5D] - 02/11/2006 - 08:30:18 ---A- . (.Microsoft Corporation - Processor Device Driver.) -- C:\Windows\System32\Drivers\crusoe.sys [38912]
O58 - SDL:[MD5.0F538DF1673E5216F3BAACB6911D9D0F] - 28/05/2009 - 09:48:20 ---A- . (.Creative Technology Ltd. - Advanced Audio FX Driver.) -- C:\Windows\System32\Drivers\CtAudDrv.sys [134144]
O58 - SDL:[MD5.A16641C293DA0843A5673E450850F57A] - 31/08/2010 - 10:28:56 ---A- . (.Creative Technology Ltd. - Video Class Upper Filter Driver.) -- C:\Windows\System32\Drivers\CtClsFlt.sys [147040]
O58 - SDL:[MD5.90F8539FA0DE4AAFE4FDBE7F95D6A512] - 01/08/2011 - 14:56:42 ---A- . (.Microsoft Corporation - Filter Driver for Identification of Microsoft Hardware Wireless.) -- C:\Windows\System32\Drivers\dc3d.sys [45288]
O58 - SDL:[MD5.622C41A07CA7E6DD91770F50D532CB6C] - 14/04/2011 - 14:59:03 ---A- . (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\Windows\System32\Drivers\dfsc.sys [75264]
O58 - SDL:[MD5.5D4AEFC3386920236A548271F8F1AF6A] - 11/04/2009 - 06:32:31 ---A- . (.Microsoft Corporation - PnP Disk Driver.) -- C:\Windows\System32\Drivers\disk.sys [53736]
O58 - SDL:[MD5.494075282E23D838F43A4C9FB7143959] - 11/04/2009 - 04:39:11 ---A- . (.Microsoft Corporation - Crash Dump Disk Driver.) -- C:\Windows\System32\Drivers\Diskdump.sys [19456]
O58 - SDL:[MD5.AE1FDF7BF7BB6C6A70F67699D880592A] - 02/11/2006 - 09:50:11 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\System32\Drivers\djsvs.sys [71272]
O58 - SDL:[MD5.4F59C172C094E1A1D46463A8DC061CBD] - 19/01/2008 - 05:49:12 ---A- . (.Microsoft Corporation - IEEE-1284.4-1999 Driver.) -- C:\Windows\System32\Drivers\Dot4.sys [131584]
O58 - SDL:[MD5.80BF3BA09F6F2523C8F6B7CC6DBF7BD5] - 19/01/2008 - 05:49:09 ---A- . (.Microsoft Corporation - IEEE-1284.4 Print Class Driver.) -- C:\Windows\System32\Drivers\Dot4Prt.sys [16384]
O58 - SDL:[MD5.C55004CA6B419B6695970DFE849B122F] - 19/01/2008 - 05:49:10 ---A- . (.Microsoft Corporation - DOT4USB filter driver.) -- C:\Windows\System32\Drivers\Dot4usb.sys [36864]
O58 - SDL:[MD5.2A63675F6FA8EF0FF9F5C72695584CAA] - 30/10/2013 - 01:43:04 ---A- . (.Microsoft Corporation - Microsoft Kernel DRM Descrambler Filter.) -- C:\Windows\System32\Drivers\drmk.sys [130048]
O58 - SDL:[MD5.97FEF831AB90BEE128C9AF390E243F80] - 19/01/2008 - 05:53:16 ---A- . (.Microsoft Corporation - Microsoft Kernel DRM Audio Descrambler Filter.) -- C:\Windows\System32\Drivers\drmkaud.sys [5632]
O58 - SDL:[MD5.C67EBF9C05531C406E1E079FF669A2E6] - 11/04/2009 - 06:32:29 ---A- . (.Microsoft Corporation - ATAPI Dump Driver.) -- C:\Windows\System32\Drivers\Dumpata.sys [27624]
O58 - SDL:[MD5.EAAAFEF04FBB45665C9576E525D45A12] - 19/01/2008 - 05:36:12 ---A- . (.Microsoft Corporation - DirectX API Driver.) -- C:\Windows\System32\Drivers\dxapi.sys [13312]
O58 - SDL:[MD5.C8D5369BFE193B5FB53337DCE77CE314] - 11/04/2009 - 04:23:23 ---A- . (.Microsoft Corporation - DirectX Graphics Driver.) -- C:\Windows\System32\Drivers\dxg.sys [76288]
O58 - SDL:[MD5.988670D8343EF9835FB3659DB71B2EFA] - 01/08/2013 - 03:16:32 ---A- . (.Microsoft Corporation - DirectX Graphics Kernel.) -- C:\Windows\System32\Drivers\dxgkrnl.sys [638400]
O58 - SDL:[MD5.F88FB26547FD2CE6D0A5AF2985892C48] - 02/11/2006 - 07:30:54 ---A- . (.Intel Corporation - Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver.) -- C:\Windows\System32\Drivers\E1G60I32.sys [117760]
O58 - SDL:[MD5.7F64EA048DCFAC7ACF8B4D7B4E6FE371] - 11/04/2009 - 06:32:43 ---A- . (.Microsoft Corporation - Special Memory Device Cache.) -- C:\Windows\System32\Drivers\ecache.sys [141288]
O58 - SDL:[MD5.E8F3F21A71720C84BCF423B80028359F] - 02/11/2006 - 09:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [316520]
O58 - SDL:[MD5.22B408651F9123527BCEE54B4F6C5CAE] - 11/04/2009 - 04:13:53 ---A- . (.Microsoft Corporation - Microsoft Extended FAT File System.) -- C:\Windows\System32\Drivers\exfat.sys [136704]
O58 - SDL:[MD5.1E9B9A70D332103C52995E957DC09EF8] - 11/04/2009 - 04:13:52 ---A- . (.Microsoft Corporation - Fast FAT File System Driver.) -- C:\Windows\System32\Drivers\fastfat.sys [142848]
O58 - SDL:[MD5.63BDADA84951B9C03E641800E176898A] - 02/11/2006 - 08:51:33 ---A- . (.Microsoft Corporation - Floppy Disk Controller Driver.) -- C:\Windows\System32\Drivers\fdc.sys [25088]
O58 - SDL:[MD5.A8C0139A884861E3AAE9CFE73B208A9F] - 19/01/2008 - 07:42:31 ---A- . (.Microsoft Corporation - FileInfo Filter Driver.) -- C:\Windows\System32\Drivers\fileinfo.sys [58936]
O58 - SDL:[MD5.0AE429A696AECBC5970E3CF2C62635AE] - 19/01/2008 - 05:30:23 ---A- . (.Microsoft Corporation - File Trace Filter Driver.) -- C:\Windows\System32\Drivers\filetrace.sys [27648]
O58 - SDL:[MD5.6603957EFF5EC62D25075EA8AC27DE68] - 02/11/2006 - 08:51:32 ---A- . (.Microsoft Corporation - Floppy Driver.) -- C:\Windows\System32\Drivers\flpydisk.sys [20480]
O58 - SDL:[MD5.01334F9EA68E6877C4EF05D3EA8ABB05] - 11/04/2009 - 06:32:46 ---A- . (.Microsoft Corporation - Microsoft Filesystem Filter Manager.) -- C:\Windows\System32\Drivers\fltMgr.sys [190424]
O58 - SDL:[MD5.B972A66758577E0BFD1DE0F91AAA27B5] - 29/02/2012 - 13:32:37 ---A- . (.Microsoft Corporation - File System Recognizer Driver.) -- C:\Windows\System32\Drivers\fs_rec.sys [12800]
O58 - SDL:[MD5.73594DBC99E22958150192EE99BC48CE] - 11/04/2009 - 06:32:43 ---A- . (.Microsoft Corporation - FWP/IPsec Kernel-Mode API.) -- C:\Windows\System32\Drivers\FWPKCLNT.SYS [99816]
O58 - SDL:[MD5.4E1CD0A45C50A8882616CAE5BF82F3C5] - 02/11/2006 - 09:50:04 ---A- . (.Microsoft Corporation - MS Generic AGPv3.0 Filter for K8/9 Processor Platforms.) -- C:\Windows\System32\Drivers\GAGP30KX.SYS [58984]
O58 - SDL:[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - 11/04/2009 - 04:42:42 ---A- . (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\Windows\System32\Drivers\hdaudbus.sys [561152]
O58 - SDL:[MD5.CB04C744BE0A61B1D648FAED182C3B59] - 02/11/2006 - 07:36:49 ---A- . (.Microsoft Corporation - High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\HdAudio.sys [235520]
O58 - SDL:[MD5.1338520E78D90154ED6BE8F84DE5FCEB] - 02/11/2006 - 08:55:22 ---A- . (.Microsoft Corporation - Bluetooth Miniport Driver for HID Devices.) -- C:\Windows\System32\Drivers\hidbth.sys [29184]
O58 - SDL:[MD5.5961CADB7CAD938368D2028725EF771D] - 11/04/2009 - 04:42:48 ---A- . (.Microsoft Corporation - Hid Class Library.) -- C:\Windows\System32\Drivers\hidclass.sys [39424]
O58 - SDL:[MD5.FF3160C3A2445128C5A6D9B076DA519E] - 02/11/2006 - 08:55:01 ---A- . (.Microsoft Corporation - Infrared Miniport Driver for Input Devices.) -- C:\Windows\System32\Drivers\hidir.sys [21504]
O58 - SDL:[MD5.BE4AD4045D7A6C6AF4ECCBD5F6B7F8D8] - 03/07/2013 - 02:10:50 ---A- . (.Microsoft Corporation - Hid Parsing Library.) -- C:\Windows\System32\Drivers\hidparse.sys [25472]
O58 - SDL:[MD5.CCA4B519B17E23A00B826C55716809CC] - 11/04/2009 - 04:42:48 ---A- . (.Microsoft Corporation - USB Miniport Driver for Input Devices.) -- C:\Windows\System32\Drivers\hidusb.sys [12800]
O58 - SDL:[MD5.DF353B401001246853763C4B7AAA6F50] - 02/11/2006 - 09:50:10 ---A- . (.Hewlett-Packard Company - Smart Array Storport Driver.) -- C:\Windows\System32\Drivers\HpCISSs.sys [37480]
O58 - SDL:[MD5.F870AA3E254628EBEAFE754108D664DE] - 17/05/2011 - 12:03:30 ---A- . (.Microsoft Corporation - HTTP Protocol Stack.) -- C:\Windows\System32\Drivers\http.sys [411648]
O58 - SDL:[MD5.8420BF9AD8AE0B4A96F30BD7C8FB9ADF] - 02/11/2006 - 09:49:25 ---A- . (.Microsoft Corporation - I2O Utility Filter.) -- C:\Windows\System32\Drivers\i2omgmt.sys [16488]
O58 - SDL:[MD5.324C2152FF2C61ABAE92D09F3CCA4D63] - 02/11/2006 - 09:49:49 ---A- . (.Microsoft Corporation - I2O Miniport Driver.) -- C:\Windows\System32\Drivers\i2omp.sys [27752]
O58 - SDL:[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - 19/01/2008 - 05:49:18 ---A- . (.Microsoft Corporation - i8042 Port Driver.) -- C:\Windows\System32\Drivers\i8042prt.sys [54784]
O58 - SDL:[MD5.C957BF4B5D80B46C5017BF0101E6C906] - 02/11/2006 - 09:51:25 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver (base).) -- C:\Windows\System32\Drivers\iaStorV.sys [232040]
O58 - SDL:[MD5.2D077BF86E843F901D8DB709C95B49A5] - 02/11/2006 - 09:50:17 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\System32\Drivers\iirsp.sys [41576]
O58 - SDL:[MD5.E5EA1C17DA5065032E346591FF64F3AF] - 10/09/2007 - 12:51:13 ---A- . (.Microsoft Corporation - Intel PCI IDE Driver.) -- C:\Windows\System32\Drivers\intelide.sys [17592]
O58 - SDL:[MD5.224191001E78C89DFA78924C3EA595FF] - 19/01/2008 - 05:27:21 ---A- . (.Microsoft Corporation - Processor Device Driver.) -- C:\Windows\System32\Drivers\intelppm.sys [41472]
O58 - SDL:[MD5.62C265C38769B864CB25B4BCF62DF6C3] - 19/01/2008 - 05:56:23 ---A- . (.Microsoft Corporation - IP FILTER DRIVER.) -- C:\Windows\System32\Drivers\ipfltdrv.sys [47616]

Report •

#78
March 5, 2014 at 06:37:02

Johnw
8thPart
.Microsoft Corporation - WMI IPMI DRIVER.) -- C:\Windows\System32\Drivers\IPMIDrv.sys [65536]
O58 - SDL:[MD5.8793643A67B42CEC66490B2A0CF92D68] - 19/01/2008 - 05:56:28 ---A- . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys [100864]
O58 - SDL:[MD5.E50A95179211B12946F7E035D60AF560] - 19/01/2008 - 05:55:26 ---A- . (.Microsoft Corporation - IRDA Protocol Driver.) -- C:\Windows\System32\Drivers\irda.sys [95744]
O58 - SDL:[MD5.109C0DFB82C3632FBD11949B73AEEAC9] - 19/01/2008 - 05:55:19 ---A- . (.Microsoft Corporation - Infra-Red Bus Enumerator.) -- C:\Windows\System32\Drivers\irenum.sys [13312]
O58 - SDL:[MD5.350FCA7E73CF65BCEF43FAE1E4E91293] - 02/11/2006 - 09:50:24 ---A- . (.Microsoft Corporation - PNP ISA Bus Driver.) -- C:\Windows\System32\Drivers\isapnp.sys [47208]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 02/11/2006 - 09:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 02/11/2006 - 09:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys [35944]
O58 - SDL:[MD5.37605E0A8CF00CBBA538E753E4344C6E] - 19/01/2008 - 07:41:52 ---A- . (.Microsoft Corporation - Keyboard Class Driver.) -- C:\Windows\System32\Drivers\kbdclass.sys [35384]
O58 - SDL:[MD5.EDE59EC70E25C24581ADD1FBEC7325F7] - 11/04/2009 - 04:38:40 ---A- . (.Microsoft Corporation - HID Keyboard Filter Driver.) -- C:\Windows\System32\Drivers\kbdhid.sys [17408]
O58 - SDL:[MD5.EF73C1E29FBE7B0FD0274BF4394E346A] - 11/04/2009 - 04:38:49 ---A- . (.Microsoft Corporation - Kernel CSA Library.) -- C:\Windows\System32\Drivers\ks.sys [149504]
O58 - SDL:[MD5.4A1445EFA932A3BAF5BDB02D7131EE20] - 04/06/2012 - 15:26:04 ---A- . (.Microsoft Corporation - Kernel Security Support Provider Interface.) -- C:\Windows\System32\Drivers\ksecdd.sys [440704]
O58 - SDL:[MD5.D1C5883087A0C3F1344D9D55A44901F6] - 19/01/2008 - 05:55:03 ---A- . (.Microsoft Corporation - Link-Layer Topology Mapper I/O Driver.) -- C:\Windows\System32\Drivers\lltdio.sys [47104]
O58 - SDL:[MD5.A2262FB9F28935E862B4DB46438C80D2] - 02/11/2006 - 09:50:04 ---A- . (.LSI Logic - LSI Logic Fusion-MPT FC Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_fc.sys [65640]
O58 - SDL:[MD5.30D73327D390F72A62F32C103DAF1D6D] - 02/11/2006 - 09:50:05 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_sas.sys [65640]
O58 - SDL:[MD5.E1E36FEFD45849A95F1AB81DE0159FE3] - 02/11/2006 - 09:50:10 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\System32\Drivers\lsi_scsi.sys [65640]
O58 - SDL:[MD5.8F5C7426567798E62A3B3614965D62CC] - 19/01/2008 - 05:30:36 ---A- . (.Microsoft Corporation - LUA File Virtualization Filter Driver.) -- C:\Windows\System32\Drivers\luafv.sys [84480]
O58 - SDL:[MD5.4470E3C1E0C3378E4CAB137893C12C3A] - 04/04/2013 - 14:50:32 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Windows\System32\Drivers\mbam.sys [22856]
O58 - SDL:[MD5.B271EC02E71271A2DA28B3B7BC4E4F15] - 19/01/2008 - 05:49:59 ---A- . (.Microsoft Corporation - Medium changer class driver.) -- C:\Windows\System32\Drivers\mcd.sys [18944]
O58 - SDL:[MD5.D153B14FC6598EAE8422A2037553ADCE] - 02/11/2006 - 09:49:53 ---A- . (.LSI Logic Corporation - MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x.) -- C:\Windows\System32\Drivers\megasas.sys [28776]
O58 - SDL:[MD5.E13B5EA0F51BA5B1512EC671393D09BA] - 19/01/2008 - 05:57:16 ---A- . (.Microsoft Corporation - Modem Device Driver.) -- C:\Windows\System32\Drivers\modem.sys [31744]
O58 - SDL:[MD5.0A9BB33B56E294F686ABB7C1E4E2D8A8] - 19/01/2008 - 05:52:19 ---A- . (.Microsoft Corporation - Monitor Driver.) -- C:\Windows\System32\Drivers\monitor.sys [41984]
O58 - SDL:[MD5.5BF6A1326A335C5298477754A506D263] - 19/01/2008 - 07:41:52 ---A- . (.Microsoft Corporation - Mouse Class Driver.) -- C:\Windows\System32\Drivers\mouclass.sys [34360]
O58 - SDL:[MD5.93B8D4869E12CFBE663915502900876F] - 19/01/2008 - 05:49:16 ---A- . (.Microsoft Corporation - HID Mouse Filter Driver.) -- C:\Windows\System32\Drivers\mouhid.sys [15872]
O58 - SDL:[MD5.BDAFC88AA6B92F7842416EA6A48E1600] - 19/01/2008 - 07:42:28 ---A- . (.Microsoft Corporation - Mount Point Manager.) -- C:\Windows\System32\Drivers\mountmgr.sys [57400]
O58 - SDL:[MD5.583A41F26278D9E0EA548163D6139397] - 02/11/2006 - 09:50:16 ---A- . (.Microsoft Corporation - MultiPath Support Bus-Driver.) -- C:\Windows\System32\Drivers\mpio.sys [78952]
O58 - SDL:[MD5.22241FEBA9B2DEFA669C8CB0A8DD7D2E] - 19/01/2008 - 05:54:46 ---A- . (.Microsoft Corporation - Microsoft Protection Service Driver.) -- C:\Windows\System32\Drivers\mpsdrv.sys [64000]
O58 - SDL:[MD5.4FBBB70D30FD20EC51F80061703B001E] - 02/11/2006 - 09:49:59 ---A- . (.LSI Logic Corporation - MegaRAID RAID Controller Driver for Windows Vista/Longhorn for.) -- C:\Windows\System32\Drivers\Mraid35x.sys [33384]
O58 - SDL:[MD5.82CEA0395524AACFEB58BA1448E8325C] - 11/04/2009 - 04:14:40 ---A- . (.Microsoft Corporation - Windows NT WebDav Minirdr.) -- C:\Windows\System32\Drivers\mrxdav.sys [114688]
O58 - SDL:[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - 29/04/2011 - 13:24:40 ---A- . (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\Windows\System32\Drivers\mrxsmb.sys [106496]
O58 - SDL:[MD5.4FCCB34D793B116423209C0F8B7A3B03] - 06/07/2011 - 15:31:47 ---A- . (.Microsoft Corporation - Longhorn SMB Downlevel SubRdr.) -- C:\Windows\System32\Drivers\mrxsmb10.sys [214016]
O58 - SDL:[MD5.C3CB1B40AD4A0124D617A1199B0B9D7C] - 29/04/2011 - 13:24:42 ---A- . (.Microsoft Corporation - Longhorn SMB 2.0 Redirector.) -- C:\Windows\System32\Drivers\mrxsmb20.sys [79872]
O58 - SDL:[MD5.86068B8B54A5EB092F51657F00B2222A] - 10/09/2007 - 12:51:13 ---A- . (.Microsoft Corporation - MS AHCI 1.0 Standard Driver.) -- C:\Windows\System32\Drivers\msahci.sys [25784]
O58 - SDL:[MD5.3FC82A2AE4CC149165A94699183D3028] - 02/11/2006 - 09:50:17 ---A- . (.Microsoft Corporation - Microsoft Device Specific Module.) -- C:\Windows\System32\Drivers\msdsm.sys [80488]
O58 - SDL:[MD5.A9927F4A46B816C92F461ACB90CF8515] - 19/01/2008 - 05:28:09 ---A- . (.Microsoft Corporation - Mailslot driver.) -- C:\Windows\System32\Drivers\msfs.sys [22528]
O58 - SDL:[MD5.0F400E306F385C56317357D6DEA56F62] - 19/01/2008 - 07:41:14 ---A- . (.Microsoft Corporation - ISA Driver.) -- C:\Windows\System32\Drivers\msisadrv.sys [16440]
O58 - SDL:[MD5.232FA340531D940AAC623B121A595034] - 11/04/2009 - 06:32:46 ---A- . (.Microsoft Corporation - Microsoft iSCSI Initiator Driver.) -- C:\Windows\System32\Drivers\msiscsi.sys [180712]
O58 - SDL:[MD5.D8C63D34D9C9E56C059E24EC7185CC07] - 19/01/2008 - 05:49:20 ---A- . (.Microsoft Corporation - MS KS Server.) -- C:\Windows\System32\Drivers\mskssrv.sys [8192]
O58 - SDL:[MD5.1D373C90D62DDB641D50E55B9E78D65E] - 19/01/2008 - 05:49:18 ---A- . (.Microsoft Corporation - MS Proxy Clock.) -- C:\Windows\System32\Drivers\mspclock.sys [5888]
O58 - SDL:[MD5.B572DA05BF4E098D4BBA3A4734FB505B] - 19/01/2008 - 05:49:18 ---A- . (.Microsoft Corporation - MS Proxy Quality Manager.) -- C:\Windows\System32\Drivers\mspqm.sys [5504]
O58 - SDL:[MD5.B49456D70555DE905C311BCDA6EC6ADB] - 11/04/2009 - 06:32:46 ---A- . (.Microsoft Corporation - Kernel Remote Procedure Call Provider.) -- C:\Windows\System32\Drivers\msrpc.sys [161752]
O58 - SDL:[MD5.E384487CB84BE41D09711C30CA79646C] - 19/01/2008 - 07:41:49 ---A- . (.Microsoft Corporation - System Management BIOS Driver.) -- C:\Windows\System32\Drivers\mssmbios.sys [31288]
O58 - SDL:[MD5.7199C1EEC1E4993CAF96B8C0A26BD58A] - 19/01/2008 - 05:49:19 ---A- . (.Microsoft Corporation - WDM Tee/Communication Transform Filter.) -- C:\Windows\System32\Drivers\mstee.sys [6016]
O58 - SDL:[MD5.6A57B5733D4CB702C8EA4542E836B96C] - 11/04/2009 - 06:32:31 ---A- . (.Microsoft Corporation - Multiple UNC Provider driver.) -- C:\Windows\System32\Drivers\mup.sys [48104]
O58 - SDL:[MD5.1357274D1883F68300AEADD15D7BBB42] - 11/04/2009 - 06:32:49 ---A- . (.Microsoft Corporation - NDIS 6.0 wrapper driver.) -- C:\Windows\System32\Drivers\ndis.sys [527848]
O58 - SDL:[MD5.0E186E90404980569FB449BA7519AE61] - 19/01/2008 - 05:56:24 ---A- . (.Microsoft Corporation - NDIS 3.0 connection wrapper driver.) -- C:\Windows\System32\Drivers\ndistapi.sys [20992]
O58 - SDL:[MD5.D6973AA34C4D5D76C0430B181C3CD389] - 19/01/2008 - 05:55:40 ---A- . (.Microsoft Corporation - NDIS User mode I/O driver.) -- C:\Windows\System32\Drivers\ndisuio.sys [16896]
O58 - SDL:[MD5.818F648618AE34F729FDB47EC68345C3] - 11/04/2009 - 04:46:32 ---A- . (.Microsoft Corporation - MS PPP Framing Driver (Strong Encryption).) -- C:\Windows\System32\Drivers\ndiswan.sys [121344]
O58 - SDL:[MD5.71DAB552B41936358F3B541AE5997FB3] - 19/01/2008 - 05:56:28 ---A- . (.Microsoft Corporation - NDIS Proxy.) -- C:\Windows\System32\Drivers\ndproxy.sys [49664]
O58 - SDL:[MD5.BCD093A5A6777CF626434568DC7DBA78] - 19/01/2008 - 05:55:45 ---A- . (.Microsoft Corporation - NetBIOS interface driver.) -- C:\Windows\System32\Drivers\netbios.sys [35840]
O58 - SDL:[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - 11/04/2009 - 04:45:37 ---A- . (.Microsoft Corporation - MBT Transport driver.) -- C:\Windows\System32\Drivers\netbt.sys [185856]
O58 - SDL:[MD5.3546C0B6F2D808D4E6294A9D6B25151B] - 05/04/2010 - 20:00:40 ---A- . (.Microsoft Corporation - Network I/O Subsystem.) -- C:\Windows\System32\Drivers\netio.sys [221568]
O58 - SDL:[MD5.884CC5F9E55760A966FF49E4755FE0AF] - 25/04/2011 - 09:41:56 ---A- . (.Ralink Technology Corp. - Ralink 802.11n Wireless Adapter Driver.) -- C:\Windows\System32\Drivers\netr28u.sys [1128512]
O58 - SDL:[MD5.2E7FB731D4790A1BC6270ACCEFACB36E] - 02/11/2006 - 09:50:19 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\System32\Drivers\nfrd960.sys [45160]
O58 - SDL:[MD5.D36F239D7CCE1931598E8FB90A0DBC26] - 11/04/2009 - 04:14:01 ---A- . (.Microsoft Corporation - NPFS Driver.) -- C:\Windows\System32\Drivers\npfs.sys [35328]
O58 - SDL:[MD5.609773E344A97410CE4EBF74A8914FCF] - 19/01/2008 - 05:55:50 ---A- . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys [16384]
O58 - SDL:[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - 03/03/2013 - 19:07:52 ---A- . (.Microsoft Corporation - NT File System Driver.) -- C:\Windows\System32\Drivers\ntfs.sys [1082232]
O58 - SDL:[MD5.E875C093AEC0C978A90F30C9E0DFBB72] - 02/11/2006 - 07:36:50 ---A- . (.N-trig Innovative Technologies - N-trig tablet digitizer in-box driver.) -- C:\Windows\System32\Drivers\ntrigdigi.sys [20608]
O58 - SDL:[MD5.C5DBBCDA07D780BDA9B685DF333BB41E] - 19/01/2008 - 05:49:12 ---A- . (.Microsoft Corporation - NULL Driver.) -- C:\Windows\System32\Drivers\null.sys [4608]
O58 - SDL:[MD5.B69E6F70CE1151C8D62ABC9DEF64DFBE] - 25/02/2013 - 23:22:06 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 311.06.) -- C:\Windows\System32\Drivers\nvlddmkm.sys [8939296]
O58 - SDL:[MD5.84427C3B7488BD05D89D86163401B3EC] - 04/03/2010 - 17:26:58 ---A- . (.NVIDIA Corporation - NVIDIA MCP Networking Function Driver..) -- C:\Windows\System32\Drivers\nvmfdx32.sys [291560]
O58 - SDL:[MD5.E69E946F80C1C31C53003BFBF50CBB7C] - 02/11/2006 - 09:50:24 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\System32\Drivers\nvraid.sys [88680]
O58 - SDL:[MD5.02A9F366BCB94B286E34825B2094CB38] - 22/03/2010 - 17:29:08 ---A- . (.NVIDIA Corporation - NVIDIA nForce(TM) SMU Microcontroller Driver.) -- C:\Windows\System32\Drivers\nvsmu.sys [18944]
O58 - SDL:[MD5.9E0BA19A28C498A6D323D065DB76DFFC] - 02/11/2006 - 09:50:13 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\Drivers\nvstor.sys [40040]
O58 - SDL:[MD5.97778C3CB3AF6B2243648D0DCD4D8916] - 09/04/2010 - 01:32:36 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\System32\Drivers\nvstor32.sys [215656]
O58 - SDL:[MD5.07C186427EB8FCC3D8D7927187F260F7] - 02/11/2006 - 09:50:40 ---A- . (.Microsoft Corporation - NForce NT AGP Filter.) -- C:\Windows\System32\Drivers\NV_AGP.SYS [106600]
O58 - SDL:[MD5.85C44FDFF9CF7E72A40DCB7EC06A4416] - 11/04/2009 - 04:43:28 ---A- . (.Microsoft Corporation - NativeWiFi Miniport Driver.) -- C:\Windows\System32\Drivers\nwifi.sys [148480]
O58 - SDL:[MD5.6F310E890D46E246E0E261A63D9B36B4] - 11/04/2009 - 04:43:04 ---A- . (.Microsoft Corporation - 1394 OpenHCI Port Driver.) -- C:\Windows\System32\Drivers\ohci1394.sys [62208]
O58 - SDL:[MD5.99514FAA8DF93D34B5589187DB3AA0BA] - 11/04/2009 - 04:45:51 ---A- . (.Microsoft Corporation - QoS Packet Scheduler.) -- C:\Windows\System32\Drivers\pacer.sys [72192]
O58 - SDL:[MD5.0FA9B5055484649D63C303FE404E5F4D] - 02/11/2006 - 08:51:30 ---A- . (.Microsoft Corporation - Parallel Port Driver.) -- C:\Windows\System32\Drivers\parport.sys [79360]
O58 - SDL:[MD5.B9C2B89F08670E159F7181891E449CD9] - 20/03/2012 - 23:28:50 ---A- . (.Microsoft Corporation - Partition Management Driver.) -- C:\Windows\System32\Drivers\partmgr.sys [53120]
O58 - SDL:[MD5.4F9A6A8A31413180D0FCB279AD5D8112] - 02/11/2006 - 08:51:23 ---A- . (.Microsoft Corporation - VDM Parallel Driver.) -- C:\Windows\System32\Drivers\parvdm.sys [8704]
O58 - SDL:[MD5.941DC1D19E7E8620F40BBC206981EFDB] - 11/04/2009 - 06:32:55 ---A- . (.Microsoft Corporation - NT Plug and Play PCI Enumerator.) -- C:\Windows\System32\Drivers\pci.sys [149480]
O58 - SDL:[MD5.1636D43F10416AEB483BC6001097B26C] - 11/04/2009 - 06:32:49 ---A- . (.Microsoft Corporation - Generic PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\pciide.sys [14312]
O58 - SDL:[MD5.6429D10C5D149AC9EB2D95052A390CFF] - 11/04/2009 - 06:32:52 ---A- . (.Microsoft Corporation - PCI IDE Bus Driver Extension.) -- C:\Windows\System32\Drivers\pciidex.sys [43496]
O58 - SDL:[MD5.E6F3FB1B86AA519E7698AD05E58B04E5] - 02/11/2006 - 09:51:12 ---A- . (.Microsoft Corporation - PCMCIA Bus Driver.) -- C:\Windows\System32\Drivers\pcmcia.sys [167528]
O58 - SDL:[MD5.6349F6ED9C623B44B52EA3C63C831A92] - 02/11/2006 - 09:04:35 ---A- . (.Microsoft Corporation - Protected Environment Authentication and Authorization Export D.) -- C:\Windows\System32\Drivers\PEAuth.sys [878080]
O58 - SDL:[MD5.5B6F99087CC1342B3D193E8155F26B6F] - 10/06/2008 - 20:04:26 ---A- . (.Microsoft Corporation - Point32k.sys.) -- C:\Windows\System32\Drivers\point32k.sys [33352]
O58 - SDL:[MD5.6DBA75306DD9B242B6F1C343179AD201] - 30/10/2013 - 00:43:06 ---A- . (.Microsoft Corporation - Port Class (Class Driver for Port/Miniport Devices).) -- C:\Windows\System32\Drivers\portcls.sys [167936]
O58 - SDL:[MD5.0E3CEF5D28B40CF273281D620C50700A] - 02/11/2006 - 08:30:18 ---A- . (.Microsoft Corporation - Processor Device Driver.) -- C:\Windows\System32\Drivers\processr.sys [38400]
O58 - SDL:[MD5.CCDAC889326317792480C0A67156A1EC] - 02/11/2006 - 09:51:45 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\System32\Drivers\ql2300.sys [900712]
O58 - SDL:[MD5.81A7E5C076E59995D54BC1ED3A16E60B] - 02/11/2006 - 09:50:35 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\System32\Drivers\ql40xx.sys [106088]
O58 - SDL:[MD5.9F5E0E1926014D17486901C88ECA2DB7] - 19/01/2008 - 05:56:07 ---A- . (.Microsoft Corporation - Microsoft Quality Windows Audio Video Experience (qWave) Suppor.) -- C:\Windows\System32\Drivers\qwavedrv.sys [31232]
O58 - SDL:[MD5.6EC78526257416A486EEC99B1FD89CFC] - 10/02/2014 - 11:35:40 ---A- . (.Trusteer Ltd. - RapportKE.) -- C:\Windows\System32\Drivers\RapportKELL.sys [107256]
O58 - SDL:[MD5.147D7F9C556D259924351FEB0DE606C3] - 19/01/2008 - 05:56:31 ---A- . (.Microsoft Corporation - RAS Automatic Connection Driver.) -- C:\Windows\System32\Drivers\rasacd.sys [11776]
O58 - SDL:[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - 19/01/2008 - 05:56:34 ---A- . (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\Windows\System32\Drivers\rasl2tp.sys [76288]
O58 - SDL:[MD5.509A98DD18AF4375E1FC40BC175F1DEF] - 11/04/2009 - 04:46:30 ---A- . (.Microsoft Corporation - RAS PPPoE mini-port/call-manager driver.) -- C:\Windows\System32\Drivers\raspppoe.sys [41472]
O58 - SDL:[MD5.ECFFFAEC0C1ECD8DBC77F39070EA1DB1] - 19/01/2008 - 05:56:34 ---A- . (.Microsoft Corporation - Peer-to-Peer Tunneling Protocol.) -- C:\Windows\System32\Drivers\raspptp.sys [62976]
O58 - SDL:[MD5.2005F4A1E05FA09389AC85840F0A9E4D] - 11/04/2009 - 04:46:40 ---A- . (.Microsoft Corporation - RAS SSTP Miniport Call Manager.) -- C:\Windows\System32\Drivers\rassstp.sys [69120]
O58 - SDL:[MD5.B14C9D5B9ADD2F84F70570BBBFAA7935] - 11/04/2009 - 04:14:29 ---A- . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) -- C:\Windows\System32\Drivers\rdbss.sys [225280]
O58 - SDL:[MD5.89E59BE9A564262A3FB6C4F4F1CD9899] - 19/01/2008 - 06:01:08 ---A- . (.Microsoft Corporation - RDP Miniport.) -- C:\Windows\System32\Drivers\RDPCDD.sys [6144]
O58 - SDL:[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - 02/11/2006 - 09:03:00 ---A- . (.Microsoft Corporation - Microsoft RDP Device redirector.) -- C:\Windows\System32\Drivers\rdpdr.sys [242688]
O58 - SDL:[MD5.9D91FE5286F748862ECFFA05F8A0710C] - 19/01/2008 - 06:01:09 ---A- . (.Microsoft Corporation - RDP Miniport.) -- C:\Windows\System32\Drivers\RDPENCDD.sys [6144]

Report •

#79
March 5, 2014 at 06:40:02

Johnw
9th Part
O58 - SDL:[MD5.C127EBD5AFAB31524662C48DFCEB773A] - 01/05/2012 - 14:03:49 ---A- . (.Microsoft Corporation - RDP Terminal Stack Driver.) -- C:\Windows\System32\Drivers\rdpwd.sys [180736]
O58 - SDL:[MD5.3A5633AD615E2B15291BD0B1B97CCD8A] - 20/07/2011 - 14:13:16 ---A- . (.Research in Motion Ltd - RIM Virtual Serial Driver.) -- C:\Windows\System32\Drivers\RimSerial.sys [35328]
O58 - SDL:[MD5.4F4A4C09CC5BE58A76CAC1C337E004E6] - 25/07/2011 - 16:53:48 ---A- . (.Research In Motion Limited - BlackBerry Device Driver.) -- C:\Windows\System32\Drivers\RimUsb.sys [64512]
O58 - SDL:[MD5.EEC7EE5675294B03E88AA868540007C1] - 11/04/2009 - 04:45:24 ---A- . (.Microsoft Corporation - Reliable Multicast Transport.) -- C:\Windows\System32\Drivers\rmcast.sys [113664]
O58 - SDL:[MD5.D9225D107E40D0FA5C5069446759C8E9] - 11/04/2009 - 04:46:07 ---A- . (.Microsoft Corporation - Remote NDIS Miniport.) -- C:\Windows\System32\Drivers\RNDISMP.sys [33280]
O58 - SDL:[MD5.75E8A6BFA7374ABA833AE92BF41AE4E6] - 19/01/2008 - 05:57:15 ---A- . (.Microsoft Corporation - Legacy Non-Pnp Modem Device Driver.) -- C:\Windows\System32\Drivers\rootmdm.sys [8192]
O58 - SDL:[MD5.9C508F4074A39E8B4B31D27198146FAD] - 19/01/2008 - 05:55:03 ---A- . (.Microsoft Corporation - Link-Layer Topology Responder Driver for NDIS 6.) -- C:\Windows\System32\Drivers\rspndr.sys [60416]
O58 - SDL:[MD5.EEE7AF1955C638EEB7BC8D9EBABBA54F] - 31/01/2012 - 18:14:04 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\RTKVHDA.sys [3939240]
O58 - SDL:[MD5.3CE8F073A557E172B330109436984E30] - 02/11/2006 - 09:50:16 ---A- . (.Microsoft Corporation - SBP-2 Protocol Driver.) -- C:\Windows\System32\Drivers\sbp2port.sys [76392]
O58 - SDL:[MD5.6F5CA34AE885645ACF8A20D564DB976C] - 19/01/2008 - 07:42:10 ---A- . (.Microsoft Corporation - SCSI Port Driver.) -- C:\Windows\System32\Drivers\scsiport.sys [142904]
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 02/11/2006 - 06:37:21 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\System32\Drivers\secdrv.sys [20480]
O58 - SDL:[MD5.CE9EC966638EF0B10B864DDEDF62A099] - 19/01/2008 - 05:49:29 ---A- . (.Microsoft Corporation - Serial Port Enumerator.) -- C:\Windows\System32\Drivers\serenum.sys [17920]
O58 - SDL:[MD5.6D663022DB3E7058907784AE14B69898] - 19/01/2008 - 05:49:35 ---A- . (.Microsoft Corporation - Serial Device Driver.) -- C:\Windows\System32\Drivers\serial.sys [83456]
O58 - SDL:[MD5.8AF3D28A879BF75DB53A0EE7A4289624] - 19/01/2008 - 05:49:16 ---A- . (.Microsoft Corporation - Serial Mouse Filter Driver.) -- C:\Windows\System32\Drivers\sermouse.sys [19968]
O58 - SDL:[MD5.51CF56AA8BCC241F134B420B8F850406] - 15/11/2007 - 03:07:12 ---A- . (.Microsoft Corporation - Small Form Factor Disk Driver.) -- C:\Windows\System32\Drivers\sffdisk.sys [13312]
O58 - SDL:[MD5.96DED8B20C734AC41641CE275250E55D] - 15/11/2007 - 03:07:12 ---A- . (.Microsoft Corporation - Small Form Factor MMC Protocol Driver.) -- C:\Windows\System32\Drivers\sffp_mmc.sys [12800]
O58 - SDL:[MD5.8B08CAB1267B2C377883FC9E56981F90] - 15/11/2007 - 03:07:13 ---A- . (.Microsoft Corporation - Small Form Factor SD Protocol Driver.) -- C:\Windows\System32\Drivers\sffp_sd.sys [12800]
O58 - SDL:[MD5.46ED8E91793B2E6F848015445A0AC188] - 02/11/2006 - 08:51:40 ---A- . (.Microsoft Corporation - SCSI Floppy Driver.) -- C:\Windows\System32\Drivers\sfloppy.sys [13312]
O58 - SDL:[MD5.D2A595D6EEBEEAF4334F8E50EFBC9931] - 02/11/2006 - 09:49:51 ---A- . (.Microsoft Corporation - SIS NT AGP Filter.) -- C:\Windows\System32\Drivers\SISAGP.SYS [53352]
O58 - SDL:[MD5.CEDD6F4E7D84E9F98B34B3FE988373AA] - 02/11/2006 - 09:50:10 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid2.sys [38504]
O58 - SDL:[MD5.DF843C528C4F69D12CE41CE462E973A7] - 02/11/2006 - 09:50:16 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\System32\Drivers\sisraid4.sys [71784]
O58 - SDL:[MD5.7B75299A4D201D6A6533603D6914AB04] - 11/04/2009 - 04:45:22 ---A- . (.Microsoft Corporation - SMB Transport driver.) -- C:\Windows\System32\Drivers\smb.sys [66560]
O58 - SDL:[MD5.A7D7EA1771D2ED6F39A8063E79B6C3E8] - 19/01/2008 - 05:49:30 ---A- . (.Microsoft Corporation - Smard Card Driver Library.) -- C:\Windows\System32\Drivers\smclib.sys [17408]
O58 - SDL:[MD5.7AEBDEEF071FE28B0EEF2CDD69102BFF] - 19/01/2008 - 07:41:30 ---A- . (.Microsoft Corporation - loader for security processor.) -- C:\Windows\System32\Drivers\spldr.sys [21048]
O58 - SDL:[MD5.A7F8BAD9590ADDC425B4003E94780DFA] - 11/04/2009 - 02:52:40 ---A- . (.Microsoft Corporation - security processor.) -- C:\Windows\System32\Drivers\spsys.sys [684032]
O58 - SDL:[MD5.41987F9FC0E61ADF54F581E15029AD91] - 18/02/2011 - 14:03:32 ---A- . (.Microsoft Corporation - Server driver.) -- C:\Windows\System32\Drivers\srv.sys [305152]
O58 - SDL:[MD5.FF33AFF99564B1AA534F58868CBE41EF] - 29/04/2011 - 13:25:10 ---A- . (.Microsoft Corporation - Smb 2.0 Server driver.) -- C:\Windows\System32\Drivers\srv2.sys [146432]
O58 - SDL:[MD5.7605C0E1D01A08F3ECD743F38B834A44] - 29/04/2011 - 13:25:09 ---A- . (.Microsoft Corporation - Server Network driver.) -- C:\Windows\System32\Drivers\srvnet.sys [102400]
O58 - SDL:[MD5.47E55AFE1ED1D5AFF09690DB226F4A7A] - 11/04/2009 - 06:32:54 ---A- . (.Microsoft Corporation - Microsoft Storage Port Driver.) -- C:\Windows\System32\Drivers\Storport.sys [122344]
O58 - SDL:[MD5.70A92E46A2F459CDEDE3CA558CB26B6A] - 11/04/2009 - 04:42:47 ---A- . (.Microsoft Corporation - WDM CODEC Class Device Driver 2.0.) -- C:\Windows\System32\Drivers\stream.sys [52992]
O58 - SDL:[MD5.7BA58ECF0C0A9A69D44B3DCA62BECF56] - 19/01/2008 - 07:41:14 ---A- . (.Microsoft Corporation - Plug and Play Software Device Enumerator.) -- C:\Windows\System32\Drivers\swenum.sys [15288]
O58 - SDL:[MD5.192AA3AC01DF071B541094F251DEED10] - 02/11/2006 - 09:50:05 ---A- . (.LSI Logic - LSI Logic 8XX SCSI Miniport Driver.) -- C:\Windows\System32\Drivers\symc8xx.sys [35944]
O58 - SDL:[MD5.8C8EB8C76736EBAF3B13B633B2E64125] - 02/11/2006 - 09:49:56 ---A- . (.LSI Logic - LSI Logic Hi-Perf SCSI Miniport Driver.) -- C:\Windows\System32\Drivers\sym_hi.sys [31848]
O58 - SDL:[MD5.8072AF52B5FD103BBBA387A1E49F62CB] - 02/11/2006 - 09:50:03 ---A- . (.LSI Logic - LSI Logic Ultra160 SCSI Miniport Driver.) -- C:\Windows\System32\Drivers\sym_u3.sys [34920]
O58 - SDL:[MD5.1239FD18895040D97B7CDBC19BC2075E] - 19/01/2008 - 05:49:56 ---A- . (.Microsoft Corporation - SCSI Tape Class Driver.) -- C:\Windows\System32\Drivers\tape.sys [24576]
O58 - SDL:[MD5.6D0D344F643E28B31262AC2682109A3C] - 05/07/2013 - 03:20:37 ---A- . (.Microsoft Corporation - TCP/IP Driver.) -- C:\Windows\System32\Drivers\tcpip.sys [914880]
O58 - SDL:[MD5.5877A786EF27E42C4E84D1356F922302] - 05/07/2013 - 01:43:04 ---A- . (.Microsoft Corporation - TCP/IP Registry Compatibility Driver.) -- C:\Windows\System32\Drivers\tcpipreg.sys [31232]
O58 - SDL:[MD5.77937EFF009AC696B90E09F671F9D0A4] - 19/01/2008 - 05:57:10 ---A- . (.Microsoft Corporation - TDI Wrapper.) -- C:\Windows\System32\Drivers\tdi.sys [20992]
O58 - SDL:[MD5.5DCF5E267BE67A1AE926F2DF77FBCC56] - 19/01/2008 - 06:01:07 ---A- . (.Microsoft Corporation - Named Pipe Transport Driver.) -- C:\Windows\System32\Drivers\tdpipe.sys [17920]
O58 - SDL:[MD5.389C63E32B3CEFED425B61ED92D3F021] - 19/01/2008 - 06:01:08 ---A- . (.Microsoft Corporation - TCP Transport Driver.) -- C:\Windows\System32\Drivers\tdtcp.sys [29184]
O58 - SDL:[MD5.76B06EB8A01FC8624D699E7045303E54] - 11/04/2009 - 04:45:56 ---A- . (.Microsoft Corporation - TDI Translation Driver.) -- C:\Windows\System32\Drivers\tdx.sys [72192]
O58 - SDL:[MD5.3CAD38910468EAB9A6479E2F01DB43C7] - 11/04/2009 - 06:32:52 ---A- . (.Microsoft Corporation - Terminal Server Driver.) -- C:\Windows\System32\Drivers\termdd.sys [53224]
O58 - SDL:[MD5.E6D35F3AA51A65EB35C1F2340154A25E] - 05/02/2014 - 13:43:29 ---A- . (...) -- C:\Windows\System32\Drivers\tihdkwor.sys [54016]
O58 - SDL:[MD5.F4EAA7ECBCB25DE901C9B7F2CDCDA0B3] - 15/06/2013 - 11:23:33 ---A- . (.Microsoft Corporation - TS Security Filter Driver.) -- C:\Windows\System32\Drivers\tssecsrv.sys [24064]
O58 - SDL:[MD5.CAECC0120AC49E3D2F758B9169872D38] - 19/05/2011 - 15:53:04 ---A- . (.Microsoft Corporation - Microsoft Tunnel Interface Driver.) -- C:\Windows\System32\Drivers\TUNMP.SYS [15360]
O58 - SDL:[MD5.300DB877AC094FEAB0BE7688C3454A9C] - 19/05/2011 - 15:53:07 ---A- . (.Microsoft Corporation - Microsoft Tunnel Interface Driver.) -- C:\Windows\System32\Drivers\tunnel.sys [25088]
O58 - SDL:[MD5.C3ADE15414120033A36C0F293D4A4121] - 02/11/2006 - 09:49:59 ---A- . (.Microsoft Corporation - MS AGPv3.5 Filter.) -- C:\Windows\System32\Drivers\UAGP35.SYS [56936]
O58 - SDL:[MD5.D9728AF68C4C7693CB100B8441CBDEC6] - 11/04/2009 - 04:13:59 ---A- . (.Microsoft Corporation - UDF File System Driver.) -- C:\Windows\System32\Drivers\udfs.sys [226816]
O58 - SDL:[MD5.75E6890EBFCE0841D3291B02E7A8BDB0] - 02/11/2006 - 09:50:04 ---A- . (.Microsoft Corporation - ULi AGPv3.0 Filter for K8/9 Processor Platforms.) -- C:\Windows\System32\Drivers\ULIAGPKX.SYS [58472]
O58 - SDL:[MD5.3CD4EA35A6221B85DCC25DAA46313F8D] - 02/11/2006 - 09:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys [235112]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 02/11/2006 - 09:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 02/11/2006 - 09:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.32CFF9F809AE9AED85464492BF3E32D2] - 19/01/2008 - 05:53:40 ---A- . (.Microsoft Corporation - User-Mode Bus Enumerator.) -- C:\Windows\System32\Drivers\umbus.sys [34816]
O58 - SDL:[MD5.88BD96A1BAEED33EE8BDF9499C07A841] - 19/01/2008 - 05:53:39 ---A- . (.Microsoft Corporation - Generic pass-through driver.) -- C:\Windows\System32\Drivers\umpass.sys [7680]
O58 - SDL:[MD5.8D31A140B55021BBD3A608F5A7AA2E18] - 12/02/2013 - 01:57:27 ---A- . (.Microsoft Corporation - Remote NDIS USB Driver.) -- C:\Windows\System32\Drivers\usb8023.sys [15872]
O58 - SDL:[MD5.1114579556DB85E9FAF9590DBC64CD62] - 12/07/2013 - 09:04:18 ---A- . (.Microsoft Corporation - USB Audio Class Driver.) -- C:\Windows\System32\Drivers\USBAUDIO.sys [73344]
O58 - SDL:[MD5.D06F193F3E9CC3B356DF97F6A43C054A] - 11/04/2009 - 04:42:56 ---A- . (.Microsoft Corporation - Universal Serial Bus Camera Driver.) -- C:\Windows\System32\Drivers\USBCAMD.sys [25856]
O58 - SDL:[MD5.EAE017D3AA298374A1967B96C379C5AB] - 11/04/2009 - 04:42:56 ---A- . (.Microsoft Corporation - Universal Serial Bus Camera Driver.) -- C:\Windows\System32\Drivers\USBCAMD2.sys [25856]
O58 - SDL:[MD5.AAB0B5F72D2D726FBFDC895A2902DE1D] - 29/06/2013 - 02:07:04 ---A- . (.Microsoft Corporation - USB Common Class Generic Parent Driver.) -- C:\Windows\System32\Drivers\usbccgp.sys [73216]
O58 - SDL:[MD5.E9476E6C486E76BC4898074768FB7131] - 02/11/2006 - 08:55:09 ---A- . (.Microsoft Corporation - USB Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\usbcir.sys [68608]
O58 - SDL:[MD5.FE619ED13CE12F5B43C04E3EA061BBD6] - 29/06/2013 - 02:06:53 ---A- . (.Microsoft Corporation - Universal Serial Bus Driver.) -- C:\Windows\System32\Drivers\usbd.sys [6016]
O58 - SDL:[MD5.153E8515CB86F8BB5D1A8B478EBF4BB2] - 05/05/2011 - 13:54:07 ---A- . (.Microsoft Corporation - EHCI eUSB Miniport Driver.) -- C:\Windows\System32\Drivers\usbehci.sys [39936]
O58 - SDL:[MD5.2AE6BCEBD85D31317E433733DAF25888] - 29/06/2013 - 02:07:15 ---A- . (.Microsoft Corporation - Default Hub Driver for USB.) -- C:\Windows\System32\Drivers\usbhub.sys [197632]
O58 - SDL:[MD5.D457EBD0C3A8B3A3A144355B5EE91CBC] - 05/05/2011 - 13:54:07 ---A- . (.Microsoft Corporation - OHCI USB Miniport Driver.) -- C:\Windows\System32\Drivers\usbohci.sys [19456]
O58 - SDL:[MD5.B09C74A41F26B08149707EA5E7F956C2] - 29/06/2013 - 02:07:01 ---A- . (.Microsoft Corporation - USB 1.1 & 2.0 Port Driver.) -- C:\Windows\System32\Drivers\usbport.sys [226304]
O58 - SDL:[MD5.E75C4B5269091D15A2E7DC0B6D35F2F5] - 19/01/2008 - 06:14:40 ---A- . (.Microsoft Corporation - USB Printer driver.) -- C:\Windows\System32\Drivers\usbprint.sys [18944]
O58 - SDL:[MD5.1D714B8497CD68307806D5D3F60A5169] - 03/07/2013 - 02:33:45 ---A- . (.Microsoft Corporation - USB Scanner Driver.) -- C:\Windows\System32\Drivers\usbscan.sys [35328]
O58 - SDL:[MD5.BE3DA31C191BC222D9AD503C5224F2AD] - 11/04/2009 - 04:42:55 ---A- . (.Microsoft Corporation - USB Mass Storage Class Driver.) -- C:\Windows\System32\Drivers\USBSTOR.SYS [65536]
O58 - SDL:[MD5.325DBBACB8A36AF9988CCF40EAC228CC] - 02/11/2006 - 08:55:05 ---A- . (.Microsoft Corporation - UHCI USB Miniport Driver.) -- C:\Windows\System32\Drivers\usbuhci.sys [22528]
O58 - SDL:[MD5.E67998E8F14CB0627A769F6530BCB352] - 19/01/2008 - 05:53:38 ---A- . (.Microsoft Corporation - USB Video Class Driver.) -- C:\Windows\System32\Drivers\usbvideo.sys [134016]
O58 - SDL:[MD5.DD1E7E3B4A4845B0F24ADF6DF3A6DF4B] - 18/10/2010 - 00:00:00 ---A- . (.Creative Technology Ltd. - Video Capture Device Driver.) -- C:\Windows\System32\Drivers\V0700Vid.sys [322304]
O58 - SDL:[MD5.2E93AC0A1D8C79D019DB6C51F036636C] - 19/01/2008 - 05:52:06 ---A- . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys [25088]
O58 - SDL:[MD5.7D92BE0028ECDEDEC74617009084B5EF] - 02/11/2006 - 08:53:56 ---A- . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vgapnp.sys [26112]
O58 - SDL:[MD5.045D9961E591CF0674A920B6BA3BA5CB] - 02/11/2006 - 09:49:52 ---A- . (.Microsoft Corporation - VIA NT AGP Filter.) -- C:\Windows\System32\Drivers\VIAAGP.SYS [54376]
O58 - SDL:[MD5.56A4DE5F02F2E88182B0981119B4DD98] - 02/11/2006 - 08:30:19 ---A- . (.Microsoft Corporation - Processor Device Driver.) -- C:\Windows\System32\Drivers\viac7.sys [39424]
O58 - SDL:[MD5.7AA7EC9A08DC2C39649C413B1A26E298] - 10/09/2007 - 12:51:14 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\System32\Drivers\viaide.sys [20152]
O58 - SDL:[MD5.C048D2C33D27441A0CDCAAE2651EB03D] - 19/01/2008 - 05:52:12 ---A- . (.Microsoft Corporation - Video Port Driver.) -- C:\Windows\System32\Drivers\videoprt.sys [110080]
O58 - SDL:[MD5.69503668AC66C77C6CD7AF86FBDF8C43] - 19/01/2008 - 07:42:18 ---A- . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys [52792]
O58 - SDL:[MD5.23E41B834759917BFD6B9A0D625D0C28] - 11/04/2009 - 06:33:03 ---A- . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\Windows\System32\Drivers\volmgrx.sys [292840]
O58 - SDL:[MD5.786DB5771F05EF300390399F626BF30A] - 21/08/2012 - 11:47:42 ---A- . (.Microsoft Corporation - Volume Shadow Copy Driver.) -- C:\Windows\System32\Drivers\volsnap.sys [224640]
O58 - SDL:[MD5.D984439746D42B30FC65A4C3546C6829] - 02/11/2006 - 09:50:41 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR X86-32.) -- C:\Windows\System32\Drivers\vsmraid.sys [112232]
O58 - SDL:[MD5.48DFEE8F1AF7C8235D4E626F0C4FE031] - 02/11/2006 - 08:52:52 ---A- . (.Microsoft Corporation - Wacom Serial Pen Tablet HID Driver.) -- C:\Windows\System32\Drivers\wacompen.sys [20608]
O58 - SDL:[MD5.55201897378CCA7AF8B5EFD874374A26] - 19/01/2008 - 05:56:31 ---A- . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) -- C:\Windows\System32\Drivers\wanarp.sys [62464]
O58 - SDL:[MD5.4A5C31E2C1646034E6A60EBA4C747FF6] - 11/04/2009 - 04:22:46 ---A- . (.Microsoft Corporation - Watchdog Driver.) -- C:\Windows\System32\Drivers\watchdog.sys [33280]
O58 - SDL:[MD5.78FE9542363F297B18C027B2D7E7C07F] - 19/01/2008 - 07:41:31 ---A- . (.Microsoft Corporation - Microsoft Watchdog Timer Driver.) -- C:\Windows\System32\Drivers\wd.sys [22072]
O58 - SDL:[MD5.25944D2CC49E0A6C581D02A74B7D6645] - 26/06/2013 - 23:01:59 ---A- . (.Microsoft Corporation - Kernel Mode Driver Framework Runtime.) -- C:\Windows\System32\Drivers\Wdf01000.sys [527064]
O58 - SDL:[MD5.48704647CD2E9DAA2EB81BDE6D029EDB] - 26/07/2012 - 03:39:21 ---A- . (.Microsoft Corporation - Kernel Mode Driver Framework Loader.) -- C:\Windows\System32\Drivers\WdfLdr.sys [47720]
O58 - SDL:[MD5.701A9F884A294327E9141D73746EE279] - 02/11/2006 - 08:35:03 ---A- . (.Microsoft Corporation - Windows Management Interface for ACPI.) -- C:\Windows\System32\Drivers\wmiacpi.sys [11264]
O58 - SDL:[MD5.C546864EED786304762D030FEBF6B411] - 19/01/2008 - 07:41:20 ---A- . (.Microsoft Corporation - WMILIB WMI support library Dll.) -- C:\Windows\System32\Drivers\wmilib.sys [17976]
O58 - SDL:[MD5.DE9D36F91A4DF3D911626643DEBF11EA] - 01/10/2009 - 01:01:54 ---A- . (.Microsoft Corporation - WPD USB Driver.) -- C:\Windows\System32\Drivers\WpdUsb.sys [40448]
O58 - SDL:[MD5.E3A3CB253C0EC2494D4A61F5E43A389C] - 19/01/2008 - 05:56:49 ---A- . (.Microsoft Corporation - Winsock2 IFS Layer.) -- C:\Windows\System32\Drivers\ws2ifsl.sys [15872]
O58 - SDL:[MD5.06E6F32C8D0A3F66D956F57B43A2E070] - 26/07/2012 - 02:33:43 ---A- . (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Platform.) -- C:\Windows\System32\Drivers\WUDFPf.sys [66560]
O58 - SDL:[MD5.867C301E8B790040AE9CF6486E8041DF] - 26/07/2012 - 02:32:51 ---A- . (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Reflecto.) -- C:\Windows\System32\Drivers\WUDFRd.sys [155136]
O58 - SDL:[MD5.AB2D77BF7222B007717ABB61B15F9AE2] - 17/11/2006 - 10:31:04 ---A- . (.X10 Wireless Technology, Inc. - X10 HID Control Interface.) -- C:\Windows\System32\Drivers\x10hid.sys [13976]
O58 - SDL:[MD5.0625DB94911790F20A866A564D22612B] - 28/10/2008 - 21:48:24 ---A- . (.X10 Wireless Technology, Inc. - X10 USB Control Interface.) -- C:\Windows\System32\Drivers\x10ufx2.sys [27160]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 07:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.D7659D3B5B92C31E84E53C1431F35132] - 11/04/2009 - 06:32:46 ---A- . (.Microsoft Corporation - Common Log File System Driver.) -- C:\Windows\System32\clfs.sys [245736]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 02/11/2006 - 07:09:45 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 02/11/2006 - 07:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 02/11/2006 - 07:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 02/11/2006 - 07:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 02/11/2006 - 07:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 02/11/2006 - 07:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 02/11/2006 - 07:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 02/11/2006 - 07:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 02/11/2006 - 07:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 02/11/2006 - 07:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 02/11/2006 - 07:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 02/11/2006 - 07:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 02/11/2006 - 07:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 02/11/2006 - 07:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
O58 - SDL:[MD5.A6E18756EA7B6E971184B57B86251FC5] - 30/10/2013 - 00:35:24 ---A- . (.Microsoft Corporation - Multi-User Win32 Driver.) -- C:\Windows\System32\win32k.sys [2050560]
~ Drivers: 16 Scanned in 00mn 10s

Report •

#80
March 5, 2014 at 06:43:04

John lost the plot where I was so need to do a bit of back checking to find last copy/paste, will get this done asap

Report •

#81
March 5, 2014 at 07:46:37

Johnw (back with it)?
10th Part
---\\ Last modified or created user files (O61)
O61 - LFC: 02/03/2014 - 14:09:41 ---A- . (...) -- C:\Users\Ian\AppData\Local\temp\wmplog01.sqm [1340]
O61 - LFC: 02/03/2014 - 14:09:46 ---A- . (...) -- C:\Users\Ian\Documents\checkup 317.txt [1249]
O61 - LFC: 03/03/2014 - 14:09:37 ---A- . (...) -- C:\Users\Ian\AppData\Local\Avg2014\log\avgdecider.log.1 [65648]
O61 - LFC: 03/03/2014 - 14:09:37 ---A- . (...) -- C:\Users\Ian\AppData\Local\Avg2014\update\download\avg14infoavi.ctf [3370]
O61 - LFC: 03/03/2014 - 14:09:37 ---A- . (...) -- C:\Users\Ian\AppData\Local\Avg2014\update\download\avg14infowin.ctf [25256]
O61 - LFC: 03/03/2014 - 14:09:37 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Archived History [57344]
O61 - LFC: 03/03/2014 - 14:09:37 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Archived History-journal [512]
O61 - LFC: 03/03/2014 - 14:09:37 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies [328704]
O61 - LFC: 03/03/2014 - 14:09:37 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal [16384]
O61 - LFC: 03/03/2014 - 14:09:37 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Current Session [5197]
O61 - LFC: 03/03/2014 - 14:09:37 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Current Tabs [4942]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG [0]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old [0]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT [16]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG [267]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old [145]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000446 [426] =>.Google Inc
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Favicons [342016]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal [4624]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000020.ldb [170]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT [16]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOG [264]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\MANIFEST-000019 [279]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\History [94208]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache [1067]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\History-journal [16384]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Last Session [9630]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Last Tabs [7010]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor [16384]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal [3608]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Preferences [55631]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\QuotaManager [20480]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal [6704]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000076.ldb [159]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000079.ldb [159]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT [16]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG [259]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old [264]
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000078 [503] =>.Google Inc
O61 - LFC: 03/03/2014 - 14:09:38 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Top Sites [20480]
O61 - LFC: 03/03/2014 - 14:09:39 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal [12824]
O61 - LFC: 03/03/2014 - 14:09:39 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity [643]
O61 - LFC: 03/03/2014 - 14:09:39 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Visited Links [131072]
O61 - LFC: 03/03/2014 - 14:09:39 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Local State [62531]
O61 - LFC: 03/03/2014 - 14:09:39 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Google Desktop\7f42f4284d0c\hes.evt [12]
O61 - LFC: 03/03/2014 - 14:09:39 ---A- . (...) -- C:\Users\Ian\AppData\Local\MFAData\logs\nds-20140303-195711.log.lock [0]
O61 - LFC: 03/03/2014 - 14:09:41 ---A- . (...) -- C:\Users\Ian\AppData\Local\temp\AUCHECK_PARSER.txt [366]
O61 - LFC: 03/03/2014 - 14:09:41 ---A- . (...) -- C:\Users\Ian\AppData\Local\temp\avginfo.id [254]
O61 - LFC: 03/03/2014 - 14:09:41 ---A- . (...) -- C:\Users\Ian\AppData\Local\temp\javaraversion.tag [6]
O61 - LFC: 03/03/2014 - 14:09:41 ---A- . (...) -- C:\Users\Ian\AppData\Local\temp\wmplog02.sqm [1284]
O61 - LFC: 03/03/2014 - 14:09:41 ---A- . (.SingularLabs.) -- C:\Users\Ian\AppData\Local\temp\Temp1_JavaRa-2.5.zip\JavaRa.exe [274944]
O61 - LFC: 03/03/2014 - 14:09:41 -SHA- . (...) -- C:\Users\Ian\AppData\Local\temp\acrord32_sbx\Cookies\index.dat [16384]
O61 - LFC: 03/03/2014 - 14:09:41 -SHA- . (...) -- C:\Users\Ian\AppData\Local\temp\acrord32_sbx\History\History.IE5\index.dat [16384]
O61 - LFC: 03/03/2014 - 14:09:42 ---A- . (...) -- C:\Users\Ian\AppData\Roaming\AVG2014\cfgall\usergui.cfg [609]
O61 - LFC: 03/03/2014 - 14:09:43 ---A- . (...) -- C:\Users\Ian\AppData\Roaming\Microsoft\Office\Groove12.pip [144]
O61 - LFC: 03/03/2014 - 14:09:46 ---A- . (...) -- C:\Users\Ian\Contacts\Downloads\JavaRa-2.5.zip [156058]
O61 - LFC: 03/03/2014 - 14:09:46 ---A- . (...) -- C:\Users\Ian\Contacts\Downloads\JavaRa.def [465058]
O61 - LFC: 03/03/2014 - 14:09:46 ---A- . (...) -- C:\Users\Ian\Contacts\Downloads\localizations\lang.Brazilian.locale [3807]
O61 - LFC: 03/03/2014 - 14:09:46 ---A- . (...) -- C:\Users\Ian\Contacts\Downloads\localizations\lang.Chinese (Traditional).locale [6134]
O61 - LFC: 03/03/2014 - 14:09:46 ---A- . (...) -- C:\Users\Ian\Contacts\Downloads\localizations\lang.Czech.locale [6464]
O61 - LFC: 03/03/2014 - 14:09:46 ---A- . (...) -- C:\Users\Ian\Contacts\Downloads\localizations\lang.Finnish.locale [7328]
O61 - LFC: 03/03/2014 - 14:09:46 ---A- . (...) -- C:\Users\Ian\Contacts\Downloads\localizations\lang.French.locale [4360]
O61 - LFC: 03/03/2014 - 14:09:46 ---A- . (...) -- C:\Users\Ian\Contacts\Downloads\localizations\lang.German.locale [7410]
O61 - LFC: 03/03/2014 - 14:09:46 ---A- . (...) -- C:\Users\Ian\Contacts\Downloads\localizations\lang.Hungarian.locale [7752]
O61 - LFC: 03/03/2014 - 14:09:46 ---A- . (...) -- C:\Users\Ian\Contacts\Downloads\localizations\lang.Italian.locale [4710]
O61 - LFC: 03/03/2014 - 14:09:46 ---A- . (...) -- C:\Users\Ian\Contacts\Downloads\localizations\lang.Polish.locale [3678]
O61 - LFC: 03/03/2014 - 14:09:46 ---A- . (...) -- C:\Users\Ian\Contacts\Downloads\localizations\lang.Russian.locale [6112]
O61 - LFC: 03/03/2014 - 14:09:46 ---A- . (...) -- C:\Users\Ian\Contacts\Downloads\localizations\lang.Spanish.locale [4417]
O61 - LFC: 03/03/2014 - 14:09:46 ---A- . (...) -- C:\Users\Ian\Contacts\Downloads\localizations\output_strings.false [196]
O61 - LFC: 03/03/2014 - 14:09:46 ---A- . (.Microsoft Corporation.) -- C:\Users\Ian\Contacts\Downloads\mseinstall.exe [11125072]
O61 - LFC: 03/03/2014 - 14:09:46 ---A- . (.SingularLabs.) -- C:\Users\Ian\Contacts\Downloads\JavaRa.exe [274944]
O61 - LFC: 04/03/2014 - 14:09:37 ---A- . (...) -- C:\Users\Ian\AppData\Local\Avg2014\log\commonpriv.log.1 [65668]
O61 - LFC: 04/03/2014 - 14:09:39 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Toolbar Cache\7.5.4805.320\en-GB\translate_element.js.content [2381]
O61 - LFC: 04/03/2014 - 14:09:39 --HA- . (...) -- C:\Users\Ian\AppData\Local\IconCache.db [3192288]
O61 - LFC: 04/03/2014 - 14:09:41 ---A- . (...) -- C:\Users\Ian\AppData\Local\temp\wmplog03.sqm [1412]
O61 - LFC: 04/03/2014 - 14:09:43 ---A- . (...) -- C:\Users\Ian\AppData\Roaming\IObit\IObit Uninstaller\MenuRight.dat [132]
O61 - LFC: 04/03/2014 - 14:09:46 ---A- . (...) -- C:\Users\Ian\AppData\Roaming\ZHP\HOSTS.txt [741] =>.Nicolas Coolman
O61 - LFC: 05/03/2014 - 14:09:37 ---A- . (...) -- C:\Users\Ian\AppData\Local\Avg2014\log\avgcore.log.1 [131426]
O61 - LFC: 05/03/2014 - 14:09:37 ---A- . (...) -- C:\Users\Ian\AppData\Local\Avg2014\log\avgui.log.1 [131161]
O61 - LFC: 05/03/2014 - 14:09:37 ---A- . (...) -- C:\Users\Ian\AppData\Local\Avg2014\log\avgui.log.2 [131189]
O61 - LFC: 05/03/2014 - 14:09:37 ---A- . (...) -- C:\Users\Ian\AppData\Local\FileTypeAssistant\prefs.dat [83]
O61 - LFC: 05/03/2014 - 14:09:37 ---A- . (...) -- C:\Users\Ian\AppData\Local\FileTypeAssistant\prg.dat [18714]
O61 - LFC: 05/03/2014 - 14:09:39 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Google Desktop\7f42f4284d0c\sites.txt [2418]
O61 - LFC: 05/03/2014 - 14:09:39 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Google Desktop\7f42f4284d0c\uinfo.dat [401408]
O61 - LFC: 05/03/2014 - 14:09:39 ---A- . (...) -- C:\Users\Ian\AppData\Local\Google\Toolbar\broker_metrics.xml [15809]
O61 - LFC: 05/03/2014 - 14:09:41 ---A- . (...) -- C:\Users\Ian\AppData\Local\Trusteer\Rapport\user\store\safe_stores\local_store\store_var_1.metadata.data [116]
O61 - LFC: 05/03/2014 - 14:09:41 ---A- . (...) -- C:\Users\Ian\AppData\Local\Trusteer\Rapport\user\store\user\fsm_service_var_0.js.data [5604]
O61 - LFC: 05/03/2014 - 14:09:41 ---A- . (...) -- C:\Users\Ian\AppData\Local\Trusteer\Rapport\user\store\user\rapport_data_var_0.js.data [13812]
O61 - LFC: 05/03/2014 - 14:09:41 ---A- . (...) -- C:\Users\Ian\AppData\Local\Trusteer\Rapport\user\store\user\rapport_var_0.cfg.data [2132]
O61 - LFC: 05/03/2014 - 14:09:41 ---A- . (...) -- C:\Users\Ian\AppData\Local\temp\Ian.bmp [31832]
O61 - LFC: 05/03/2014 - 14:09:42 ---A- . (...) -- C:\Users\Ian\AppData\Roaming\AVG2014\cfgall\userawacs.cfg [31554]
O61 - LFC: 05/03/2014 - 14:09:43 ---A- . (...) -- C:\Users\Ian\AppData\Roaming\FreeFileViewer\updcheck.cfg [217]
O61 - LFC: 05/03/2014 - 14:09:43 ---A- . (...) -- C:\Users\Ian\AppData\Roaming\Microsoft\Office\Word12.pip [1716]
O61 - LFC: 05/03/2014 - 14:09:43 ---A- . (...) -- C:\Users\Ian\AppData\Roaming\ProductData\update.spt [4827]
O61 - LFC: 05/03/2014 - 14:09:46 ---A- . (...) -- C:\Users\Ian\AppData\Roaming\ZHP\Log.txt [17135] =>.Nicolas Coolman
O61 - LFC: 05/03/2014 - 14:09:46 ---A- . (...) -- C:\Users\Ian\AppData\Roaming\ZHP\TestsZHPDiag.txt [2774] =>.Nicolas Coolman
~ 10 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 96 Scanned in 00mn 10s

Report •

#82
March 5, 2014 at 07:47:44

Johnw
11th Part
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 21/04/2011 - C:\Windows\system32\drivers\afd.sys (AFD) .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) - LEGACY_AFD
O64 - Services: CurCS - 25/11/2013 - C:\Windows\System32\DRIVERS\avgdiskx.sys (Avgdiskx) .(.AVG Technologies CZ, s.r.o. - AVG File Vault Driver.) - LEGACY_AVGDISKX
O64 - Services: CurCS - 01/01/1601 - C:\Windows\System32\DRIVERS\avgfwd6x.sys (Avgfwfd) .(...) - LEGACY_AVGFWFD
O64 - Services: CurCS - 25/11/2013 - C:\Windows\System32\DRIVERS\avgidsdriverx.sys (AVGIDSDriver) .(.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Driver..) - LEGACY_AVGIDSDRIVER
O64 - Services: CurCS - 25/11/2013 - C:\Windows\System32\DRIVERS\avgidshx.sys (AVGIDSHX) .(.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Helper Dri.) - LEGACY_AVGIDSHX
O64 - Services: CurCS - 19/01/2014 - C:\Windows\System32\DRIVERS\avgidsshimx.sys (AVGIDSShim) .(.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Loader Dri.) - LEGACY_AVGIDSSHIM
O64 - Services: CurCS - 31/10/2013 - C:\Windows\System32\DRIVERS\avgldx86.sys (Avgldx86) .(.AVG Technologies CZ, s.r.o. - AVG AVI Loader Driver.) - LEGACY_AVGLDX86
O64 - Services: CurCS - 31/10/2013 - C:\Windows\System32\DRIVERS\avglogx.sys (Avglogx) .(.AVG Technologies CZ, s.r.o. - AVG Logging Driver.) - LEGACY_AVGLOGX
O64 - Services: CurCS - 01/10/2013 - C:\Windows\System32\DRIVERS\avgmfx86.sys (Avgmfx86) .(.AVG Technologies CZ, s.r.o. - AVG Resident Shield Minifilter Driver.) - LEGACY_AVGMFX86
O64 - Services: CurCS - 10/09/2013 - C:\Windows\System32\DRIVERS\avgrkx86.sys (Avgrkx86) .(.AVG Technologies CZ, s.r.o. - AVG Anti-Rootkit Driver.) - LEGACY_AVGRKX86
O64 - Services: CurCS - 01/08/2013 - C:\Windows\System32\DRIVERS\avgtdix.sys (Avgtdix) .(.AVG Technologies CZ, s.r.o. - AVG Network connection watcher.) - LEGACY_AVGTDIX
O64 - Services: CurCS - 19/01/2008 - C:\Windows\System32\Drivers\Beep.sys (Beep) .(.Microsoft Corporation - BEEP Driver.) - LEGACY_BEEP
O64 - Services: CurCS - 22/02/2011 - C:\Windows\System32\DRIVERS\bowser.sys (bowser) .(.Microsoft Corporation - NT Lan Manager Datagram Receiver Driver.) - LEGACY_BOWSER
O64 - Services: CurCS - 19/01/2008 - C:\Windows\System32\DRIVERS\cdfs.sys (cdfs) .(.Microsoft Corporation - CD-ROM File System Driver.) - LEGACY_CDFS
O64 - Services: CurCS - 11/04/2009 - C:\Windows\System32\CLFS.sys (CLFS) .(.Microsoft Corporation - Common Log File System Driver.) - LEGACY_CLFS
O64 - Services: CurCS - 02/11/2006 - C:\Windows\System32\drivers\crcdisk.sys (crcdisk) .(.Microsoft Corporation - Disk Block Verification Filter Driver.) - LEGACY_CRCDISK
O64 - Services: CurCS - 14/04/2011 - C:\Windows\System32\Drivers\dfsc.sys (DfsC) .(.Microsoft Corporation - DFS Namespace Client Driver.) - LEGACY_DFSC
O64 - Services: CurCS - 01/08/2013 - C:\Windows\system32\drivers\dxgkrnl.sys (DXGKrnl) .(.Microsoft Corporation - DirectX Graphics Kernel.) - LEGACY_DXGKRNL
O64 - Services: CurCS - 11/04/2009 - C:\Windows\System32\Drivers\fastfat.sys (fastfat) .(.Microsoft Corporation - Fast FAT File System Driver.) - LEGACY_FASTFAT
O64 - Services: CurCS - 19/01/2008 - C:\Windows\System32\drivers\fileinfo.sys (FileInfo) .(.Microsoft Corporation - FileInfo Filter Driver.) - LEGACY_FILEINFO
O64 - Services: CurCS - 11/04/2009 - C:\Windows\System32\drivers\fltmgr.sys (FltMgr) .(.Microsoft Corporation - Microsoft Filesystem Filter Manager.) - LEGACY_FLTMGR
O64 - Services: CurCS - 17/05/2011 - C:\Windows\System32\drivers\HTTP.sys (HTTP) .(.Microsoft Corporation - HTTP Protocol Stack.) - LEGACY_HTTP
O64 - Services: CurCS - 04/06/2012 - C:\Windows\System32\Drivers\ksecdd.sys (KSecDD) .(.Microsoft Corporation - Kernel Security Support Provider Interface.) - LEGACY_KSECDD
O64 - Services: CurCS - 19/01/2008 - C:\Windows\System32\DRIVERS\lltdio.sys (lltdio) .(.Microsoft Corporation - Link-Layer Topology Mapper I/O Driver.) - LEGACY_LLTDIO
O64 - Services: CurCS - 19/01/2008 - C:\Windows\system32\drivers\luafv.sys (luafv) .(.Microsoft Corporation - LUA File Virtualization Filter Driver.) - LEGACY_LUAFV
O64 - Services: CurCS - 04/04/2013 - C:\Windows\system32\drivers\mbam.sys (MBAMProtector) .(.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - LEGACY_MBAMPROTECTOR
O64 - Services: CurCS - 19/01/2008 - C:\Windows\System32\drivers\mountmgr.sys (MountMgr) .(.Microsoft Corporation - Mount Point Manager.) - LEGACY_MOUNTMGR
O64 - Services: CurCS - 19/01/2008 - C:\Windows\system32\FirewallAPI.dll (mpsdrv) .(.Microsoft Corporation - Windows Firewall API.) - LEGACY_MPSDRV
O64 - Services: CurCS - 11/04/2009 - C:\Windows\system32\drivers\mrxdav.sys (MRxDAV) .(.Microsoft Corporation - Windows NT WebDav Minirdr.) - LEGACY_MRXDAV
O64 - Services: CurCS - 29/04/2011 - C:\Windows\System32\DRIVERS\mrxsmb.sys (mrxsmb) .(.Microsoft Corporation - Windows NT SMB Minirdr.) - LEGACY_MRXSMB
O64 - Services: CurCS - 06/07/2011 - C:\Windows\System32\DRIVERS\mrxsmb10.sys (mrxsmb10) .(.Microsoft Corporation - Longhorn SMB Downlevel SubRdr.) - LEGACY_MRXSMB10
O64 - Services: CurCS - 29/04/2011 - C:\Windows\System32\DRIVERS\mrxsmb20.sys (mrxsmb20) .(.Microsoft Corporation - Longhorn SMB 2.0 Redirector.) - LEGACY_MRXSMB20
O64 - Services: CurCS - 19/01/2008 - C:\Windows\System32\drivers\msisadrv.sys (msisadrv) .(.Microsoft Corporation - ISA Driver.) - LEGACY_MSISADRV
O64 - Services: CurCS - 11/04/2009 - C:\Windows\System32\Drivers\mup.sys (Mup) .(.Microsoft Corporation - Multiple UNC Provider driver.) - LEGACY_MUP
O64 - Services: CurCS - 11/04/2009 - C:\Windows\System32\DRIVERS\nwifi.sys (NativeWifiP) .(.Microsoft Corporation - NativeWiFi Miniport Driver.) - LEGACY_NATIVEWIFIP
O64 - Services: CurCS - 11/04/2009 - C:\Windows\System32\drivers\ndis.sys (NDIS) .(.Microsoft Corporation - NDIS 6.0 wrapper driver.) - LEGACY_NDIS
O64 - Services: CurCS - 19/01/2008 - C:\Windows\System32\DRIVERS\ndisuio.sys (Ndisuio) .(.Microsoft Corporation - NDIS User mode I/O driver.) - LEGACY_NDISUIO
O64 - Services: CurCS - 19/01/2008 - C:\Windows\System32\DRIVERS\netbios.sys (NetBIOS) .(.Microsoft Corporation - NetBIOS interface driver.) - LEGACY_NETBIOS
O64 - Services: CurCS - 11/04/2009 - C:\Windows\System32\DRIVERS\netbt.sys (netbt) .(.Microsoft Corporation - MBT Transport driver.) - LEGACY_NETBT
O64 - Services: CurCS - 19/01/2008 - C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) .(.Microsoft Corporation - NSI Proxy.) - LEGACY_NSIPROXY
O64 - Services: CurCS - 02/11/2006 - C:\Windows\System32\drivers\peauth.sys (PEAUTH) .(.Microsoft Corporation - Protected Environment Authentication and Au.) - LEGACY_PEAUTH
O64 - Services: CurCS - 11/04/2009 - C:\Windows\System32\drivers\pacer.sys (PSched) .(.Microsoft Corporation - QoS Packet Scheduler.) - LEGACY_PSCHED
O64 - Services: CurCS - 26/10/2013 - C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys (RapportCerberus_59849) .(...) - LEGACY_RAPPORTCERBERUS_59849 =>.Cerberus
O64 - Services: CurCS - 10/02/2014 - C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (RapportEI) .(.Trusteer Ltd. - RapportEI.) - LEGACY_RAPPORTEI
O64 - Services: CurCS - 19/01/2008 - C:\Windows\System32\DRIVERS\rasacd.sys (RasAcd) .(.Microsoft Corporation - RAS Automatic Connection Driver.) - LEGACY_RASACD
O64 - Services: CurCS - 11/04/2009 - C:\Windows\System32\DRIVERS\rdbss.sys (rdbss) .(.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - LEGACY_RDBSS
O64 - Services: CurCS - 19/01/2008 - C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPCDD
O64 - Services: CurCS - 19/01/2008 - C:\Windows\System32\drivers\rdpencdd.sys (RDPENCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPENCDD
O64 - Services: CurCS - 19/01/2008 - C:\Windows\System32\DRIVERS\rspndr.sys (rspndr) .(.Microsoft Corporation - Link-Layer Topology Responder Driver for ND.) - LEGACY_RSPNDR
O64 - Services: CurCS - 02/11/2006 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 11/04/2009 - C:\Windows\system32\tcpipcfg.dll (Smb) .(.Microsoft Corporation - Network Configuration Objects.) - LEGACY_SMB
O64 - Services: CurCS - 19/01/2008 - C:\Windows\System32\Drivers\spldr.sys (spldr) .(.Microsoft Corporation - loader for security processor.) - LEGACY_SPLDR
O64 - Services: CurCS - 18/02/2011 - C:\Windows\System32\DRIVERS\srv.sys (srv) .(.Microsoft Corporation - Server driver.) - LEGACY_SRV
O64 - Services: CurCS - 29/04/2011 - C:\Windows\System32\DRIVERS\srv2.sys (srv2) .(.Microsoft Corporation - Smb 2.0 Server driver.) - LEGACY_SRV2
O64 - Services: CurCS - 29/04/2011 - C:\Windows\System32\DRIVERS\srvnet.sys (srvnet) .(.Microsoft Corporation - Server Network driver.) - LEGACY_SRVNET
O64 - Services: CurCS - 11/04/2009 - C:\Windows\system32\tcpipcfg.dll (Tcpip) .(.Microsoft Corporation - Network Configuration Objects.) - LEGACY_TCPIP
O64 - Services: CurCS - 05/07/2013 - C:\Windows\System32\drivers\tcpipreg.sys (tcpipreg) .(.Microsoft Corporation - TCP/IP Registry Compatibility Driver.) - LEGACY_TCPIPREG
O64 - Services: CurCS - 11/04/2009 - C:\Windows\system32\tcpipcfg.dll (tdx) .(.Microsoft Corporation - Network Configuration Objects.) - LEGACY_TDX
O64 - Services: CurCS - 19/01/2008 - C:\Windows\system32\drivers\vga.sys (VgaSave) .(.Microsoft Corporation - VGA/Super VGA Video Driver.) - LEGACY_VGASAVE
O64 - Services: CurCS - 11/04/2009 - C:\Windows\System32\drivers\volmgrx.sys (volmgrx) .(.Microsoft Corporation - Volume Manager Extension Driver.) - LEGACY_VOLMGRX
O64 - Services: CurCS - 21/08/2012 - C:\Windows\System32\drivers\volsnap.sys (volsnap) .(.Microsoft Corporation - Volume Shadow Copy Driver.) - LEGACY_VOLSNAP
O64 - Services: CurCS - 19/01/2008 - C:\Windows\System32\DRIVERS\wanarp.sys (Wanarpv6) .(.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - LEGACY_WANARPV6
O64 - Services: CurCS - 26/06/2013 - C:\Windows\System32\drivers\Wdf01000.sys (Wdf01000) .(.Microsoft Corporation - Kernel Mode Driver Framework Runtime.) - LEGACY_WDF01000
O64 - Services: CurCS - 19/01/2008 - C:\Windows\system32\drivers\ws2ifsl.sys (ws2ifsl) .(.Microsoft Corporation - Winsock2 IFS Layer.) - LEGACY_WS2IFSL
O64 - Services: CurCS - 26/07/2012 - C:\Windows\system32\drivers\Wudfpf.sys (WudfPf) .(.Microsoft Corporation - Windows Driver Foundation - User-mode Drive.) - LEGACY_WUDFPF
~ Legacy: 139 Scanned in 00mn 07s

---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\Windows\System32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <ComFile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> <OperaStable>[HKCU\..\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\Launcher.exe
~ FASS Keys: 11 Scanned in 00mn 00s


Report •

#83
March 5, 2014 at 07:49:48

Johnw
12th Part
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {5DC9CCEA-7B02-4176-AAF5-031661614286 [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s

---\\ Search Svchost Services (SSS) (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll [24576]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\Windows\System32\wercplsupport.dll [62976]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [247808]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation Service.) -- C:\Windows\System32\certprop.dll [40448]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation Service.) -- C:\Windows\System32\certprop.dll [40448]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\System32\srvsvc.dll [125952]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\Windows\System32\gpsvc.dll [576512]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\ikeext.dll [444928]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\Windows\System32\Audiosrv.dll [315392]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll [90624]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [262144]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [68608]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\sens.dll [47104]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [288256]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [242688]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Terminal Server Remote Connections Manager.) -- C:\Windows\System32\termsrv.dll [449024]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [1933848]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll [758784]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [247808]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over an IPv4 network..) -- C:\Windows\System32\iphlpsvc.dll [200704]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\Windows\system32\seclogon.dll [19968]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll [33280]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\System32\iscsiexe.dll [111616]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\Windows\System32\mmcss.dll [45056]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [153088]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [57344]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [162304]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\Windows\System32\schedsvc.dll [601600]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Terminal Services Configuration service.) -- C:\Windows\System32\sessenv.dll [84992]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll [81920]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\System32\kmsvc.dll [68096]

~ Services: 31 Scanned in 00mn 00s

---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.49193A51F87D0A2CFE9F7D4E3A46079D] [SPRF][24/02/2014] (...) -- C:\Users\Ian\AppData\Roaming\wklnhst.dat [3676]
[MD5.D2B255B1977E183AD6717C1758C675A3] [SPRF][17/02/2014] (.Swearware - ComboFix NSIS Installer.) -- C:\Users\Ian\Desktop\ComboFix.exe [5183112]
[MD5.9146F21288AB749C4C729343F5F285A1] [SPRF][17/02/2014] (...) -- C:\Users\Ian\Desktop\Defogger.exe [50477]
[MD5.1F2B824953ED28CEF9C16E4A347C048A] [SPRF][27/06/2013] (.Systweak Inc. - Systweak PhotoStudio Setup.) -- C:\Users\Ian\Desktop\photostudio_r.exe [16437296]
[MD5.C038AC0153BFFE7F8778D404C0872317] [SPRF][20/02/2014] (.Bleeping Computer, LLC - Terminates malware processes so that you can run your normal security programs..) -- C:\Users\Ian\Desktop\rkill.exe [1933048]
[MD5.39B81D173E803767179E3673C8B426F6] [SPRF][03/03/2014] (...) -- C:\Users\Ian\Desktop\RogueKiller.exe [3819008]
[MD5.2529406E348278E6CB3FF7FCB104C54F] [SPRF][12/02/2014] (.Bleeping Computer, LLC - Unhides files made hidden by FakeHDD Rogues.) -- C:\Users\Ian\Desktop\unhide.exe [398752]
[MD5.3BF2A8A287A0A7851E5925B91C476537] [SPRF][05/03/2014] (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Users\Ian\Desktop\ZHPDiag2.exe [6866603]
[MD5.D5DB47F76A4C0B5B8482A6EEE39F1CA2] [SPRF][12/05/2013] (.NVIDIA Corporation - NVIDIA Install Application.) -- C:\Program Files\setup.exe [406304]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [196608]
[MD5.0C78701C6F42345DFF2B2B6C3C3D01EF] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [172032]
~ Files: 12 Scanned in 00mn 03s


Report •

#84
March 5, 2014 at 07:52:46

Johnw
13th part
DCOM Server.) -- C:\Windows\system32\plasrv.exe
O87 - FAEL: "PerfLogsAlerts-DCOM-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "PerfLogsAlerts-PLASrv-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Performance Logs and Alerts DCOM Server.) -- C:\Windows\system32\plasrv.exe
O87 - FAEL: "PerfLogsAlerts-DCOM-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "SNMPTRAP-In-UDP" | In - Public - P17 - FALSE | .(.Microsoft Corporation - SNMP Trap.) -- C:\Windows\system32\snmptrap.exe
O87 - FAEL: "WMP-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMP-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMP-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-QWave-In-UDP-NoScope" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-QWave-Out-UDP-NoScope" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-QWave-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-QWave-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-WMP-In-UDP-NoScope" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-WMP-Out-UDP-NoScope" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-WMP-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-In-UDP-NoScope" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Windows Media Player Network Sharing Service.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-Out-UDP-NoScope" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Windows Media Player Network Sharing Service.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Windows Media Player Network Sharing Service.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Windows Media Player Network Sharing Service.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-QWave-In-UDP" | In - Public - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-QWave-Out-UDP" | Out - Public - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-QWave-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-QWave-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-SSDPSrv-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-SSDPSrv-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMPNSS-WMP-In-UDP" | In - Public - P17 - FALSE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-WMP-Out-UDP" | Out - Public - P17 - FALSE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-WMP-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-In-UDP" | In - Public - P17 - FALSE | .(.Microsoft Corporation - Windows Media Player Network Sharing Service.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-Out-UDP" | Out - Public - P17 - FALSE | .(.Microsoft Corporation - Windows Media Player Network Sharing Service.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Windows Media Player Network Sharing Service.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Windows Media Player Network Sharing Service.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
O87 - FAEL: "WMPNSS-UPnP-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-SSDPSrv-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-SSDPSrv-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-In-TCP" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Media Center.) -- C:\Windows\ehome\ehshell.exe
O87 - FAEL: "MCX-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Media Center.) -- C:\Windows\ehome\ehshell.exe
O87 - FAEL: "MCX-QWave-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-QWave-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-QWave-In-TCP" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-QWave-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Media Center.) -- C:\Windows\ehome\ehshell.exe
O87 - FAEL: "MCX-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Media Center.) -- C:\Windows\ehome\ehshell.exe
O87 - FAEL: "MCX-MCX2SVC-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MCX-Prov-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - MCX2 Provisioning library.) -- C:\Windows\ehome\mcx2prov.exe
O87 - FAEL: "WinCollab-DFSR-In-TCP" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Distributed File System Replication.) -- C:\Windows\system32\dfsr.exe
O87 - FAEL: "WinCollab-DFSR-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Distributed File System Replication.) -- C:\Windows\system32\dfsr.exe
O87 - FAEL: "WinCollab-In-TCP" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe =>.Microsoft Corporation
O87 - FAEL: "WinCollab-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe =>.Microsoft Corporation
O87 - FAEL: "WinCollab-In-UDP" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe =>.Microsoft Corporation
O87 - FAEL: "WinCollab-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe =>.Microsoft Corporation
O87 - FAEL: "WinCollab-P2P-In-TCP" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WinCollab-P2P-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAdmin-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAdmin-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAdmin-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAdmin-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MsiScsi-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MsiScsi-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MsiScsi-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MsiScsi-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "Collab-P2PHost-In-TCP" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - People Near Me.) -- C:\Windows\system32\p2phost.exe
O87 - FAEL: "Collab-P2PHost-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - People Near Me.) -- C:\Windows\system32\p2phost.exe
O87 - FAEL: "Collab-P2PHost-WSD-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - People Near Me.) -- C:\Windows\system32\p2phost.exe
O87 - FAEL: "Collab-P2PHost-WSD-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - People Near Me.) -- C:\Windows\system32\p2phost.exe
O87 - FAEL: "Collab-PNRP-In-UDP" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "Collab-PNRP-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "Collab-PNRP-SSDPSrv-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "Collab-PNRP-SSDPSrv-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RVM-VDS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Virtual Disk Service.) -- C:\Windows\system32\vds.exe
O87 - FAEL: "RVM-VDSLDR-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Virtual Disk Service Loader.) -- C:\Windows\system32\vdsldr.exe
O87 - FAEL: "RVM-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RVM-VDS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Virtual Disk Service.) -- C:\Windows\system32\vds.exe
O87 - FAEL: "RVM-VDSLDR-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Virtual Disk Service Loader.) -- C:\Windows\system32\vdsldr.exe
O87 - FAEL: "RVM-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMI-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMI-WINMGMT-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMI-WINMGMT-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMI-ASYNC-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) -- C:\Windows\system32\wbem\unsecapp.exe
O87 - FAEL: "WMI-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMI-WINMGMT-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMI-WINMGMT-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WMI-ASYNC-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) -- C:\Windows\system32\wbem\unsecapp.exe
O87 - FAEL: "PNRPMNRS-PNRP-In-UDP" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "PNRPMNRS-PNRP-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "PNRPMNRS-SSDPSrv-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "PNRPMNRS-SSDPSrv-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteEventLogSvc-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteEventLogSvc-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteEventLogSvc-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteEventLogSvc-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteSvcAdmin-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Services and Controller app.) -- C:\Windows\system32\services.exe
O87 - FAEL: "RemoteSvcAdmin-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteSvcAdmin-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Services and Controller app.) -- C:\Windows\system32\services.exe
O87 - FAEL: "RemoteSvcAdmin-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteFwAdmin-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteFwAdmin-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteFwAdmin-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteFwAdmin-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "BITSSVC-WSD-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "BITSSVC-WSD-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "BITSSVC-RPC-In-TCP" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "BITSSVC-RPCSS-In-TCP" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteTask-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteTask-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteTask-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteTask-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MSDTC-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - MS DTCconsole program.) -- C:\Windows\system32\msdtc.exe
O87 - FAEL: "MSDTC-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - MS DTCconsole program.) -- C:\Windows\system32\msdtc.exe
O87 - FAEL: "MSDTC-KTMRM-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MSDTC-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MSDTC-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - MS DTCconsole program.) -- C:\Windows\system32\msdtc.exe
O87 - FAEL: "MSDTC-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - MS DTCconsole program.) -- C:\Windows\system32\msdtc.exe
O87 - FAEL: "MSDTC-KTMRM-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "MSDTC-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-RAServer-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Windows Remote Assistance COM Server.) -- C:\Windows\system32\raserver.exe
O87 - FAEL: "RemoteAssistance-RAServer-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Windows Remote Assistance COM Server.) -- C:\Windows\system32\raserver.exe
O87 - FAEL: "RemoteAssistance-DCOM-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-In-TCP-EdgeScope" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Windows Remote Assistance.) -- C:\Windows\system32\msra.exe
O87 - FAEL: "RemoteAssistance-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Windows Remote Assistance.) -- C:\Windows\system32\msra.exe
O87 - FAEL: "RemoteAssistance-SSDPSrv-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-SSDPSrv-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-UPnP-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-In-TCP-EdgeScope-Active" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Windows Remote Assistance.) -- C:\Windows\system32\msra.exe
O87 - FAEL: "RemoteAssistance-Out-TCP-Active" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Windows Remote Assistance.) -- C:\Windows\system32\msra.exe
O87 - FAEL: "RemoteAssistance-SSDPSrv-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-SSDPSrv-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "RemoteAssistance-UPnP-Out-TCP-Active" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WPDMTP-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) -- C:\Windows\system32\wudfhost.exe
O87 - FAEL: "WPDMTP-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) -- C:\Windows\system32\wudfhost.exe
O87 - FAEL: "WPDMTP-SSDPSrv-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WPDMTP-SSDPSrv-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "WPDMTP-UPnP-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NetPres-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe =>.Microsoft Corporation
O87 - FAEL: "NetPres-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe =>.Microsoft Corporation
O87 - FAEL: "NetPres-WSD-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe =>.Microsoft Corporation
O87 - FAEL: "NetPres-WSD-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe =>.Microsoft Corporation
O87 - FAEL: "NetPres-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe =>.Microsoft Corporation
O87 - FAEL: "NetPres-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe =>.Microsoft Corporation
O87 - FAEL: "CoreNet-DHCP-In" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "CoreNet-DHCP-Out" | Out - Domain - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "CoreNet-Teredo-In" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "CoreNet-Teredo-Out" | Out - Domain - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "CoreNet-GP-Out-TCP" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "CoreNet-DNS-Out-UDP" | Out - Domain - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "CoreNet-GP-LSASS-Out-TCP" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Local Security Authority Process.) -- C:\Windows\system32\lsass.exe
O87 - FAEL: "{E593E5BC-0F3E-4951-88C5-B288622C77A9}" | In - Public - P6 - TRUE | .(.Microsoft Corporation - Microsoft Office OneNote.) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.exe
O87 - FAEL: "{A684C2DB-B616-452F-BE30-BCC473285C57}" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Microsoft Office OneNote.) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.exe
O87 - FAEL: "{304A3346-B1DC-405C-B759-8EECA3E7BCDD}" | In - None - P17 - TRUE | .(.CyberLink Corp. - MakeDisc.) -- C:\Program Files\HomeCinema\MakeDisc\MakeDisc.exe
O87 - FAEL: "{8D98FB9A-6A5C-4F89-BDF2-12835F418180}" | In - None - P17 - TRUE | .(.CyberLink Corp. - PowerDirector.) -- C:\Program Files\HomeCinema\PowerDirector\PDR.exe
O87 - FAEL: "{3A57E476-38E9-4BD4-B39B-20BD89DF2C3D}" | In - None - P17 - TRUE | .(.CyberLink Corp. - PowerDVD.) -- C:\Program Files\HomeCinema\PowerDVD\PowerDVD.exe
O87 - FAEL: "SNMPTRAP-In-UDP-NoScope" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - SNMP Trap.) -- C:\Windows\system32\snmptrap.exe
O87 - FAEL: "NETDIS-SSDPSrv-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-SSDPSrv-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-UPnP-Out-TCP-Active" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-FDPHOST-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-FDPHOST-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-LLMNR-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-LLMNR-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-FDRESPUB-WSD-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-FDRESPUB-WSD-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-SSDPSrv-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-SSDPSrv-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-UPnP-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-FDPHOST-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-FDPHOST-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-LLMNR-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-LLMNR-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-FDRESPUB-WSD-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "NETDIS-FDRESPUB-WSD-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "FPS-SpoolSvc-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Spooler SubSystem App.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "FPS-SpoolSvc-In-TCP" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Spooler SubSystem App.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "{798D9E73-3B09-42EF-8844-FADB428FF4AD}" | In - Private - P6 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O87 - FAEL: "{4243A599-378A-4F23-B380-88C8B9117346}" | In - Private - P17 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O87 - FAEL: "{7DF882DF-0563-43B2-AE72-E2DF7ED9354A}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O87 - FAEL: "{7D6388BC-363F-4844-A0CD-786BA558B628}" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "{65742401-E11A-46F0-B1F2-1417C272747D}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "{6B7BA456-B23E-4B82-A093-C9CACC9A3D61}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O87 - FAEL: "{38546BD2-E38C-49DF-99C0-0A8FF9CBE0A5}" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{4E18F8D5-BFBC-4492-B6EC-BE8D5B982D9F}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{E72C143E-5CBA-4757-9D75-00C2ACDEE397}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe

Report •

#85
March 5, 2014 at 07:54:16

Johnw
14th part

oundation - User-mode Driver Framework Host Process.) -- C:\Windows\system32\wudfhost.exe
O87 - FAEL: "{5B8A8D1B-0A3A-420C-BD5F-69FB532FDE95}" | In - Private - P6 - TRUE | .(.Radialpoint SafeCare Inc. - No Comment.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
O87 - FAEL: "{BBD9EB36-07DF-4469-BC36-C1F774C1A33B}" | In - Private - P17 - TRUE | .(.Radialpoint SafeCare Inc. - No Comment.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
O87 - FAEL: "{55CAEBD0-99B0-4EF1-9688-7289F3CCA8D3}" | In - None - P17 - TRUE | .(.Bitberry Software - Bitberry Software Update Checker.) -- C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe
O87 - FAEL: "{6814368F-0FFD-4F70-91B5-159C86307B24}" | In - None - P17 - TRUE | .(.Trusted Software ApS - Find software to open your files.) -- C:\Program Files\File Type Assistant\TSAssist.exe
O87 - FAEL: "{7E69D6A2-2A78-442F-8B8A-0F0B3C472906}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\Office12\outlook.exe =>.Microsoft Corporation
O87 - FAEL: "{7239D914-7808-44CB-B5D4-4FCBEFCDC9A2}" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Microsoft Office Groove.) -- C:\Program Files\Microsoft Office\Office12\GROOVE.exe
O87 - FAEL: "{33B7B73E-A509-4093-9CD2-C4FE1DA867D8}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Microsoft Office Groove.) -- C:\Program Files\Microsoft Office\Office12\GROOVE.exe
O87 - FAEL: "{DCBB811B-CAEA-49F0-A8AD-A74C41536D15}" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Microsoft Office OneNote.) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.exe
O87 - FAEL: "{7052335F-31AC-40BE-A5FC-5302A56D427D}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Microsoft Office OneNote.) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.exe
O87 - FAEL: "TCP Query User{7D155340-E3D6-4F10-8CB1-CE0362BE422C}C:\program files\real\realplayer\realplay.exe" | In - Private - P6 - TRUE | .(.RealNetworks, Inc. - RealPlayer.) -- C:\program files\real\realplayer\realplay.exe
O87 - FAEL: "UDP Query User{1E59F646-90F6-45AC-8808-578D27AAC6C9}C:\program files\real\realplayer\realplay.exe" | In - Private - P17 - TRUE | .(.RealNetworks, Inc. - RealPlayer.) -- C:\program files\real\realplayer\realplay.exe
O87 - FAEL: "{6E06F44E-550B-432A-B049-944299A494B1}" | In - Private - P6 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O87 - FAEL: "{5EBB6778-5F7B-4293-9BF3-96E695D83EFE}" | In - Private - P17 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O87 - FAEL: "{85C64B51-2EB6-466B-AF65-EEB9B1C6563F}" | In - None - P17 - TRUE | .(.Trusted Software ApS - Find software to open your files.) -- C:\Program Files\File Type Assistant\TSAssist.exe
O87 - FAEL: "{0718F751-E0B0-4A0D-AE9F-F9402F6C60D6}" | In - Public - P6 - TRUE | .(.Microsoft Corporation - Spooler SubSystem App.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "{D1AC877F-83D4-4125-BEE8-10908BF5F85F}" | Out - Public - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{ECC2ED5C-6C39-4C24-BCD5-F88C9E5F85E1}" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{3DB0BB16-DD1B-4310-AC66-DD0BE990BD6F}" | Out - Public - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{BE7FC55E-6256-4F26-85F2-06E624585B09}" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{D315F41B-0284-4E32-852F-7AA8E020CD37}" | Out - Public - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{20CDCDCB-C6EC-44E1-8F96-DC1CD065D72D}" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{3B7AB974-32F6-4F9F-AD52-C1371D024E2F}" | Out - Public - P6 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{1DC8B8E8-AADC-4ADE-B531-2B073FB336A4}" | Out - Public - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{23B2DD9F-2721-4235-97B9-B5586EAE7260}" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Host Process for Windows Services.) -- C:\Windows\system32\svchost.exe
O87 - FAEL: "{22894861-AB8F-4F36-9D8E-A1FDFDBCECBA}" | In - None - P17 - TRUE | .(.Apple Inc. - WebKit2WebProcess.exe.) -- C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
O87 - FAEL: "{FE9B413E-876C-4CB3-9435-4FBD8E281538}" |In - Public - P6 - TRUE | .(...) -- E:\libNEAP.dll (.not file.)
O87 - FAEL: "{8658BFD1-C942-458F-84DC-FCA8DD66A668}" |In - Public - P6 - TRUE | .(...) -- E:\DWizard615.exe (.not file.)
O87 - FAEL: "{3D02C19A-9946-45EF-B104-1AE9D1205366}" |In - Public - P17 - TRUE | .(...) -- E:\libNEAP.dll (.not file.)
O87 - FAEL: "{CF2DBA89-ACBF-4498-B278-B98067FF2878}" |In - Public - P17 - TRUE | .(...) -- E:\DWizard615.exe (.not file.)
O87 - FAEL: "{B870B4B2-2E74-4D89-BBEA-FE6EBFFCFB5F}" | In - Private - P6 - TRUE | .(.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
O87 - FAEL: "{DFC73626-B9DF-42ED-BCBD-4AEA5852F984}" | In - Private - P17 - TRUE | .(.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
O87 - FAEL: "{6B1250DC-09B1-44AC-AFFD-C58001C4BC15}" | In - Private - P6 - TRUE | .(.AVG Technologies CZ, s.r.o. - AVG Diagnostics.) -- C:\Program Files\AVG\AVG2014\avgdiagex.exe
O87 - FAEL: "{680E8BA2-7F96-4D3A-9DA0-7623D42EC998}" | In - Private - P17 - TRUE | .(.AVG Technologies CZ, s.r.o. - AVG Diagnostics.) -- C:\Program Files\AVG\AVG2014\avgdiagex.exe
O87 - FAEL: "{267B1413-34D8-4967-8D92-1CC5C1275EBF}" | In - Private - P6 - TRUE | .(.AVG Technologies CZ, s.r.o. - AVG Installer Application.) -- C:\Program Files\AVG\AVG2014\avgmfapx.exe
O87 - FAEL: "{0B5AE467-F120-4F3C-8D61-8BC79B9D25A3}" | In - Private - P17 - TRUE | .(.AVG Technologies CZ, s.r.o. - AVG Installer Application.) -- C:\Program Files\AVG\AVG2014\avgmfapx.exe
O87 - FAEL: "{D64547BB-484D-42C9-894A-A7E80E43F65B}" | In - Private - P6 - TRUE | .(.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
O87 - FAEL: "{3A8D1A27-93C3-4164-A9EB-10FBA7B81EF4}" | In - Private - P17 - TRUE | .(.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
O87 - FAEL: "{B147C5BB-D1E0-47E3-B7EF-956972180BF4}" | In - None - P6 - FALSE | .(.Microsoft Corporation - SMSvcHost.exe.) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
~ Firewall: 220 Scanned in 00mn 02s


Report •

#86
March 5, 2014 at 07:56:25

Johnw
15th and final Part (You are gonna love me)
---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "00002109020090400000000000F01FEC" . (.Compatibility Pack for the 2007 Office system.) -- C:\Windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
O90 - PUC: "00002159FA0090400000000000F01FEC" . (.Microsoft Office PowerPoint Viewer 2007 (English).) -- C:\Windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe,0 =>.Microsoft Corporation
O90 - PUC: "098990BCF5D15D11E99A0005AB3E711E" . (.PowerDirector.) -- C:\Windows\Installer\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\ARPPRODUCTICON.exe
O90 - PUC: "0DC8CB51B56A0D742ADD098A4295F08A" . (.Microsoft Works.) -- C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
O90 - PUC: "277C90D53BCEB244C96C4B43C187DF2C" . (.Apple Application Support.) -- C:\Windows\Installer\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}\WinInstall.ico
O90 - PUC: "3E2D8E8CA6FED1B40AE9B772BE2E3FEC" . (.RealDownloader.) -- C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\AddRemoveProgramsIcon
O90 - PUC: "46B5A9879DD95AB419A50FCFA0B1B7EF" . (.Apple Software Update.) -- C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\Installer.ico =>.Apple Inc
O90 - PUC: "68AB67CA7DA73301B744BA0000000010" . (.Adobe Reader XI (11.0.05).) -- C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
O90 - PUC: "68AB67CA7DA746454382080000000040" . (.Spelling Dictionaries Support For Adobe Reader 8.) -- C:\Windows\Installer\{AC76BA86-7AD7-5464-3428-800000000004}\ARPPRODUCTICON.exe
O90 - PUC: "7692FC6BE18C0C0489510C7547EF1F02" . (.Skype Click to Call.) -- C:\Windows\Installer\{B6CF2967-C81E-40C0-9815-C05774FEF120}\IconUninstallIco
O90 - PUC: "7C43C21609E58D74B9C5F017D78D7262" . (.swMSM.) -- C:\Windows\Installer\{612C34C7-5E90-47D8-9B5C-0F717DD82726}\ARPPRODUCTICON.exe
O90 - PUC: "ABFAB76BF9C4AF84496939E3B3520544" . (.QuickTime.) -- C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\Installer.ico
O90 - PUC: "B2839838AB3578A48845193E8DA0A57C" . (.HP Photosmart Essential2.01.) -- C:\Windows\Installer\{8389382B-53BA-4A87-8854-91E3D80A5AC7}\ARPPRODUCTICON.exe =>.Hewlett-Packard Co
O90 - PUC: "CDD2E27F8BD309142AD13688D359F57E" . (.PSSWCORE.) -- C:\Windows\Installer\{F72E2DDC-3DB8-4190-A21D-63883D955FE7}\ARPPRODUCTICON.exe
O90 - PUC: "D03D9A664641F7C42B3F05D7DAFA5259" . (.Microsoft IntelliPoint 6.3.) -- C:\Windows\Installer\{66A9D30D-1464-4C7F-B2F3-507DADAF2595}\ARPPRODUCTICON.exe
O90 - PUC: "D27204BABA2903F43BB622DE1EF6F85E" . (.HP Update.) -- C:\Windows\Installer\{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}\ARPPRODUCTICON.exe
O90 - PUC: "D3996F20367B04F4F839A2C99D57683E" . (.Microsoft IntelliType Pro 6.3.) -- C:\Windows\Installer\{02F6993D-B763-4F40-8F93-2A9CD97586E3}\ARPPRODUCTICON.exe
O90 - PUC: "D7314F9862C648A4DB8BE2A5B47BE100" . (.Microsoft Silverlight.) -- C:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ARPIcon
O90 - PUC: "D7E18DD182D0BEC4782B0C144ACF2B51" . (.Rapport.) -- C:\Windows\Installer\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\icon.ico
O90 - PUC: "D95ED311A75B5704D9F48530FD6AE97B" . (.Walgreens PictureMover.) -- C:\Windows\Installer\{113DE59D-B57A-4075-9D4F-5803DFA69EB7}\ARPPRODUCTICON.exe
O90 - PUC: "E7FF67E4ABEA78C47B88DC745E24B5D9" . (.Skype™ 6.11.) -- C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
~ Update Products: 101 Scanned in 00mn 00s

---\\ MyComputer Name Space (MNS) (O92)
O92 - MNS: Web Folders - {BDEADF00-C265-11D0-BCED-00A0C90AB50F}
~ MNS: 1 Scanned in 00mn 00s

---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.576C4261634460D0EFC5A0EA3293EFE8] [WIS][17/05/2011] (.eSupportQFolder - eSupportQFolder.) -- C:\Windows\Installer\109fccb.msi [121344]
[MD5.2DA8B98AECA66D9112DB2C7B9CB69138] [WIS][17/05/2011] (.DeviceManagementQFolder - DeviceManagementQFolder.) -- C:\Windows\Installer\109fce2.msi [121344]
[MD5.5EF4F84C5B1590E62FFF898FA0794F36] [WIS][17/05/2011] (.Builds the Destinations MSI - Builds the Destinations MSI.) -- C:\Windows\Installer\109fcf4.msi [646656]
[MD5.54941BFA93833E5FCC4C2ADF537C0AA8] [WIS][17/05/2011] (.CustomerResearchQFolder - CustomerResearchQFolder.) -- C:\Windows\Installer\109fd20.msi [121344]
[MD5.BD2493DB9F0EDDEF93D42CEC46ABCF46] [WIS][17/05/2011] (.DocumentViewerQFolder - DocumentViewerQFolder.) -- C:\Windows\Installer\109fd30.msi [121344]
[MD5.63AD2723EB7EC88B7BEB6A7EE4ACE7B6] [WIS][18/05/2011] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\25ed08.msi [24064] =>Toolbar.Google
[MD5.8B7474B33969CE21C3D3D9A006746A16] [WIS][23/02/2014] (.Trusteer - Rapport.) -- C:\Windows\Installer\3a698.msi [2341376]
[MD5.7877E790BB77D289EA9555E782B28D30] [WIS][06/12/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\3d9b83.msi [1634304]
[MD5.7623057E5480D4CC680B6481AE2D7E9C] [WIS][06/12/2013] (.Skype Technologies S.A. - Skype Click to Call.) -- C:\Windows\Installer\3d9b8b.msi [1053696]
~ WIS: 102 Scanned in 00mn 08s

---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 23/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 18/05/2011 30192 | (GoogleDesktopManager-051210-111108) . (.Google.) - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
SS - | Auto 18/05/2011 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 18/05/2011 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 16/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 24/02/2014 2151744 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 05/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 15/10/2007 382248 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
SS - | Auto 25/02/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 22/01/2014 3788816 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgidsagent.exe
SR - | Auto 24/09/2013 348008 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
SR - | Demand 19/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 19/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 20/09/2007 853288 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/01/2013 639776 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/02/2014 1444120 | (RapportMgmtService) . (.Trusteer Ltd..) - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 09/01/2007 272024 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 07/03/2012 10294584 | (ServicepointService) . (.Radialpoint SafeCare Inc..) - C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 19/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 12/11/2001 20480 | (x10nets) . (.X10.) - C:\Program Files\Common Files\X10\Common\X10nets.exe

~ Services: Scanned in 00mn 09s

---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Ian at 05/03/2014 14:10:33

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
C:\Windows\system32\DRIVERS\nvstor32.sys NVIDIA Corporation NVIDIA nForce(TM) SATA Driver
1 ntkrnlpa!IofCallDriver[0x8268F916] >> \Device\Harddisk0\DR0[0x860F2258]
3 CLASSPNP[0x887B08B3] >> ntkrnlpa!IofCallDriver[0x8268F916] >> [0x85217F08]
5 acpi[0x806A26BC] >> ntkrnlpa!IofCallDriver[0x8268F916] >> \Device\00000054[0x851F12D0]
kernel: MBR read successfully
user & kernel MBR OK

~ MBR: 14 Scanned in 00mn 02s

---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Ian at 05/03/2014 14:10:35

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s

---\\ Scan Additionnel (O88)
Database Version : 13031 - (03/03/2014)
Clés trouvées (Keys found) : 9
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 8
Fichiers trouvés (Files found) : 3

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] =>Trojan.Trojan.FindFDSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4D91-8333-CF10577473F7}] =>Toolbar.Google^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}] =>Toolbar.Google^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] =>Toolbar.Google^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon] =>PUP.Mobogenie^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\swg] =>Toolbar.Google^
[HKLM\Software\VBMZ] =>Toolbar.Conduit
[HKCU\Software\RegistryTool] =>Rogue.RegistryTool
[HKLM\Software\RegistryTool] =>Rogue.RegistryTool
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\hg116lbd.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com =>Adware.PlusHD^
C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\hg116lbd.default\extensions\{7ffa5f54-1c4f-46de-8576-c271a0dd482f} =>Adware.GamesBar^
C:\Program Files\Mobogenie =>PUP.Mobogenie^
C:\Program Files\sweetpacks bundle uninstaller =>PUP.SweetIM^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\Updater =>PUP.CrossRider^
C:\Users\Ian\AppData\Local\Mobogenie =>PUP.Mobogenie^
C:\Users\Ian\AppData\Roaming\RegistryTool =>Rogue.RegistryTool
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\WeDlMngr] =>PUP.weDownloadManager^
C:\Windows\Installer\25ed08.msi =>Toolbar.Google^
~ Additionnel Scan: 339825 Items scanned in 00mn 39s

---\\ Summary of the detections found on your workstation
~ http://nicolascoolman.webs.com/apps... =>Adware.PlusHD
~ http://nicolascoolman.webs.com/apps... =>Adware.GamesBar
~ http://nicolascoolman.webs.com/apps... =>Trojan.FindFDSearch
~ http://nicolascoolman.webs.com/apps... =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps... =>PUP.weDownloadManager
~ http://nicolascoolman.webs.com/apps... =>PUP.Duuqu
~ http://nicolascoolman.webs.com/apps... =>PUP.Mobogenie
~ http://nicolascoolman.webs.com/apps... =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps... =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps... =>PUP.CrossRider
~ MSI: 10 link(s) detected in 00mn 39s

End of the scan (2109 lines in 03mn 43s)(0)

Best Regard and Good Luck
Ian

message edited by ihsc24909


Report •

#87
March 5, 2014 at 12:49:38

Hi Ian, I know you couldn't get the hang of using Image Uploader, but there are thousands of sites out there you can upload a file to.

http://www.zippyshare.com/
http://www.filedropper.com/index.php
http://www.wikisend.com/
https://www.sendspace.com/
http://www.megafileupload.com/


Report •

#88
March 5, 2014 at 12:53:57

Run ZHP Fix

1. Close all applications

2. Select and copy all of the text below.

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] =>Trojan.Trojan.FindFDSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4D91-8333-CF10577473F7}] =>Toolbar.Google^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}] =>Toolbar.Google^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] =>Toolbar.Google^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon] =>PUP.Mobogenie^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\swg] =>Toolbar.Google^
[HKLM\Software\VBMZ] =>Toolbar.Conduit
[HKCU\Software\RegistryTool] =>Rogue.RegistryTool
[HKLM\Software\RegistryTool] =>Rogue.RegistryTool
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\hg116lbd.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com =>Adware.PlusHD^
C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\hg116lbd.default\extensions\{7ffa5f54-1c4f-46de-8576-c271a0dd482f} =>Adware.GamesBar^
C:\Program Files\Mobogenie =>PUP.Mobogenie^
C:\Program Files\sweetpacks bundle uninstaller =>PUP.SweetIM^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\Updater =>PUP.CrossRider^
C:\Users\Ian\AppData\Local\Mobogenie =>PUP.Mobogenie^
C:\Users\Ian\AppData\Roaming\RegistryTool =>Rogue.RegistryTool
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\WeDlMngr] =>PUP.weDownloadManager^
C:\Windows\Installer\25ed08.msi =>Toolbar.Google^

3. ZHPDiag created a short cut on your desktop called ZHPFix, launch ZHPFix (For Windows 7 click right to run as admin. Answer yes if you get an enquiry as to whether you want to run it or not.

4. Click on the the Import button and the lines will automatically paste themselves.

5. Click on the Go button to clean.

6. Confirm by clicking OK.

7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time.

8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste into your reply or upload if too large.


Report •

#89
March 6, 2014 at 04:04:47

Hi John,
struggling here a bit, I copied the text that you as per your last post. I opened up from the icon (as administrator) ZHPFix, asked to import and it seemed to try but nothing is showing on the panel (as if text was hidden) I pressed go, after about 40 mins absolutely nothing happened at all? I retried this time copied and pasted manually and pressed go........nothing seems to be happening again after about 30mins?
ouch?
Have tried agai several times, clicking on import seems to "only momentarely" seems to try and add the paste? but dissapears from the page. again tried to manualy paste "nothing"??
Ian

message edited by ihsc24909


Report •

#90
March 6, 2014 at 06:31:34

No idea why it won't run Ian.

Did you try in Safe mode?


Report •

#91
March 7, 2014 at 05:00:39

Good evening John, (you probably see this tomorrow)
I tried booting up in safe mode, E.I would not open, it stated web page could not be opened. I tried Mozilla it said something similar, in short, in safe mode for whatever reason it will not allow me into the web "in safe mode"?
Back to normal mode, into web no problem, but still cannot run ZHP ?


Ian


Report •

#92
March 7, 2014 at 05:40:19

"E.I would not open, it stated web page could not be opened. I tried Mozilla it said something similar"

Try Safe mode with networking Ian.


Report •

#93
March 7, 2014 at 13:04:53

Hi John (wished the news was better)
What I did was: msconfig-Boot- checked startup- selected network
this took me into safe mode.
I recopied the script,started up ZHPFix, tried an import but it again only momentarely flashed it onto ZHPFix then blank? Nothing to run?
I am confused? (need a drink)
Regards Ian


Report •

#94
March 7, 2014 at 13:34:25

"I recopied the script"
All the script is supposed to do Ian, is make it easier for removing those files in one hit.

No idea what is going on, so remove them one by one manually.


Report •

#95
March 9, 2014 at 04:59:09

Hi John,
Re #94 and #88 I am now totaly confused (whats new)? you say remove these files one by one manually "what files and where do I access them from to remove "?

John thanks for your patience

Ian


Report •

#96
March 9, 2014 at 05:18:15

The ones you said you said in post #89 that ZHPFix did nothing.

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] =>Trojan.Trojan.FindFDSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4D91-8333-CF10577473F7}] =>Toolbar.Google^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}] =>Toolbar.Google^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] =>Toolbar.Google^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\mobilegeni daemon] =>PUP.Mobogenie^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\swg] =>Toolbar.Google^
[HKLM\Software\VBMZ] =>Toolbar.Conduit
[HKCU\Software\RegistryTool] =>Rogue.RegistryTool
[HKLM\Software\RegistryTool] =>Rogue.RegistryTool
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\hg116lbd.default\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com =>Adware.PlusHD^
C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\hg116lbd.default\extensions\{7ffa5f54-1c4f-46de-8576-c271a0dd482f} =>Adware.GamesBar^
C:\Program Files\Mobogenie =>PUP.Mobogenie^
C:\Program Files\sweetpacks bundle uninstaller =>PUP.SweetIM^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\ProgramData\Updater =>PUP.CrossRider^
C:\Users\Ian\AppData\Local\Mobogenie =>PUP.Mobogenie^
C:\Users\Ian\AppData\Roaming\RegistryTool =>Rogue.RegistryTool
[HKCU\Software\Conduit] =>Toolbar.Conduit^
[HKCU\Software\WeDlMngr] =>PUP.weDownloadManager^
C:\Windows\Installer\25ed08.msi =>Toolbar.Google^


Report •

#97
March 9, 2014 at 06:16:11

I understand the problem area is as shown above, but what I am not understanding is!!

Where is all that as shown, locate about?

Am I trying to remove ie:

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

DOWN TO

C:\Windows\Installer\25ed08.msi =>Toolbar.Google^


Report •

#98
March 9, 2014 at 07:11:33

"Am I trying to remove ie:

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

DOWN TO

C:\Windows\Installer\25ed08.msi =>Toolbar.Google^"

Yes.

"Where is all that as shown, locate about?"

You really need someone with higher skill level to show you how to do that.



Report •

#99
March 10, 2014 at 13:06:42

Good early morning John, you be well asleep by now.
I am sorry we have come to a stumbling block but you are probably correct I found the last bit hard to understand (the files where are they located about) but alas as you say it is outwith my skill level? The problem is I cant think of anyone who can give me the help I need back here but that is my tough luck. You have been more than generous with your help and patience and for that I am truly greatful. I guess to get rid of the above #98 would possibly mean delving into the Registry? (perhaps you cuold give me a clue its interesting)? and I have learned so much from you.

Can I ask a couple of things: Would a complete re-format of my hard drive be of benefit "not that I intend to do that for now anyway.
Also John, we have come a long way and downloaded quit a few things. Can you advise me what should be kept for possible re-use and what could be deleted? The following is a list of what I still have:
Wise Disc cleaner
Wise Registry Cleaner….these seem really good programs that I might want to re-use? I think like you These should be used very regularly?

IObit Uninstaller….seems worth having?
Malwarebytes….. .seems worth having?

Rkill ??
Tdsskiller ??
ComboFix??
Defogger??
RogueKiller??

You also mentioned you could advise me on safe replacements for the pc cleaners that we earlier uninstalled.
I am running AVG free (your's and a good suggestion).
Are there any other things I should do, run , download to keep this PC in better shape than it has been in the past?

Best Regards
Ian.h


Report •

#100
March 10, 2014 at 15:25:59

Evening Ian, shall reply in small steps.

"and I have learned so much from you"
Which I get by googling.

"would possibly mean delving into the Registry?"
Definitely.

All items to be removed you stop at =

Example:
[HKLM\Software\VBMZ] =>Toolbar.Conduit

When in the registry, you scroll down to HKLM\Software\VBMZ & remove that entry.

Learn How to Use the Windows Registry Editor (Regedit) in One Easy Lesson
http://www.techsupportalert.com/con...


Report •

#101
March 11, 2014 at 04:46:47

Evening John and many thanks for your interesting reply.
I will have a good look and think about what you have said, and definately have a read on "(Regedit) in One Easy Lesson" before I venture into the great Abyss. I am keen to do this, I have actually been in the registry before getting rid of some unwanted stuff I could not uninstall, but I realise this is dangerous ground so thank you for your advice.
When I get some time this week I will have a go and hopefully be able to give you some succesfull feedback.

Cheers John
Ian.H


Report •

#102
March 17, 2014 at 12:59:38

Hi John,
Hope you still out there albeit you will see this much later on as its only 3:44am your time and 7:45pm in Edinburgh.
Anyway re #100 I have had a good read and think about registry editing and have now succesfully removed all the HKLM & HKCU (see #96) and all seems to be well so far and feeling a bit more confident? the only thing now to complete this is,I need to find all the C:\??? but search as I might I cannot find this string (C:\ ) in the registryand from the previous post I thought every thing was to be removed via the regedit?.
I can of course find all the C:\??? by into "computer boot C" and delete these items from there. Can you advise me on this ie "registry" or "boot C".
Thanks again
Ian.H

Report •

#103
March 17, 2014 at 17:22:42

"Evening Ian, shall reply in small steps"
Ok the first small step was to do the registry, which you have now done.

"I cannot find this string (C:\ ) in the registry"
It's not.

"boot C"
Yes.


Report •

#104
March 18, 2014 at 04:59:21

John,
That is all removed re #96 fron the registry and Boot C:\

Ian.H


Report •

#105
March 18, 2014 at 05:57:58

"Can I ask a couple of things: Would a complete re-format of my hard drive be of benefit "not that I intend to do that for now anyway"
Only if it is hopelessly out of shape & you have the Vista CD with your product number.
Make sure when you reinstall, you delete ALL partitions & format to NTFS.
Vista - Drive options (advanced)
http://www.vistax64.com/tutorials/1...

"I think like you These should be used very regularly?"
Once a month, or if after an uninstall of something & you want to make sure it's all gone.

Keep the free version of MBAM ( Malwarebytes ) & ESET in your armory, just update before using.

"Rkill ??
Tdsskiller ??
ComboFix??
Defogger??
RogueKiller??"
All part of my armory, you need to download the latest version, before using.

"IObit Uninstaller….seems worth having?"
I uninstall everything with it.

"Are there any other things I should do, run , download to keep this PC in better shape than it has been in the past?"
You are the best defence, any messages/pop up's that you don't understand, always Google the EXACT message, before you click.


Report •

#106
March 18, 2014 at 05:59:03

RunTFC
http://www.geekstogo.com/forum/file...
http://www.bleepingcomputer.com/dow...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. Note: If you are running on Vista/Windows 7/8, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Report •

#107
March 18, 2014 at 10:23:05

Hi John,
A succesfull run of T.F.C, the only report shown was 649.00 mb

Cheers for now


Report •

#108
March 18, 2014 at 15:57:24

This pretty well wraps it up Ian.

As you can see from your logs, you had a lot of stuff installed, that you did not know had been installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.
I use Softpedia, down the bottom of the page, they make you aware what Ad-supported programs the author of the program has included.
Sample pages
http://www.softpedia.com/get/CD-DVD...
http://www.softpedia.com/get/Multim...
Users are advised to pay attention while installing this ad-supported application:
· Offers to change the homepage for web browsers installed in the system
· Offers to change the default search engine for web browsers installed in the system
· Offers to install StartNow Toolbar that the program does not require to fully function
SS ( screenshots ) of above
http://i.imgur.com/CSBplyA.gif
http://i.imgur.com/3eWWoXm.gif

Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://unchecky.com/
How to download from Softpedia.
http://i.imgur.com/iZ3Fzmc.gif
http://i.imgur.com/NNgm1rF.gif
A reliable application that aims to protect your computer against third-party components often offered during software installations.


Report •

#109
March 18, 2014 at 16:40:45

A noble effort and outcome Johnw and ihsc24909.

Always pop back and let us know the outcome - thanks


Report •

#110
March 18, 2014 at 17:54:57

Thanks Derek, had a bad week, a grandson got killed on Monday night.

Very long story, huge chain of events. Included in them, car troubles, mate lent him his 250cc motorcycle.

It ended up that a car pulled out in front of him, low speed crash, he went across the bonnet for about 3 or 4 meters, but must have landed badly & damaged himself internally. Bled to death almost instantly.
http://i.imgur.com/D6JuoNG.gif


Report •

#111
March 18, 2014 at 18:30:51

My God that's awful news John - so sorry to hear it. You must be feeling terrible. Wish I could somehow do something more than offer you and yours my sincere condolences.

message edited by Derek


Report •

#112
March 19, 2014 at 08:10:22

John just fired up and saw your post. I am so sorry to hear of your tragic loss and I can’t begin to imagine how you and your family must be feeling, what a sadness.
Please accept my sincere condolences and pass on my thoughts.
I will contact you again in the near future just to finalise things, but for now I think it’s time for you to have a bit space and forget my tales of woe. Suffice for now to thank you again most sincerely for your efforts on my behalf and also the patience shown.

My Regards
Ian.H


Report •

#113
March 19, 2014 at 08:20:56

Hi Derek, as you are aware thats John about finished with me and a sterling job he has done. Its been a long haul but for me well worth it as I have learned so much and been pointed in better directions. My Pc is now running very well and can now get in and out of I.E no problem. The only thing I have just noticed is that I now have no search engine so will need to install Google?
Anyway Derek thank you for your input and the interest you have shown and haveno doubt will be back into "computing.net" in the future. Its great to know that there are helpful people out there.
So thanks again Derek
Best Regards
Ian.H

Report •

#114
March 19, 2014 at 13:33:00

I too believe it is time Johnw had a bit of space.

Thanks for the thanks but I didn't do very much - maybe there's now a case for selecting a different Best Answer (I think it is possible to do that).

I don't use Google Chrome but in other browsers your search engines can be selected and a default nominated. Otherwise uninstall then re-install of Google Chrome seems like a reasonable thing to try.

Always pop back and let us know the outcome - thanks


Report •

#115
May 21, 2014 at 12:56:56

Hi John and Derek, you guys still out there?
just thought I would pop back albeit it some month later to let you know that my Pc is still running like a dream. The monster excercise we had certainly paid great dividends,
I am still running MalwareBytes and others suggested by John obviously to good use.

I know this is not a social network but did not know any other way to get in touch and express a sincere thanks to you guys for the splended job and the help you gave me.

I often think of John and the tradgedy he had to endure and can only hope he has come through it ok.
Cheers Guys........Ian.H


Report •

#116
May 21, 2014 at 14:12:58

Thanks for the feedback - glad to hear the computer is still running well.

Always pop back and let us know the outcome - thanks


Report •

#117
May 21, 2014 at 16:52:21

"you guys still out there?"
Yep, still here Ian, thanks very much for that.

We are going Ok & the grandson's wife is coping very well.
Huge amount of complicated stuff to sort since his death, so we are going through a fixed price lawyer, recommended by a daughter.


Report •


Ask Question