Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Multiple toolbars installed and possible adware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Multiple toolbars installed and possible adware

Unread postby anuska » April 13th, 2012, 11:37 am

Hello,

I have been referred here by sludge3000, who is a friend of mine and is helping me post this. I asked him to look at my laptop as the keyboard and touchpad were unresponsive after installing Windows updates. This was resolved by a clean reboot from Safe Mode with no changes made.
After the laptop was working again it became apparent that it was not rebooting properly and had to be turned off by holding the power button. Sludge3000 disabled multiple items in the Startup menu of MSCONFIG, including multiple IE toolbars. The laptop then rebooted cleanly with no issues. Sludge3000 then uninstalled the following applications through add/remove programs:
Ask Toolbar
Ask Toolbar updater
Google Toolbar for IE
Big Fish Games: Game Manager
GamingWonderland

Upon finding My Scrap Nook, which appears to be AdWare, he has advised me to post here for assistance as he is uncomfortable dealing with this applications proper removal and the removal of any other unwanted applications on the machine.
Please find below DDS.log and Attach.log.

Thank you in advance for any assistance you can offer,
Anuska

DDS.LOG.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Anuska at 16:23:22 on 2012-04-13
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.1790.1036 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: PC Tools Firewall Plus *Enabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\PROGRA~1\MYSCRA~2\bar\1.bin\12barsvc.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uURLSearchHooks: N/A: {b3b5c47e-61f7-4d81-af06-461fc86686ce} - c:\program files\myscrapnook_12\bar\1.bin\12SrcAs.dll
BHO: Toolbar BHO: {0214754e-4e7d-4589-829d-e2523e6a3085} - c:\progra~1\myscra~2\bar\1.bin\12bar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Search Assistant BHO: {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - c:\program files\myscrapnook_12\bar\1.bin\12SrcAs.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: My Scrap Nook: {fe6f06fb-0fc0-4499-828f-ee48088f504f} - c:\program files\myscrapnook_12\bar\1.bin\12bar.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/produ ... wsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{30ACF419-CCC9-485E-B4F4-4BC6D5191D04} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-22 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-22 337880]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-6-22 251560]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-22 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-6-22 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-22 44768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MyScrapNook_12Service;My Scrap NookService;c:\progra~1\myscra~2\bar\1.bin\12barsvc.exe [2011-11-16 42504]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2011-6-22 160576]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2011-6-22 286000]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2011-6-22 89472]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2011-6-22 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2011-6-22 125248]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-23 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 253600]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-23 136176]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2011-6-22 57536]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-13 15:06:20 689552 ----a-w- c:\program files\gtUninstall GamingWonderland.dll
2012-04-13 15:06:20 161736 ----a-w- c:\program files\gtres.dll
2012-04-13 14:58:21 -------- d-----w- c:\windows\pss
2012-04-13 14:14:07 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b79082c7-65d0-4af8-a553-9fa5a428ef63}\mpengine.dll
2012-04-12 15:47:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-12 15:47:05 141112 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-04-12 15:47:03 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2012-04-12 15:47:02 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-04-12 15:47:00 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-04-12 15:26:21 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-04-04 05:53:56 182160 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-03-30 12:11:21 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-26 19:08:31 -------- d-----w- c:\program files\common files\Symantec Shared
2012-03-25 20:56:53 -------- d-----w- c:\windows\system32\appmgmt
2012-03-23 17:09:40 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-22 16:54:08 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-22 16:53:03 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-22 16:53:03 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-22 16:53:02 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-22 16:53:02 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-22 16:53:02 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-22 16:50:13 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-22 16:50:13 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-03-22 17:02:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-12 20:29:50 238 ----a-w- c:\users\anuska\appdata\roaming\fixpermissions.bat
2012-03-12 13:50:14 69632 ----a-w- c:\windows\system32\CUUpdateComponent.ocx
2012-03-12 13:50:14 425984 ----a-w- c:\windows\system32\ComputerUpdaterLM.ocx
2012-03-12 13:50:14 131072 ----a-w- c:\windows\system32\SafeAppRichList.ocx
2012-03-08 17:06:10 389120 ----a-w- c:\windows\system32\RegistryHelperLM.ocx
2012-03-07 00:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 06:39:00 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-06 06:39:00 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-23 09:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 16:24:29.53 ===============



ATTACH.LOG
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 22/06/2011 23:29:55
System Uptime: 13/04/2012 16:12:01 (0 hours ago)
.
Motherboard: Wistron | | 303C
Processor: AMD Athlon Dual-Core QL-60 | Socket A | 1900/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 102 GiB total, 33.721 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.616 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
1001 Nights - The Adventures of Sindbad
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
avast! Free Antivirus
Broadcom 802.11 Wireless LAN Adapter
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon MP250 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
City Sights - Hello Seattle!
Conexant HD Audio
Cooking Dash 3: Thrills and Spills
Diaper Dash
Diner Dash
Diner Dash - Flo on the Go
Diner Dash 2 Restaurant Rescue
Facebook Video Calling 1.2.0.159
FUJIFILM MyFinePix Studio 2.0
Gold Rush Deluxe
Google Talk Plugin
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Games
InstallIQ Updater
Java Auto Updater
Java(TM) 6 Update 31
K-Lite Codec Pack 7.0.0 (Standard)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
My Scrap Nook
Norton Security Scan
NVIDIA Drivers
Open Freely
OpenOffice.org 3.3
PC Tools Firewall Plus 7.0
PVSonyDll
QuickTime
RAF
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Skype Toolbars
Skype™ 5.3
SpongeBob: Clash of Triton
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
WebM Media Foundation Components
WildTangent Games App (HP Games)
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
13/04/2012 16:23:03, Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for [::]:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
13/04/2012 16:12:52, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
13/04/2012 15:59:42, Error: netbt [4307] - Initialization failed because the transport refused to open initial addresses.
13/04/2012 15:59:16, Error: netbt [4311] - Initialization failed because the driver device could not be created. Use the string "001D72761CD9" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.
13/04/2012 15:43:05, Error: EventLog [6008] - The previous system shutdown at 15:41:53 on 13/04/2012 was unexpected.
13/04/2012 15:00:00, Error: EventLog [6008] - The previous system shutdown at 14:55:59 on 13/04/2012 was unexpected.
13/04/2012 14:52:58, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
13/04/2012 14:52:57, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
13/04/2012 14:52:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
13/04/2012 14:52:33, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC NetBIOS netbt nsiproxy pctgntdi PSched RasAcd rdbss Smb spldr tdx Wanarpv6
13/04/2012 14:52:33, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
13/04/2012 14:52:33, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
13/04/2012 14:52:33, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
13/04/2012 14:52:33, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
13/04/2012 14:52:33, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
13/04/2012 14:52:33, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
13/04/2012 14:52:33, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
13/04/2012 14:52:33, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
13/04/2012 14:52:33, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
13/04/2012 14:52:33, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
13/04/2012 14:52:33, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
13/04/2012 14:52:33, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
13/04/2012 14:52:33, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
13/04/2012 14:52:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
13/04/2012 14:52:22, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
13/04/2012 14:52:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
13/04/2012 14:52:19, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
13/04/2012 14:52:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/04/2012 14:41:06, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
12/04/2012 11:58:19, Error: Microsoft-Windows-PrintSpooler [6161] - The document Spanish classes 2012 colors, owned by Anuska, failed to print on printer Canon MP250 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 1148984. Number of bytes printed: 15760. Total number of pages in the document: 7. Number of pages printed: 0. Client computer: \\ANUSKA-PC. Win32 error code returned by the print processor: 1. Incorrect function.
12/04/2012 11:54:51, Error: Microsoft-Windows-PrintSpooler [6161] - The document Spanish classes 2012 colors, owned by Anuska, failed to print on printer Canon MP250 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 1769472. Number of bytes printed: 58588. Total number of pages in the document: 7. Number of pages printed: 0. Client computer: \\ANUSKA-PC. Win32 error code returned by the print processor: 1. Incorrect function.
12/04/2012 11:53:55, Error: Microsoft-Windows-PrintSpooler [6161] - The document Spanish classes 2012 colors, owned by Anuska, failed to print on printer Canon MP250 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 1101540. Number of bytes printed: 15760. Total number of pages in the document: 7. Number of pages printed: 0. Client computer: \\ANUSKA-PC. Win32 error code returned by the print processor: 1. Incorrect function.
12/04/2012 00:09:17, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
11/04/2012 15:59:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
11/04/2012 15:59:52, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/04/2012 15:59:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/04/2012 01:31:09, Error: Service Control Manager [7000] - The Symantec Eraser Control driver service failed to start due to the following error: The system cannot find the file specified.
10/04/2012 23:38:17, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
10/04/2012 04:36:52, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom4.
10/04/2012 01:41:12, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom3.
10/04/2012 00:02:25, Error: Microsoft-Windows-PrintSpooler [6161] - The document http://conjugador.reverso.net/conjugaci ... estar.html, owned by Anuska, failed to print on printer Canon MP250 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 1179648. Number of bytes printed: 1073052. Total number of pages in the document: 2. Number of pages printed: 0. Client computer: \\ANUSKA-PC. Win32 error code returned by the print processor: 1. Incorrect function.
09/04/2012 23:40:20, Error: Microsoft-Windows-PrintSpooler [6161] - The document UdComm.pdf, owned by Anuska, failed to print on printer Canon MP250 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 983040. Number of bytes printed: 654196. Total number of pages in the document: 2. Number of pages printed: 0. Client computer: \\ANUSKA-PC. Win32 error code returned by the print processor: 1. Incorrect function.
09/04/2012 23:30:06, Error: Microsoft-Windows-PrintSpooler [6161] - The document SpanAdjMatch2.pdf, owned by Anuska, failed to print on printer Canon MP250 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 524288. Number of bytes printed: 458428. Total number of pages in the document: 2. Number of pages printed: 0. Client computer: \\ANUSKA-PC. Win32 error code returned by the print processor: 1. Incorrect function.
09/04/2012 22:00:31, Error: Microsoft-Windows-PrintSpooler [6161] - The document Alphabet.pdf, owned by Anuska, failed to print on printer Canon MP250 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 786432. Number of bytes printed: 724516. Total number of pages in the document: 2. Number of pages printed: 0. Client computer: \\ANUSKA-PC. Win32 error code returned by the print processor: 1. Incorrect function.
.
==== End Of File ===========================
anuska
Active Member
 
Posts: 8
Joined: April 13th, 2012, 11:17 am
Advertisement
Register to Remove

Re: Multiple toolbars installed and possible adware

Unread postby askey127 » April 14th, 2012, 7:27 pm

Hi anuska,
We need to remove PC Tools, since it has duplicate anti-virus functionality.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

PC Tools Firewall Plus 7.0
Norton Security Scan

Take extra care in answering questions posed by any Uninstaller.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    BHO: Search Assistant BHO: {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - c:\program files\myscrapnook_12\bar\1.bin\12SrcAs.dll
    mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
    TB: My Scrap Nook: {fe6f06fb-0fc0-4499-828f-ee48088f504f} - c:\program files\myscrapnook_12\bar\1.bin\12bar.dll
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Multiple toolbars installed and possible adware

Unread postby anuska » April 15th, 2012, 10:00 am

OTL logfile created on: 15/04/2012 14:42:51 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Anuska\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 46.03% Memory free
3.74 Gb Paging File | 2.64 Gb Available in Paging File | 70.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102.44 Gb Total Space | 39.78 Gb Free Space | 38.83% Space Free | Partition Type: NTFS
Drive D: | 9.35 Gb Total Space | 1.62 Gb Free Space | 17.28% Space Free | Partition Type: NTFS

Computer Name: ANUSKA-PC | User Name: Anuska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/15 14:21:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Anuska\Desktop\OTL.exe
PRC - [2012/04/15 01:27:36 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2012/03/30 16:00:44 | 000,161,336 | ---- | M] (Google) -- C:\Users\Anuska\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012/03/28 22:36:47 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/03/07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/16 11:39:26 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files\MyScrapNook_12\bar\1.bin\12barsvc.exe
PRC - [2009/04/11 14:19:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/10 17:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/01/21 03:21:41 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2012/04/15 01:27:38 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/16 11:39:26 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files\MyScrapNook_12\bar\1.bin\12barsvc.exe -- (MyScrapNook_12Service)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/02/10 17:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/01/21 03:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/03/07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 01:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 01:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/11 14:19:01 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/04/27 11:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/24 22:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {b3b5c47e-61f7-4d81-af06-461fc86686ce} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enGB437
IE - HKCU\..\SearchScopes\{DCCDDC67-1173-4CE3-9213-BF5EF7E55BFE}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=en_UK&apn_ptnrs=^A9L&apn_dtid=^YYYYYY^YY^GB&apn_uid=F472438D-07D9-4818-BB14-2B4832EC0E47&apn_sauid=2C656A12-F9C3-4B59-BB4E-09A5EDB53669
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MyScrapNook_12.com/Plugin: C:\Program Files\MyScrapNook_12\bar\1.bin\NP12Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Anuska\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Anuska\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Anuska\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Anuska\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Anuska\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\12ffxtbr@MyScrapNook_12.com: C:\Program Files\MyScrapNook_12\bar\1.bin [2011/11/16 11:39:35 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Toolbar BHO) - {0214754e-4e7d-4589-829d-e2523e6a3085} - C:\Program Files\MyScrapNook_12\bar\1.bin\12bar.dll (MindSpark)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Search Assistant BHO) - {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - C:\Program Files\MyScrapNook_12\bar\1.bin\12SrcAs.dll (MindSpark)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (My Scrap Nook) - {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files\MyScrapNook_12\bar\1.bin\12bar.dll (MindSpark)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/produ ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30ACF419-CCC9-485E-B4F4-4BC6D5191D04}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/15 14:26:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/15 14:21:53 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Anuska\Desktop\OTL.exe
[2012/04/13 16:20:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Anuska\Desktop\dds.scr
[2012/04/13 15:58:21 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/04/08 01:34:28 | 000,000,000 | ---D | C] -- C:\Users\Anuska\AppData\Roaming\Mozilla
[2012/03/26 20:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/03/25 21:56:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012/03/22 18:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

========== Files - Modified Within 30 Days ==========

[2012/04/15 14:42:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/15 14:37:59 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/04/15 14:37:39 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/04/15 14:37:35 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/15 14:37:11 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/15 14:37:11 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/15 14:37:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/15 14:36:56 | 1877,344,256 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/15 14:29:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/15 14:21:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Anuska\Desktop\OTL.exe
[2012/04/15 14:00:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1227071289-1635233639-1265634246-1000UA.job
[2012/04/15 13:49:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1227071289-1635233639-1265634246-1000UA.job
[2012/04/15 01:35:31 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1227071289-1635233639-1265634246-1000Core.job
[2012/04/15 01:34:51 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1227071289-1635233639-1265634246-1000Core.job
[2012/04/13 16:21:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Anuska\Desktop\dds.scr
[2012/04/13 16:08:22 | 000,002,525 | ---- | M] () -- C:\Users\Anuska\Desktop\HiJackThis.lnk
[2012/04/12 16:42:21 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/12 16:42:20 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/12 14:41:30 | 000,000,680 | ---- | M] () -- C:\Users\Anuska\AppData\Local\d3d9caps.dat
[2012/04/12 11:58:04 | 000,026,962 | ---- | M] () -- C:\Users\Anuska\Documents\Spanish classes 2012 colors.odt
[2012/04/01 17:20:35 | 000,041,830 | ---- | M] () -- C:\Users\Anuska\Documents\Solaris Window Advert.odt
[2012/03/23 02:02:13 | 000,008,192 | ---- | M] () -- C:\Users\Anuska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/23 00:56:04 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/03/23 00:47:09 | 000,255,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/04/13 14:59:53 | 1877,344,256 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/09 18:25:50 | 000,026,962 | ---- | C] () -- C:\Users\Anuska\Documents\Spanish classes 2012 colors.odt
[2012/03/30 13:11:26 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/12 21:29:50 | 000,000,238 | ---- | C] () -- C:\Users\Anuska\AppData\Roaming\fixpermissions.bat
[2012/03/12 19:48:08 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/06/26 11:25:42 | 000,024,206 | ---- | C] () -- C:\Users\Anuska\AppData\Roaming\UserTile.png
[2011/06/25 04:57:34 | 000,008,192 | ---- | C] () -- C:\Users\Anuska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/22 16:42:19 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/06/22 16:42:05 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/06/22 16:37:06 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/06/22 16:01:10 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011/06/22 15:42:22 | 000,000,680 | ---- | C] () -- C:\Users\Anuska\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012/02/29 02:13:37 | 000,000,000 | ---D | M] -- C:\Users\Anuska\AppData\Roaming\Canon
[2012/03/13 02:29:32 | 000,000,000 | ---D | M] -- C:\Users\Anuska\AppData\Roaming\com.w3i.FlipToast
[2011/06/28 17:25:25 | 000,000,000 | ---D | M] -- C:\Users\Anuska\AppData\Roaming\OpenOffice.org
[2012/04/15 14:15:29 | 000,000,000 | ---D | M] -- C:\Users\Anuska\AppData\Roaming\PCToolsFirewallPlus
[2011/06/26 11:25:41 | 000,000,000 | ---D | M] -- C:\Users\Anuska\AppData\Roaming\PeerNetworking
[2011/11/12 16:36:55 | 000,000,000 | ---D | M] -- C:\Users\Anuska\AppData\Roaming\PlayFirst
[2012/04/15 01:34:51 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1227071289-1635233639-1265634246-1000Core.job
[2012/04/15 13:49:01 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1227071289-1635233639-1265634246-1000UA.job
[2012/04/15 14:36:06 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:B12D1A7D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:91486201
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >
anuska
Active Member
 
Posts: 8
Joined: April 13th, 2012, 11:17 am

Re: Multiple toolbars installed and possible adware

Unread postby anuska » April 15th, 2012, 10:00 am

OTL logfile created on: 15/04/2012 14:42:51 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Anuska\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 46.03% Memory free
3.74 Gb Paging File | 2.64 Gb Available in Paging File | 70.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102.44 Gb Total Space | 39.78 Gb Free Space | 38.83% Space Free | Partition Type: NTFS
Drive D: | 9.35 Gb Total Space | 1.62 Gb Free Space | 17.28% Space Free | Partition Type: NTFS

Computer Name: ANUSKA-PC | User Name: Anuska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/15 14:21:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Anuska\Desktop\OTL.exe
PRC - [2012/04/15 01:27:36 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2012/03/30 16:00:44 | 000,161,336 | ---- | M] (Google) -- C:\Users\Anuska\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012/03/28 22:36:47 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/03/07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/16 11:39:26 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files\MyScrapNook_12\bar\1.bin\12barsvc.exe
PRC - [2009/04/11 14:19:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/10 17:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/01/21 03:21:41 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2012/04/15 01:27:38 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/16 11:39:26 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files\MyScrapNook_12\bar\1.bin\12barsvc.exe -- (MyScrapNook_12Service)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/02/10 17:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/01/21 03:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/03/07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 01:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 01:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/11 14:19:01 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/04/27 11:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/24 22:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {b3b5c47e-61f7-4d81-af06-461fc86686ce} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enGB437
IE - HKCU\..\SearchScopes\{DCCDDC67-1173-4CE3-9213-BF5EF7E55BFE}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=en_UK&apn_ptnrs=^A9L&apn_dtid=^YYYYYY^YY^GB&apn_uid=F472438D-07D9-4818-BB14-2B4832EC0E47&apn_sauid=2C656A12-F9C3-4B59-BB4E-09A5EDB53669
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MyScrapNook_12.com/Plugin: C:\Program Files\MyScrapNook_12\bar\1.bin\NP12Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Anuska\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Anuska\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Anuska\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Anuska\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Anuska\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\12ffxtbr@MyScrapNook_12.com: C:\Program Files\MyScrapNook_12\bar\1.bin [2011/11/16 11:39:35 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Toolbar BHO) - {0214754e-4e7d-4589-829d-e2523e6a3085} - C:\Program Files\MyScrapNook_12\bar\1.bin\12bar.dll (MindSpark)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Search Assistant BHO) - {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - C:\Program Files\MyScrapNook_12\bar\1.bin\12SrcAs.dll (MindSpark)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (My Scrap Nook) - {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files\MyScrapNook_12\bar\1.bin\12bar.dll (MindSpark)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/produ ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30ACF419-CCC9-485E-B4F4-4BC6D5191D04}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/15 14:26:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/15 14:21:53 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Anuska\Desktop\OTL.exe
[2012/04/13 16:20:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Anuska\Desktop\dds.scr
[2012/04/13 15:58:21 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/04/08 01:34:28 | 000,000,000 | ---D | C] -- C:\Users\Anuska\AppData\Roaming\Mozilla
[2012/03/26 20:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/03/25 21:56:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012/03/22 18:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

========== Files - Modified Within 30 Days ==========

[2012/04/15 14:42:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/15 14:37:59 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/04/15 14:37:39 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/04/15 14:37:35 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/15 14:37:11 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/15 14:37:11 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/15 14:37:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/15 14:36:56 | 1877,344,256 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/15 14:29:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/15 14:21:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Anuska\Desktop\OTL.exe
[2012/04/15 14:00:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1227071289-1635233639-1265634246-1000UA.job
[2012/04/15 13:49:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1227071289-1635233639-1265634246-1000UA.job
[2012/04/15 01:35:31 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1227071289-1635233639-1265634246-1000Core.job
[2012/04/15 01:34:51 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1227071289-1635233639-1265634246-1000Core.job
[2012/04/13 16:21:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Anuska\Desktop\dds.scr
[2012/04/13 16:08:22 | 000,002,525 | ---- | M] () -- C:\Users\Anuska\Desktop\HiJackThis.lnk
[2012/04/12 16:42:21 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/12 16:42:20 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/12 14:41:30 | 000,000,680 | ---- | M] () -- C:\Users\Anuska\AppData\Local\d3d9caps.dat
[2012/04/12 11:58:04 | 000,026,962 | ---- | M] () -- C:\Users\Anuska\Documents\Spanish classes 2012 colors.odt
[2012/04/01 17:20:35 | 000,041,830 | ---- | M] () -- C:\Users\Anuska\Documents\Solaris Window Advert.odt
[2012/03/23 02:02:13 | 000,008,192 | ---- | M] () -- C:\Users\Anuska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/23 00:56:04 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/03/23 00:47:09 | 000,255,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/04/13 14:59:53 | 1877,344,256 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/09 18:25:50 | 000,026,962 | ---- | C] () -- C:\Users\Anuska\Documents\Spanish classes 2012 colors.odt
[2012/03/30 13:11:26 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/12 21:29:50 | 000,000,238 | ---- | C] () -- C:\Users\Anuska\AppData\Roaming\fixpermissions.bat
[2012/03/12 19:48:08 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/06/26 11:25:42 | 000,024,206 | ---- | C] () -- C:\Users\Anuska\AppData\Roaming\UserTile.png
[2011/06/25 04:57:34 | 000,008,192 | ---- | C] () -- C:\Users\Anuska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/22 16:42:19 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/06/22 16:42:05 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/06/22 16:37:06 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/06/22 16:01:10 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011/06/22 15:42:22 | 000,000,680 | ---- | C] () -- C:\Users\Anuska\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012/02/29 02:13:37 | 000,000,000 | ---D | M] -- C:\Users\Anuska\AppData\Roaming\Canon
[2012/03/13 02:29:32 | 000,000,000 | ---D | M] -- C:\Users\Anuska\AppData\Roaming\com.w3i.FlipToast
[2011/06/28 17:25:25 | 000,000,000 | ---D | M] -- C:\Users\Anuska\AppData\Roaming\OpenOffice.org
[2012/04/15 14:15:29 | 000,000,000 | ---D | M] -- C:\Users\Anuska\AppData\Roaming\PCToolsFirewallPlus
[2011/06/26 11:25:41 | 000,000,000 | ---D | M] -- C:\Users\Anuska\AppData\Roaming\PeerNetworking
[2011/11/12 16:36:55 | 000,000,000 | ---D | M] -- C:\Users\Anuska\AppData\Roaming\PlayFirst
[2012/04/15 01:34:51 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1227071289-1635233639-1265634246-1000Core.job
[2012/04/15 13:49:01 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1227071289-1635233639-1265634246-1000UA.job
[2012/04/15 14:36:06 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:B12D1A7D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:91486201
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >
anuska
Active Member
 
Posts: 8
Joined: April 13th, 2012, 11:17 am

Re: Multiple toolbars installed and possible adware

Unread postby askey127 » April 15th, 2012, 3:28 pm

anuska,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
    IE - HKCU\..\SearchScopes\{DCCDDC67-1173-4CE3-9213-BF5EF7E55BFE}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=en_UK&apn_ptnrs=^A9L&apn_dtid=^YYYYYY^YY^GB&apn_uid=F472438D-07D9-4818-BB14-2B4832EC0E47&apn_sauid=2C656A12-F9C3-4B59-BB4E-09A5EDB53669
    FF - HKLM\Software\MozillaPlugins\@MyScrapNook_12.com/Plugin: C:\Program Files\MyScrapNook_12\bar\1.bin\NP12Stub.dll (MindSpark)
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\12ffxtbr@MyScrapNook_12.com: C:\Program Files\MyScrapNook_12\bar\1.bin [2011/11/16 11:39:35 | 000,000,000 | ---D | M]
    O2 - BHO: (Toolbar BHO) - {0214754e-4e7d-4589-829d-e2523e6a3085} - C:\Program Files\MyScrapNook_12\bar\1.bin\12bar.dll (MindSpark)
    O3 - HKLM\..\Toolbar: (My Scrap Nook) - {fe6f06fb-0fc0-4499-828f-ee48088f504f} - C:\Program Files\MyScrapNook_12\bar\1.bin\12bar.dll (MindSpark)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:B12D1A7D
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:91486201
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C31F31E6
    
    :Files
    C:\Users\Anuska\AppData\Roaming\PCToolsFirewallPlus
    C:\Users\Anuska\AppData\Roaming\PeerNetworking
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
    If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Multiple toolbars installed and possible adware

Unread postby anuska » April 16th, 2012, 11:31 am

OTL logfile created on: 16/04/2012 16:19:56 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Anuska\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.71 Gb Available Physical Memory | 40.73% Memory free
3.74 Gb Paging File | 2.56 Gb Available in Paging File | 68.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102.44 Gb Total Space | 39.98 Gb Free Space | 39.03% Space Free | Partition Type: NTFS
Drive D: | 9.35 Gb Total Space | 1.62 Gb Free Space | 17.28% Space Free | Partition Type: NTFS

Computer Name: ANUSKA-PC | User Name: Anuska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/15 14:21:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Anuska\Desktop\OTL.exe
PRC - [2012/04/15 01:27:36 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2012/03/30 16:00:44 | 000,161,336 | ---- | M] (Google) -- C:\Users\Anuska\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012/03/28 22:36:47 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/03/07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/16 11:39:26 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files\MyScrapNook_12\bar\1.bin\12barsvc.exe
PRC - [2009/04/11 14:19:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/10 17:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/01/21 03:21:41 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2012/04/15 01:27:38 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/16 11:39:26 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files\MyScrapNook_12\bar\1.bin\12barsvc.exe -- (MyScrapNook_12Service)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/02/10 17:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/01/21 03:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/03/07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 01:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 01:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/11 14:19:01 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/04/27 11:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/24 22:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {b3b5c47e-61f7-4d81-af06-461fc86686ce} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enGB437
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Anuska\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Anuska\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Anuska\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Anuska\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Anuska\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\12ffxtbr@MyScrapNook_12.com: C:\Program Files\MyScrapNook_12\bar\1.bin [2012/04/16 16:09:27 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Search Assistant BHO) - {65f159fb-5f5e-46f4-b45d-ccfa236d2073} - C:\Program Files\MyScrapNook_12\bar\1.bin\12SrcAs.dll (MindSpark)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/produ ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30ACF419-CCC9-485E-B4F4-4BC6D5191D04}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/15 14:26:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/15 14:21:53 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Anuska\Desktop\OTL.exe
[2012/04/13 16:20:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Anuska\Desktop\dds.scr
[2012/04/13 15:58:21 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/04/08 01:34:28 | 000,000,000 | ---D | C] -- C:\Users\Anuska\AppData\Roaming\Mozilla
[2012/03/26 20:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/03/25 21:56:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012/03/22 18:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

========== Files - Modified Within 30 Days ==========

[2012/04/16 16:16:34 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/04/16 16:16:06 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/04/16 16:16:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/16 16:15:42 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/16 16:15:42 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/16 16:15:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/16 16:15:31 | 1877,303,296 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/16 16:00:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1227071289-1635233639-1265634246-1000UA.job
[2012/04/15 21:42:10 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/15 21:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/15 18:50:04 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1227071289-1635233639-1265634246-1000UA.job
[2012/04/15 17:00:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1227071289-1635233639-1265634246-1000Core.job
[2012/04/15 15:50:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1227071289-1635233639-1265634246-1000Core.job
[2012/04/15 15:00:14 | 000,023,255 | ---- | M] () -- C:\Users\Anuska\Documents\Document.rtf report after scanning.rtf
[2012/04/15 14:59:30 | 000,015,026 | ---- | M] () -- C:\Users\Anuska\Documents\Document.rtf report after booting.rtf
[2012/04/15 14:21:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Anuska\Desktop\OTL.exe
[2012/04/13 16:21:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Anuska\Desktop\dds.scr
[2012/04/13 16:08:22 | 000,002,525 | ---- | M] () -- C:\Users\Anuska\Desktop\HiJackThis.lnk
[2012/04/12 16:42:21 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/12 16:42:20 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/12 14:41:30 | 000,000,680 | ---- | M] () -- C:\Users\Anuska\AppData\Local\d3d9caps.dat
[2012/04/12 11:58:04 | 000,026,962 | ---- | M] () -- C:\Users\Anuska\Documents\Spanish classes 2012 colors.odt
[2012/04/01 17:20:35 | 000,041,830 | ---- | M] () -- C:\Users\Anuska\Documents\Solaris Window Advert.odt
[2012/03/23 02:02:13 | 000,008,192 | ---- | M] () -- C:\Users\Anuska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/23 00:56:04 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/03/23 00:47:09 | 000,255,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/04/15 15:00:14 | 000,023,255 | ---- | C] () -- C:\Users\Anuska\Documents\Document.rtf report after scanning.rtf
[2012/04/15 14:59:30 | 000,015,026 | ---- | C] () -- C:\Users\Anuska\Documents\Document.rtf report after booting.rtf
[2012/04/13 14:59:53 | 1877,303,296 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/09 18:25:50 | 000,026,962 | ---- | C] () -- C:\Users\Anuska\Documents\Spanish classes 2012 colors.odt
[2012/03/30 13:11:26 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/12 21:29:50 | 000,000,238 | ---- | C] () -- C:\Users\Anuska\AppData\Roaming\fixpermissions.bat
[2012/03/12 19:48:08 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/06/26 11:25:42 | 000,024,206 | ---- | C] () -- C:\Users\Anuska\AppData\Roaming\UserTile.png
[2011/06/25 04:57:34 | 000,008,192 | ---- | C] () -- C:\Users\Anuska\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/22 16:42:19 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/06/22 16:42:05 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/06/22 16:37:06 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/06/22 16:01:10 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011/06/22 15:42:22 | 000,000,680 | ---- | C] () -- C:\Users\Anuska\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012/02/29 02:13:37 | 000,000,000 | ---D | M] -- C:\Users\Anuska\AppData\Roaming\Canon
[2012/03/13 02:29:32 | 000,000,000 | ---D | M] -- C:\Users\Anuska\AppData\Roaming\com.w3i.FlipToast
[2011/06/28 17:25:25 | 000,000,000 | ---D | M] -- C:\Users\Anuska\AppData\Roaming\OpenOffice.org
[2011/11/12 16:36:55 | 000,000,000 | ---D | M] -- C:\Users\Anuska\AppData\Roaming\PlayFirst
[2012/04/15 15:50:01 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1227071289-1635233639-1265634246-1000Core.job
[2012/04/15 18:50:04 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1227071289-1635233639-1265634246-1000UA.job
[2012/04/16 16:14:22 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
anuska
Active Member
 
Posts: 8
Joined: April 13th, 2012, 11:17 am

Re: Multiple toolbars installed and possible adware

Unread postby anuska » April 16th, 2012, 11:41 am

16:34:46.0351 4868 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
16:34:46.0514 4868 ============================================================
16:34:46.0514 4868 Current date / time: 2012/04/16 16:34:46.0514
16:34:46.0514 4868 SystemInfo:
16:34:46.0514 4868
16:34:46.0514 4868 OS Version: 6.0.6002 ServicePack: 2.0
16:34:46.0514 4868 Product type: Workstation
16:34:46.0515 4868 ComputerName: ANUSKA-PC
16:34:46.0515 4868 UserName: Anuska
16:34:46.0515 4868 Windows directory: C:\Windows
16:34:46.0515 4868 System windows directory: C:\Windows
16:34:46.0515 4868 Processor architecture: Intel x86
16:34:46.0515 4868 Number of processors: 2
16:34:46.0515 4868 Page size: 0x1000
16:34:46.0515 4868 Boot type: Normal boot
16:34:46.0515 4868 ============================================================
16:34:48.0790 4868 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:34:48.0815 4868 \Device\Harddisk0\DR0:
16:34:48.0815 4868 MBR used
16:34:48.0815 4868 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xCCDF7C1
16:34:48.0815 4868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xCCDF800, BlocksNum 0x12B3800
16:34:48.0899 4868 Initialize success
16:34:48.0899 4868 ============================================================
16:35:50.0433 1316 ============================================================
16:35:50.0434 1316 Scan started
16:35:50.0434 1316 Mode: Manual;
16:35:50.0434 1316 ============================================================
16:35:51.0870 1316 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:35:51.0878 1316 ACPI - ok
16:35:51.0964 1316 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:35:51.0966 1316 AdobeARMservice - ok
16:35:52.0101 1316 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:35:52.0106 1316 AdobeFlashPlayerUpdateSvc - ok
16:35:52.0164 1316 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
16:35:52.0177 1316 adp94xx - ok
16:35:52.0219 1316 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
16:35:52.0225 1316 adpahci - ok
16:35:52.0250 1316 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
16:35:52.0254 1316 adpu160m - ok
16:35:52.0280 1316 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
16:35:52.0286 1316 adpu320 - ok
16:35:52.0344 1316 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
16:35:52.0346 1316 AeLookupSvc - ok
16:35:52.0434 1316 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:35:52.0444 1316 AFD - ok
16:35:52.0477 1316 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
16:35:52.0480 1316 agp440 - ok
16:35:52.0513 1316 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:35:52.0515 1316 aic78xx - ok
16:35:52.0564 1316 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
16:35:52.0567 1316 ALG - ok
16:35:52.0600 1316 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
16:35:52.0602 1316 aliide - ok
16:35:52.0631 1316 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
16:35:52.0634 1316 amdagp - ok
16:35:52.0657 1316 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
16:35:52.0659 1316 amdide - ok
16:35:52.0690 1316 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
16:35:52.0693 1316 AmdK7 - ok
16:35:52.0734 1316 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
16:35:52.0737 1316 AmdK8 - ok
16:35:52.0757 1316 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
16:35:52.0759 1316 Appinfo - ok
16:35:52.0795 1316 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
16:35:52.0799 1316 AppMgmt - ok
16:35:52.0850 1316 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
16:35:52.0853 1316 arc - ok
16:35:52.0878 1316 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
16:35:52.0882 1316 arcsas - ok
16:35:52.0940 1316 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
16:35:52.0943 1316 aswFsBlk - ok
16:35:53.0009 1316 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
16:35:53.0012 1316 aswMonFlt - ok
16:35:53.0066 1316 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\Windows\system32\drivers\aswRdr.sys
16:35:53.0068 1316 aswRdr - ok
16:35:53.0127 1316 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
16:35:53.0158 1316 aswSnx - ok
16:35:53.0243 1316 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
16:35:53.0253 1316 aswSP - ok
16:35:53.0329 1316 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
16:35:53.0331 1316 aswTdi - ok
16:35:53.0397 1316 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:35:53.0399 1316 AsyncMac - ok
16:35:53.0426 1316 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
16:35:53.0427 1316 atapi - ok
16:35:53.0494 1316 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
16:35:53.0507 1316 athr - ok
16:35:53.0575 1316 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
16:35:53.0586 1316 AudioEndpointBuilder - ok
16:35:53.0600 1316 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
16:35:53.0606 1316 Audiosrv - ok
16:35:53.0694 1316 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:35:53.0696 1316 avast! Antivirus - ok
16:35:53.0727 1316 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:35:53.0729 1316 Beep - ok
16:35:53.0803 1316 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
16:35:53.0814 1316 BFE - ok
16:35:53.0878 1316 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
16:35:53.0922 1316 BITS - ok
16:35:53.0960 1316 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
16:35:53.0984 1316 blbdrive - ok
16:35:54.0038 1316 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:35:54.0098 1316 bowser - ok
16:35:54.0150 1316 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:35:54.0152 1316 BrFiltLo - ok
16:35:54.0207 1316 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:35:54.0208 1316 BrFiltUp - ok
16:35:54.0262 1316 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
16:35:54.0265 1316 Browser - ok
16:35:54.0301 1316 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:35:54.0305 1316 Brserid - ok
16:35:54.0339 1316 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:35:54.0341 1316 BrSerWdm - ok
16:35:54.0364 1316 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:35:54.0365 1316 BrUsbMdm - ok
16:35:54.0383 1316 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:35:54.0385 1316 BrUsbSer - ok
16:35:54.0407 1316 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:35:54.0409 1316 BTHMODEM - ok
16:35:54.0440 1316 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:35:54.0441 1316 cdfs - ok
16:35:54.0469 1316 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:35:54.0471 1316 cdrom - ok
16:35:54.0487 1316 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
16:35:54.0488 1316 CertPropSvc - ok
16:35:54.0514 1316 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
16:35:54.0516 1316 circlass - ok
16:35:54.0548 1316 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:35:54.0552 1316 CLFS - ok
16:35:54.0653 1316 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:35:54.0660 1316 clr_optimization_v2.0.50727_32 - ok
16:35:54.0752 1316 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:35:54.0759 1316 clr_optimization_v4.0.30319_32 - ok
16:35:54.0802 1316 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
16:35:54.0804 1316 CmBatt - ok
16:35:54.0849 1316 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
16:35:54.0851 1316 cmdide - ok
16:35:54.0903 1316 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:\Windows\system32\drivers\CHDRT32.sys
16:35:54.0907 1316 CnxtHdAudService - ok
16:35:54.0932 1316 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
16:35:54.0934 1316 Compbatt - ok
16:35:54.0961 1316 COMSysApp - ok
16:35:55.0064 1316 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
16:35:55.0066 1316 crcdisk - ok
16:35:55.0094 1316 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
16:35:55.0097 1316 Crusoe - ok
16:35:55.0160 1316 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
16:35:55.0164 1316 CryptSvc - ok
16:35:55.0212 1316 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
16:35:55.0219 1316 CSC - ok
16:35:55.0301 1316 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
16:35:55.0323 1316 CscService - ok
16:35:55.0460 1316 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
16:35:55.0496 1316 DcomLaunch - ok
16:35:55.0563 1316 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
16:35:55.0568 1316 DfsC - ok
16:35:55.0679 1316 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
16:35:55.0711 1316 DFSR - ok
16:35:55.0743 1316 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
16:35:55.0749 1316 Dhcp - ok
16:35:55.0789 1316 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:35:55.0792 1316 disk - ok
16:35:55.0838 1316 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
16:35:55.0844 1316 Dnscache - ok
16:35:55.0874 1316 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
16:35:55.0880 1316 dot3svc - ok
16:35:55.0905 1316 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
16:35:55.0913 1316 DPS - ok
16:35:55.0968 1316 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:35:55.0971 1316 drmkaud - ok
16:35:56.0058 1316 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:35:56.0080 1316 DXGKrnl - ok
16:35:56.0143 1316 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:35:56.0148 1316 E1G60 - ok
16:35:56.0179 1316 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
16:35:56.0184 1316 EapHost - ok
16:35:56.0217 1316 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:35:56.0224 1316 Ecache - ok
16:35:56.0363 1316 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
16:35:56.0372 1316 ehRecvr - ok
16:35:56.0393 1316 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
16:35:56.0398 1316 ehSched - ok
16:35:56.0417 1316 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
16:35:56.0419 1316 ehstart - ok
16:35:56.0460 1316 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
16:35:56.0471 1316 elxstor - ok
16:35:56.0608 1316 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
16:35:56.0620 1316 EMDMgmt - ok
16:35:56.0660 1316 ErrDev (a81ab23eddb4693612014d87367d014c) C:\Windows\system32\drivers\errdev.sys
16:35:56.0662 1316 ErrDev - ok
16:35:56.0782 1316 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
16:35:56.0794 1316 EventSystem - ok
16:35:56.0842 1316 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:35:56.0845 1316 exfat - ok
16:35:56.0906 1316 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:35:56.0909 1316 fastfat - ok
16:35:56.0991 1316 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
16:35:57.0003 1316 Fax - ok
16:35:57.0035 1316 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
16:35:57.0037 1316 fdc - ok
16:35:57.0069 1316 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
16:35:57.0073 1316 fdPHost - ok
16:35:57.0103 1316 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
16:35:57.0107 1316 FDResPub - ok
16:35:57.0141 1316 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:35:57.0143 1316 FileInfo - ok
16:35:57.0176 1316 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:35:57.0178 1316 Filetrace - ok
16:35:57.0202 1316 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:35:57.0204 1316 flpydisk - ok
16:35:57.0236 1316 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:35:57.0242 1316 FltMgr - ok
16:35:57.0329 1316 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
16:35:57.0362 1316 FontCache - ok
16:35:57.0500 1316 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:35:57.0502 1316 FontCache3.0.0.0 - ok
16:35:57.0558 1316 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
16:35:57.0560 1316 Fs_Rec - ok
16:35:57.0649 1316 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
16:35:57.0655 1316 fvevol - ok
16:35:57.0727 1316 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
16:35:57.0742 1316 gagp30kx - ok
16:35:57.0833 1316 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files\WildTangent Games\App\GamesAppService.exe
16:35:57.0841 1316 GamesAppService - ok
16:35:57.0907 1316 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
16:35:57.0941 1316 gpsvc - ok
16:35:58.0053 1316 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:35:58.0059 1316 gupdate - ok
16:35:58.0076 1316 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:35:58.0079 1316 gupdatem - ok
16:35:58.0182 1316 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
16:35:58.0191 1316 HdAudAddService - ok
16:35:58.0281 1316 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:35:58.0303 1316 HDAudBus - ok
16:35:58.0330 1316 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:35:58.0333 1316 HidBth - ok
16:35:58.0364 1316 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:35:58.0367 1316 HidIr - ok
16:35:58.0427 1316 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
16:35:58.0433 1316 hidserv - ok
16:35:58.0464 1316 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
16:35:58.0467 1316 HidUsb - ok
16:35:58.0529 1316 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
16:35:58.0537 1316 hkmsvc - ok
16:35:58.0570 1316 HpCISSs (7ebec5eb56b90ed65a8bbd91464e5cfb) C:\Windows\system32\drivers\hpcisss.sys
16:35:58.0572 1316 HpCISSs - ok
16:35:58.0663 1316 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
16:35:58.0696 1316 HSF_DPV - ok
16:35:58.0808 1316 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
16:35:58.0815 1316 HSXHWAZL - ok
16:35:58.0984 1316 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:35:58.0992 1316 HTTP - ok
16:35:59.0025 1316 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
16:35:59.0027 1316 i2omp - ok
16:35:59.0058 1316 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:35:59.0062 1316 i8042prt - ok
16:35:59.0115 1316 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
16:35:59.0122 1316 iaStorV - ok
16:35:59.0261 1316 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:35:59.0296 1316 idsvc - ok
16:35:59.0328 1316 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:35:59.0331 1316 iirsp - ok
16:35:59.0421 1316 IJPLMSVC (a06efd4965f8a3f97a8c9a291d032678) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
16:35:59.0424 1316 IJPLMSVC - ok
16:35:59.0482 1316 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
16:35:59.0506 1316 IKEEXT - ok
16:35:59.0551 1316 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:35:59.0553 1316 intelide - ok
16:35:59.0587 1316 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:35:59.0589 1316 intelppm - ok
16:35:59.0612 1316 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
16:35:59.0620 1316 IPBusEnum - ok
16:35:59.0655 1316 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:35:59.0658 1316 IpFilterDriver - ok
16:35:59.0691 1316 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
16:35:59.0700 1316 iphlpsvc - ok
16:35:59.0718 1316 IpInIp - ok
16:35:59.0753 1316 IPMIDRV (4b9c0f4d4a3acc535f9771039ecd6365) C:\Windows\system32\drivers\ipmidrv.sys
16:35:59.0755 1316 IPMIDRV - ok
16:35:59.0783 1316 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:35:59.0787 1316 IPNAT - ok
16:35:59.0812 1316 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:35:59.0814 1316 IRENUM - ok
16:35:59.0840 1316 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
16:35:59.0843 1316 isapnp - ok
16:35:59.0869 1316 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:35:59.0875 1316 iScsiPrt - ok
16:35:59.0906 1316 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:35:59.0909 1316 iteatapi - ok
16:35:59.0941 1316 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:35:59.0944 1316 iteraid - ok
16:35:59.0988 1316 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:35:59.0991 1316 kbdclass - ok
16:36:00.0035 1316 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
16:36:00.0052 1316 kbdhid - ok
16:36:00.0091 1316 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:36:00.0098 1316 KeyIso - ok
16:36:00.0146 1316 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:36:00.0168 1316 KSecDD - ok
16:36:00.0229 1316 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
16:36:00.0251 1316 KtmRm - ok
16:36:00.0353 1316 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
16:36:00.0368 1316 LanmanServer - ok
16:36:00.0431 1316 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
16:36:00.0453 1316 LanmanWorkstation - ok
16:36:00.0529 1316 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:36:00.0533 1316 lltdio - ok
16:36:00.0585 1316 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
16:36:00.0594 1316 lltdsvc - ok
16:36:00.0626 1316 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
16:36:00.0632 1316 lmhosts - ok
16:36:00.0664 1316 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
16:36:00.0669 1316 LSI_FC - ok
16:36:00.0699 1316 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
16:36:00.0704 1316 LSI_SAS - ok
16:36:00.0734 1316 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
16:36:00.0739 1316 LSI_SCSI - ok
16:36:00.0766 1316 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:36:00.0770 1316 luafv - ok
16:36:00.0818 1316 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
16:36:00.0825 1316 Mcx2Svc - ok
16:36:00.0857 1316 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:36:00.0860 1316 mdmxsdk - ok
16:36:00.0904 1316 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
16:36:00.0907 1316 megasas - ok
16:36:00.0951 1316 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
16:36:00.0962 1316 MegaSR - ok
16:36:01.0009 1316 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:36:01.0017 1316 MMCSS - ok
16:36:01.0050 1316 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:36:01.0053 1316 Modem - ok
16:36:01.0071 1316 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:36:01.0073 1316 monitor - ok
16:36:01.0093 1316 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:36:01.0095 1316 mouclass - ok
16:36:01.0119 1316 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
16:36:01.0121 1316 mouhid - ok
16:36:01.0156 1316 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:36:01.0160 1316 MountMgr - ok
16:36:01.0198 1316 mpio (5da347912fd3af24d7bfb3de519d4bd0) C:\Windows\system32\drivers\mpio.sys
16:36:01.0201 1316 mpio - ok
16:36:01.0242 1316 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:36:01.0245 1316 mpsdrv - ok
16:36:01.0284 1316 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
16:36:01.0308 1316 MpsSvc - ok
16:36:01.0341 1316 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:36:01.0343 1316 Mraid35x - ok
16:36:01.0369 1316 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:36:01.0373 1316 MRxDAV - ok
16:36:01.0433 1316 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:36:01.0437 1316 mrxsmb - ok
16:36:01.0487 1316 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:36:01.0492 1316 mrxsmb10 - ok
16:36:01.0536 1316 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:36:01.0539 1316 mrxsmb20 - ok
16:36:01.0583 1316 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
16:36:01.0585 1316 msahci - ok
16:36:01.0613 1316 msdsm (2c563aef15b8d0014c36c5f27742ac7b) C:\Windows\system32\drivers\msdsm.sys
16:36:01.0615 1316 msdsm - ok
16:36:01.0663 1316 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
16:36:01.0668 1316 MSDTC - ok
16:36:01.0708 1316 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:36:01.0709 1316 Msfs - ok
16:36:01.0726 1316 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:36:01.0728 1316 msisadrv - ok
16:36:01.0768 1316 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
16:36:01.0772 1316 MSiSCSI - ok
16:36:01.0783 1316 msiserver - ok
16:36:01.0848 1316 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:36:01.0849 1316 MSKSSRV - ok
16:36:01.0880 1316 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:36:01.0882 1316 MSPCLOCK - ok
16:36:01.0905 1316 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:36:01.0906 1316 MSPQM - ok
16:36:01.0934 1316 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:36:01.0940 1316 MsRPC - ok
16:36:01.0971 1316 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:36:01.0973 1316 mssmbios - ok
16:36:02.0022 1316 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:36:02.0025 1316 MSTEE - ok
16:36:02.0051 1316 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:36:02.0055 1316 Mup - ok
16:36:02.0150 1316 MyScrapNook_12Service (622fcf264119f7df127be353f796b319) C:\PROGRA~1\MYSCRA~2\bar\1.bin\12barsvc.exe
16:36:02.0152 1316 MyScrapNook_12Service - ok
16:36:02.0206 1316 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
16:36:02.0229 1316 napagent - ok
16:36:02.0267 1316 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:36:02.0271 1316 NativeWifiP - ok
16:36:02.0313 1316 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:36:02.0335 1316 NDIS - ok
16:36:02.0364 1316 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:36:02.0367 1316 NdisTapi - ok
16:36:02.0390 1316 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:36:02.0392 1316 Ndisuio - ok
16:36:02.0421 1316 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:36:02.0425 1316 NdisWan - ok
16:36:02.0527 1316 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:36:02.0531 1316 NDProxy - ok
16:36:02.0603 1316 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:36:02.0607 1316 NetBIOS - ok
16:36:02.0633 1316 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:36:02.0639 1316 netbt - ok
16:36:02.0706 1316 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:36:02.0712 1316 Netlogon - ok
16:36:02.0764 1316 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
16:36:02.0779 1316 Netman - ok
16:36:02.0811 1316 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
16:36:02.0822 1316 netprofm - ok
16:36:02.0915 1316 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:36:02.0921 1316 NetTcpPortSharing - ok
16:36:02.0969 1316 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:36:02.0972 1316 nfrd960 - ok
16:36:03.0020 1316 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
16:36:03.0033 1316 NlaSvc - ok
16:36:03.0061 1316 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:36:03.0065 1316 Npfs - ok
16:36:03.0137 1316 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
16:36:03.0146 1316 nsi - ok
16:36:03.0175 1316 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:36:03.0178 1316 nsiproxy - ok
16:36:03.0246 1316 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:36:03.0292 1316 Ntfs - ok
16:36:03.0321 1316 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:36:03.0324 1316 ntrigdigi - ok
16:36:03.0351 1316 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:36:03.0353 1316 Null - ok
16:36:03.0401 1316 NVENETFD (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
16:36:03.0407 1316 NVENETFD - ok
16:36:04.0105 1316 nvlddmkm (9dac05d828e56801fd6ce5fdfced64af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:36:04.0548 1316 nvlddmkm - ok
16:36:04.0792 1316 NVNET (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
16:36:04.0798 1316 NVNET - ok
16:36:04.0869 1316 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
16:36:04.0877 1316 nvraid - ok
16:36:04.0916 1316 nvsmu (0fb6bf3ab170fc5bd403d25e134eafde) C:\Windows\system32\DRIVERS\nvsmu.sys
16:36:04.0919 1316 nvsmu - ok
16:36:04.0973 1316 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
16:36:04.0976 1316 nvstor - ok
16:36:05.0030 1316 nvsvc (51e7f2c26b6ece61c5241f1f731eab2b) C:\Windows\system32\nvvsvc.exe
16:36:05.0043 1316 nvsvc - ok
16:36:05.0077 1316 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
16:36:05.0081 1316 nv_agp - ok
16:36:05.0097 1316 NwlnkFlt - ok
16:36:05.0120 1316 NwlnkFwd - ok
16:36:05.0158 1316 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
16:36:05.0161 1316 ohci1394 - ok
16:36:05.0231 1316 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:36:05.0249 1316 p2pimsvc - ok
16:36:05.0297 1316 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:36:05.0315 1316 p2psvc - ok
16:36:05.0345 1316 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:36:05.0348 1316 Parport - ok
16:36:05.0377 1316 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:36:05.0381 1316 partmgr - ok
16:36:05.0407 1316 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:36:05.0409 1316 Parvdm - ok
16:36:05.0436 1316 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
16:36:05.0446 1316 PcaSvc - ok
16:36:05.0500 1316 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:36:05.0506 1316 pci - ok
16:36:05.0530 1316 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
16:36:05.0533 1316 pciide - ok
16:36:05.0569 1316 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:36:05.0576 1316 pcmcia - ok
16:36:05.0630 1316 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:36:05.0664 1316 PEAUTH - ok
16:36:05.0865 1316 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
16:36:05.0942 1316 pla - ok
16:36:06.0019 1316 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
16:36:06.0042 1316 PlugPlay - ok
16:36:06.0188 1316 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:36:06.0206 1316 PNRPAutoReg - ok
16:36:06.0243 1316 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
16:36:06.0261 1316 PNRPsvc - ok
16:36:06.0327 1316 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
16:36:06.0337 1316 PolicyAgent - ok
16:36:06.0423 1316 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:36:06.0427 1316 PptpMiniport - ok
16:36:06.0489 1316 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
16:36:06.0492 1316 Processor - ok
16:36:06.0541 1316 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
16:36:06.0555 1316 ProfSvc - ok
16:36:06.0600 1316 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:36:06.0607 1316 ProtectedStorage - ok
16:36:06.0665 1316 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:36:06.0668 1316 PSched - ok
16:36:06.0742 1316 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
16:36:06.0759 1316 ql2300 - ok
16:36:06.0789 1316 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:36:06.0793 1316 ql40xx - ok
16:36:06.0839 1316 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
16:36:06.0852 1316 QWAVE - ok
16:36:06.0872 1316 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:36:06.0876 1316 QWAVEdrv - ok
16:36:06.0905 1316 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:36:06.0908 1316 RasAcd - ok
16:36:06.0947 1316 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
16:36:06.0956 1316 RasAuto - ok
16:36:07.0001 1316 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:36:07.0003 1316 Rasl2tp - ok
16:36:07.0051 1316 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
16:36:07.0061 1316 RasMan - ok
16:36:07.0124 1316 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:36:07.0127 1316 RasPppoe - ok
16:36:07.0173 1316 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:36:07.0176 1316 RasSstp - ok
16:36:07.0221 1316 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:36:07.0227 1316 rdbss - ok
16:36:07.0291 1316 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:36:07.0314 1316 RDPCDD - ok
16:36:07.0360 1316 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
16:36:07.0367 1316 rdpdr - ok
16:36:07.0383 1316 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:36:07.0386 1316 RDPENCDD - ok
16:36:07.0437 1316 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
16:36:07.0440 1316 RDPWD - ok
16:36:07.0490 1316 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
16:36:07.0495 1316 RemoteAccess - ok
16:36:07.0561 1316 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
16:36:07.0569 1316 RemoteRegistry - ok
16:36:07.0635 1316 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
16:36:07.0639 1316 RpcLocator - ok
16:36:07.0675 1316 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
16:36:07.0685 1316 RpcSs - ok
16:36:07.0748 1316 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:36:07.0751 1316 rspndr - ok
16:36:07.0777 1316 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
16:36:07.0784 1316 SamSs - ok
16:36:07.0819 1316 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:36:07.0822 1316 sbp2port - ok
16:36:07.0853 1316 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
16:36:07.0864 1316 SCardSvr - ok
16:36:07.0944 1316 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
16:36:07.0978 1316 Schedule - ok
16:36:08.0051 1316 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
16:36:08.0053 1316 SCPolicySvc - ok
16:36:08.0089 1316 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
16:36:08.0103 1316 SDRSVC - ok
16:36:08.0136 1316 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:36:08.0138 1316 secdrv - ok
16:36:08.0168 1316 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
16:36:08.0178 1316 seclogon - ok
16:36:08.0199 1316 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
16:36:08.0211 1316 SENS - ok
16:36:08.0245 1316 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:36:08.0247 1316 Serenum - ok
16:36:08.0278 1316 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:36:08.0282 1316 Serial - ok
16:36:08.0313 1316 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:36:08.0316 1316 sermouse - ok
16:36:08.0362 1316 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
16:36:08.0374 1316 SessionEnv - ok
16:36:08.0401 1316 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
16:36:08.0404 1316 sffdisk - ok
16:36:08.0431 1316 sffp_mmc (e5eafe85815bd89095fef3144a09ab68) C:\Windows\system32\drivers\sffp_mmc.sys
16:36:08.0433 1316 sffp_mmc - ok
16:36:08.0454 1316 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\drivers\sffp_sd.sys
16:36:08.0456 1316 sffp_sd - ok
16:36:08.0489 1316 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:36:08.0491 1316 sfloppy - ok
16:36:08.0566 1316 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
16:36:08.0588 1316 SharedAccess - ok
16:36:08.0685 1316 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
16:36:08.0702 1316 ShellHWDetection - ok
16:36:08.0742 1316 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
16:36:08.0744 1316 sisagp - ok
16:36:08.0851 1316 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
16:36:08.0854 1316 SiSRaid2 - ok
16:36:08.0908 1316 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
16:36:08.0975 1316 SiSRaid4 - ok
16:36:09.0372 1316 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
16:36:09.0491 1316 slsvc - ok
16:36:09.0535 1316 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
16:36:09.0548 1316 SLUINotify - ok
16:36:09.0592 1316 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
16:36:09.0597 1316 Smb - ok
16:36:09.0666 1316 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
16:36:09.0676 1316 SNMPTRAP - ok
16:36:09.0710 1316 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:36:09.0713 1316 spldr - ok
16:36:09.0779 1316 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
16:36:09.0789 1316 Spooler - ok
16:36:09.0866 1316 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:36:09.0998 1316 srv - ok
16:36:10.0082 1316 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:36:10.0089 1316 srv2 - ok
16:36:10.0161 1316 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:36:10.0194 1316 srvnet - ok
16:36:10.0257 1316 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
16:36:10.0334 1316 SSDPSRV - ok
16:36:10.0385 1316 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
16:36:10.0400 1316 SstpSvc - ok
16:36:10.0477 1316 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
16:36:10.0511 1316 stisvc - ok
16:36:10.0580 1316 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:36:10.0583 1316 swenum - ok
16:36:10.0615 1316 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
16:36:10.0652 1316 swprv - ok
16:36:10.0685 1316 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:36:10.0689 1316 Symc8xx - ok
16:36:10.0724 1316 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:36:10.0728 1316 Sym_hi - ok
16:36:10.0751 1316 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:36:10.0755 1316 Sym_u3 - ok
16:36:10.0810 1316 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
16:36:10.0815 1316 SynTP - ok
16:36:10.0857 1316 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
16:36:10.0891 1316 SysMain - ok
16:36:10.0956 1316 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
16:36:10.0969 1316 TabletInputService - ok
16:36:11.0051 1316 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
16:36:11.0075 1316 TapiSrv - ok
16:36:11.0106 1316 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
16:36:11.0120 1316 TBS - ok
16:36:11.0211 1316 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
16:36:11.0244 1316 Tcpip - ok
16:36:11.0305 1316 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
16:36:11.0319 1316 Tcpip6 - ok
16:36:11.0394 1316 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
16:36:11.0397 1316 tcpipreg - ok
16:36:11.0478 1316 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:36:11.0481 1316 TDPIPE - ok
16:36:11.0509 1316 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:36:11.0513 1316 TDTCP - ok
16:36:11.0553 1316 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:36:11.0558 1316 tdx - ok
16:36:11.0591 1316 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:36:11.0595 1316 TermDD - ok
16:36:11.0683 1316 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
16:36:11.0717 1316 TermService - ok
16:36:11.0789 1316 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
16:36:11.0803 1316 Themes - ok
16:36:11.0847 1316 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
16:36:11.0854 1316 THREADORDER - ok
16:36:11.0886 1316 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
16:36:11.0900 1316 TrkWks - ok
16:36:11.0994 1316 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
16:36:11.0998 1316 TrustedInstaller - ok
16:36:12.0073 1316 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:36:12.0076 1316 tssecsrv - ok
16:36:12.0142 1316 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:36:12.0145 1316 tunmp - ok
16:36:12.0192 1316 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:36:12.0195 1316 tunnel - ok
16:36:12.0249 1316 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
16:36:12.0253 1316 uagp35 - ok
16:36:12.0291 1316 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:36:12.0316 1316 udfs - ok
16:36:12.0404 1316 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
16:36:12.0416 1316 UI0Detect - ok
16:36:12.0448 1316 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
16:36:12.0451 1316 uliagpkx - ok
16:36:12.0507 1316 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
16:36:12.0514 1316 uliahci - ok
16:36:12.0554 1316 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:36:12.0558 1316 UlSata - ok
16:36:12.0591 1316 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:36:12.0596 1316 ulsata2 - ok
16:36:12.0631 1316 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:36:12.0633 1316 umbus - ok
16:36:12.0670 1316 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
16:36:12.0692 1316 UmRdpService - ok
16:36:12.0724 1316 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
16:36:12.0740 1316 upnphost - ok
16:36:12.0812 1316 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:36:12.0817 1316 usbccgp - ok
16:36:12.0862 1316 USBCCID (32c068eaf37c92d7194eee1faa1e7853) C:\Windows\system32\DRIVERS\usbccid.sys
16:36:12.0865 1316 USBCCID - ok
16:36:12.0894 1316 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:36:12.0898 1316 usbcir - ok
16:36:12.0927 1316 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:36:12.0931 1316 usbehci - ok
16:36:12.0963 1316 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:36:12.0970 1316 usbhub - ok
16:36:13.0061 1316 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
16:36:13.0064 1316 usbohci - ok
16:36:13.0128 1316 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:36:13.0131 1316 usbprint - ok
16:36:13.0160 1316 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:36:13.0164 1316 usbscan - ok
16:36:13.0185 1316 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:36:13.0189 1316 USBSTOR - ok
16:36:13.0214 1316 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:36:13.0218 1316 usbuhci - ok
16:36:13.0285 1316 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
16:36:13.0291 1316 usbvideo - ok
16:36:13.0367 1316 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
16:36:13.0379 1316 UxSms - ok
16:36:13.0477 1316 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
16:36:13.0531 1316 vds - ok
16:36:13.0607 1316 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
16:36:13.0610 1316 vga - ok
16:36:13.0670 1316 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:36:13.0691 1316 VgaSave - ok
16:36:13.0737 1316 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
16:36:13.0740 1316 viaagp - ok
16:36:13.0768 1316 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
16:36:13.0771 1316 ViaC7 - ok
16:36:13.0797 1316 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
16:36:13.0800 1316 viaide - ok
16:36:13.0858 1316 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:36:13.0861 1316 volmgr - ok
16:36:13.0902 1316 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:36:13.0912 1316 volmgrx - ok
16:36:13.0977 1316 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:36:13.0982 1316 volsnap - ok
16:36:14.0020 1316 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
16:36:14.0024 1316 vsmraid - ok
16:36:14.0128 1316 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
16:36:14.0184 1316 VSS - ok
16:36:14.0223 1316 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
16:36:14.0238 1316 W32Time - ok
16:36:14.0279 1316 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:36:14.0282 1316 WacomPen - ok
16:36:14.0312 1316 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:36:14.0317 1316 Wanarp - ok
16:36:14.0327 1316 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:36:14.0330 1316 Wanarpv6 - ok
16:36:14.0391 1316 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
16:36:14.0437 1316 wbengine - ok
16:36:14.0482 1316 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
16:36:14.0516 1316 wcncsvc - ok
16:36:14.0539 1316 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
16:36:14.0551 1316 WcsPlugInService - ok
16:36:14.0586 1316 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
16:36:14.0591 1316 Wd - ok
16:36:14.0639 1316 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:36:14.0649 1316 Wdf01000 - ok
16:36:14.0680 1316 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:36:14.0694 1316 WdiServiceHost - ok
16:36:14.0702 1316 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
16:36:14.0717 1316 WdiSystemHost - ok
16:36:14.0781 1316 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
16:36:14.0813 1316 WebClient - ok
16:36:14.0880 1316 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
16:36:14.0896 1316 Wecsvc - ok
16:36:14.0917 1316 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
16:36:14.0932 1316 wercplsupport - ok
16:36:14.0958 1316 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
16:36:14.0972 1316 WerSvc - ok
16:36:15.0169 1316 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:36:15.0302 1316 winachsf - ok
16:36:15.0437 1316 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
16:36:15.0446 1316 WinDefend - ok
16:36:15.0460 1316 WinHttpAutoProxySvc - ok
16:36:15.0566 1316 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
16:36:15.0573 1316 Winmgmt - ok
16:36:15.0680 1316 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
16:36:15.0737 1316 WinRM - ok
16:36:15.0839 1316 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
16:36:15.0872 1316 Wlansvc - ok
16:36:15.0967 1316 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:36:15.0970 1316 WmiAcpi - ok
16:36:16.0081 1316 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
16:36:16.0088 1316 wmiApSrv - ok
16:36:16.0204 1316 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:36:16.0238 1316 WMPNetworkSvc - ok
16:36:16.0310 1316 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
16:36:16.0332 1316 WPCSvc - ok
16:36:16.0420 1316 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
16:36:16.0435 1316 WPDBusEnum - ok
16:36:16.0485 1316 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:36:16.0488 1316 WpdUsb - ok
16:36:16.0704 1316 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:36:16.0738 1316 WPFFontCache_v0400 - ok
16:36:16.0803 1316 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:36:16.0806 1316 ws2ifsl - ok
16:36:16.0874 1316 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
16:36:16.0911 1316 wscsvc - ok
16:36:16.0930 1316 WSearch - ok
16:36:17.0200 1316 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
16:36:17.0300 1316 wuauserv - ok
16:36:17.0366 1316 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:36:17.0371 1316 WUDFRd - ok
16:36:17.0440 1316 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
16:36:17.0454 1316 wudfsvc - ok
16:36:17.0518 1316 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
16:36:17.0520 1316 XAudio - ok
16:36:17.0581 1316 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
16:36:17.0592 1316 XAudioService - ok
16:36:17.0661 1316 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:36:17.0700 1316 \Device\Harddisk0\DR0 - ok
16:36:17.0708 1316 Boot (0x1200) (082213504b2744415a15a87020b0c04a) \Device\Harddisk0\DR0\Partition0
16:36:17.0710 1316 \Device\Harddisk0\DR0\Partition0 - ok
16:36:17.0736 1316 Boot (0x1200) (a153e79588f0c776ccc2082ea6b581be) \Device\Harddisk0\DR0\Partition1
16:36:17.0739 1316 \Device\Harddisk0\DR0\Partition1 - ok
16:36:17.0740 1316 ============================================================
16:36:17.0740 1316 Scan finished
16:36:17.0740 1316 ============================================================
16:36:17.0765 5020 Detected object count: 0
16:36:17.0765 5020 Actual detected object count: 0
16:37:26.0861 1036 Deinitialize success
anuska
Active Member
 
Posts: 8
Joined: April 13th, 2012, 11:17 am

Re: Multiple toolbars installed and possible adware

Unread postby askey127 » April 16th, 2012, 12:04 pm

Looks good. How is it running?
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Multiple toolbars installed and possible adware

Unread postby anuska » April 17th, 2012, 9:44 am

Hi Askey127!

yes, I wanted to thank you!! It's running like I-don't-remember-when-was-the-last-time-it-worked-so-fast!
You guys are awesome, honestly, I'm so glad Luke directed me to you and you provide with this help bcz I was thinking it's time to get a new lap-top! THANK YOU AGAIN!!

Do you have any tips for me? to not to fill up my computer with rubbish again? I recon my computer is good as it is now so I shouldn't pay any attention to "download this or that" messages and should only update windows?

Thanx Askey
anuska
Active Member
 
Posts: 8
Joined: April 13th, 2012, 11:17 am

Re: Multiple toolbars installed and possible adware

Unread postby askey127 » April 17th, 2012, 8:16 pm

anuska,
Sure.
Keep your Windows and Antivirus updated.
Don't allow anyone to install any toolbars of any kind.
Don't vote for any new Security Programs.

Use this program below every month or so to clean out the junk. It usually requires a reboot.
----------------------------------------------
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
You might want to Copy/Paste/Print these instructions and Save any unsaved work. TFC will close ALL open programs... including your browser!
Double click to run it. (Right click and choose Run as Administrator in Vista or Win7)
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, it will report the total size of files removed. If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.

Good Luck,
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Multiple toolbars installed and possible adware

Unread postby anuska » April 19th, 2012, 7:05 am

done. Thank you.
now, what do i do with the new stuff this process created on my desktop? dds, OTL, OTL text, Extras, tdsskiller, TFC
anuska
Active Member
 
Posts: 8
Joined: April 13th, 2012, 11:17 am

Re: Multiple toolbars installed and possible adware

Unread postby askey127 » April 19th, 2012, 8:33 am

anuska,
You can delete any or all of them by right clicking each desktop item and choosing Delete.
None of them need to be "Uninstalled".

You can remove most of them automatically if you open OTL and click the Clean Up button.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Multiple toolbars installed and possible adware

Unread postby askey127 » April 20th, 2012, 7:02 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware