Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

MS IE Explorer window vibrating - believed to be malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

MS IE Explorer window vibrating - believed to be malware

Unread postby Jim701 » June 30th, 2012, 7:12 pm

The Window in IE Explorer runs normally when viewing you tube videos for example and the video window can be expanded to full screen. On pressing ESC to revert from full screen, the window then starts to vibrate - caused by it expaning and contracting slightly very rapidly.
The Restore function in Windows was tried with more than one restore date but all failed - indicating an unknown error. (This has often worked for me before to remove malware)

The computer is running Windows 7 Professional with Service Pack 1. All updates are accepted.
The Computer is a Dell Optiplex with 4 GB memory 32 bit operating system.
The computer has a paid for version of AVG Version 2012.0.2180.

As the restore function failed I downloaded and ran Malwarebyte. Afer 2.5 hours it found 6 items which were all removed but this had no effect on the shaking screen which is still persisted.

It seems that the screen shaking can be haulted by repeatedly pressing the Alt and Esc keys in rapid succession.

(A further problem arose this evening which prevented IE Explorer opening http://www.Google.com. A piece of software appeared to be trying to load a Google toolbar into IE Explorer. A pop up window repeatedly appeared asking the operator to 'allow' the software to modify IE Explorer but all the buttons were disabled and so this pop-up window could not be removed. (Normally it always pops-up and one can accept or reject the site trying to access the computer and this normally works well) But this evening it could not be closed by clicking on any of the buttons. It was removed by deleting the add-on Google tool bar software, from control panel using the Uninstall feature.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Alex at 23:34:01 on 2012-06-30
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3326.2134 [GMT 1:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nuance\dgnsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking11\Ereg.ini
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{77C2F2DE-6B45-4645-990A-8965CD9D1BA1} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 47968]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-3-23 2321520]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-30 654408]
R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\nitro pdf\professional 7\NitroPDFDriverService2.exe [2012-6-24 184840]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-6-24 69640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2010-2-16 2519040]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-6-30 935008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-30 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-12 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 257224]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dfg;dfg;c:\windows\system32\drivers\dfg.sys [2011-12-7 23552]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-12 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-7 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-14 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
.
=============== Created Last 30 ================
.
2012-06-30 11:46:27 -------- d-----w- c:\users\alex\appdata\roaming\Malwarebytes
2012-06-30 11:46:11 -------- d-----w- c:\programdata\Malwarebytes
2012-06-30 11:46:10 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 11:46:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-30 09:27:53 -------- d-----w- c:\program files\AVG Secure Search
2012-06-30 08:54:47 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-06-30 07:47:28 27144 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-06-30 07:47:28 18440 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-06-30 07:47:05 -------- d-----w- c:\program files\Nitro PDF
2012-06-30 07:47:05 -------- d-----w- c:\program files\common files\Nitro PDF
2012-06-30 07:46:10 -------- d-----w- c:\users\alex\appdata\roaming\Downloaded Installations
2012-06-29 23:15:18 -------- d-----w- c:\users\alex\appdata\roaming\Qegih
2012-06-29 23:15:18 -------- d-----w- c:\users\alex\appdata\roaming\Keweiz
2012-06-29 23:15:18 -------- d-----w- c:\users\alex\appdata\roaming\Ahuqu
2012-06-27 20:30:43 -------- d-----w- c:\users\alex\appdata\local\AVG Secure Search
2012-06-24 20:47:42 69640 ----a-w- c:\windows\system32\NLSSRV32.EXE
.
==================== Find3M ====================
.
2012-06-27 20:31:59 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-27 20:31:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-19 03:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2011-06-08 20:44:37 706504 ----a-w- c:\program files\Uninstall TelevisionFanatic.dll
.
============= FINISH: 23:34:55.45 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 23/12/2009 17:59:04
System Uptime: 30/06/2012 23:19:17 (0 hours ago)
.
Motherboard: Dell Inc. | | 0DR845
Processor: Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz | CPU | 2667/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 231 GiB total, 155.631 GiB free.
D: is FIXED (NTFS) - 2 GiB total, 0.815 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP310: 17/03/2012 00:41:38 - Windows Update
RP311: 24/03/2012 15:50:18 - Scheduled Checkpoint
RP312: 05/04/2012 15:45:14 - Scheduled Checkpoint
RP313: 28/06/2012 22:26:09 - Scheduled Checkpoint
RP314: 30/06/2012 00:23:52 - Restore Operation
RP315: 30/06/2012 08:46:31 - Installed Nitro Pro 7
RP316: 30/06/2012 09:20:01 - Restore Operation
RP317: 30/06/2012 10:24:41 - Installed AVG 2012
RP318: 30/06/2012 23:00:41 - Restore Operation
.
==== Installed Programs ======================
.
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.1 - CPSID_83708
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Template Projects & Footage
Adobe After Effects CS3 Third Party Content
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Recommended Settings
Adobe Color JA Extra Settings
Adobe Color NA Extra Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe Encore CS3 Library
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AVG 2012
AVG PC Tuneup
BlackBerry Desktop Software 5.0.1
BlackBerry Device Software Updater
CameraHelperMsi
CCleaner
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dragon NaturallySpeaking 11
Driver Detective
erLT
Garmin City Navigator Europe NT 2010.31 Update
Garmin Communicator Plugin
Garmin MapSource
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
Intel(R) Management Engine Interface
Intel® Active Management Technology
J2SE Runtime Environment 5.0 Update 7
Java Auto Updater
Java(TM) 6 Update 26
Logitech Vid HD
Logitech Webcam Software
Logitech Webcam Software Driver Package
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mplayer 0.6.9
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nitro Pro 7
OGA Notifier 2.0.0048.0
PDF Settings
PoivY
RegZooka
Roxio Media Manager
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Skype Click to Call
Skype™ 5.5
SpeedMaxPc SpeedMaxPc
System Requirements Lab
System Requirements Lab for Intel
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
Visual C++ Runtime for Dragon NaturallySpeaking
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
.
==== Event Viewer Messages From Past Week ========
.
30/06/2012 23:20:49, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
30/06/2012 23:20:21, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
30/06/2012 23:18:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
30/06/2012 23:14:22, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
30/06/2012 23:12:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
30/06/2012 23:12:52, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
30/06/2012 23:12:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
30/06/2012 23:12:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
30/06/2012 23:12:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
30/06/2012 23:12:47, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
30/06/2012 23:12:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
30/06/2012 23:12:22, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgfwfd Avgldx86 Avgmfx86 Avgtdix CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
30/06/2012 23:12:21, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
30/06/2012 23:12:21, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
30/06/2012 23:12:21, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
30/06/2012 23:12:21, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
30/06/2012 23:12:21, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
30/06/2012 23:12:21, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
30/06/2012 23:12:21, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
30/06/2012 23:12:21, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
30/06/2012 23:12:21, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
30/06/2012 23:12:21, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
30/06/2012 20:00:10, Error: Service Control Manager [7023] - The Process Monitor service terminated with the following error: %%-2147467259
.
==== End Of File ===========================


I would be gateful for any assistance. How can malware be prevented from accessing the computer in future. WHy does AVG not stop it?

Regards Alex Warlow
Pembrokeshire, Wales, UK
Jim701
Active Member
 
Posts: 10
Joined: June 30th, 2012, 11:59 am
Advertisement
Register to Remove

Re: MS IE Explorer window vibrating - believed to be malware

Unread postby diver79 » July 1st, 2012, 9:42 am

Hi and welcome to MalwareRemoval.com.
My name is Diver79, and I will be helping you with your malware problems.

Before we start please note the following important guidelines.
  • The instructions given are for THIS computer only! Using these instructions on a different computer, can make it inoperable!
  • Please DO NOT run any other software or scans whilst I am helping you.

Note: If you haven't done so already, please ensure you have read the following article. ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
diver79 wrote:Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
How to backup your data - Vista/Win7

Looking into your logs now. Will post instructions soon...

diver79.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: MS IE Explorer window vibrating - believed to be malware

Unread postby diver79 » July 1st, 2012, 9:59 am

Hi Jim701,

RE: Microsoft Office Professional Plus 2010
Can you tell me how this program came to be installed on your machine?

Next, please run the following scans;


Run CKScanner
  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Scan with WVCheck:
Please download WVCheck and save it to the desktop.
  • Right click on WVCheck.exe and select Run as Administrator.
  • The scan may take some time depending on the Hard-Drive size.
  • Please post the contents of the notepad file WVCheck_1436_dd-mm-yyyy that can be located on the desktop.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: MS IE Explorer window vibrating - believed to be malware

Unread postby Jim701 » July 1st, 2012, 5:29 pm

I am not sure what the significance of your question concerning Office 2010 is? It is a fully licenced product and I can supply the key if required. It was supplied by an organisation that I did some work for some years ago as an uprade to Office 2007 which I purchased. At the time they wanted all files in the same format. Does MS Word have any effect on the the problem I am having with IE Explorer?

The files requested are listed below.

ckfiles.txt
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs3\plug-ins\en_us\vstplugins\decrackler6.dll
scanner sequence 3.CP.11.PWAPKV
----- EOF -----

indows Validation Check
Version: 1.9.12.5
Log Created On: 2202_01-07-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2012-04-09 17:55:29
Last Success Time for Update Download: 2012-03-16 19:24:06
Last Success Time for Update Installation: 2012-03-17 00:44:17


WVCheck_2205_01-07-2012.txt
WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 7/6/2011 9:4:25
Modification; 20/11/2010 12:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
Size: 13824 bytes
Creation; 14/7/2009 0:36:22
Modification; 14/7/2009 2:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_ff66c6b2047a22cd\slwga.dll
Size: 14336 bytes
Creation; 9/2/2011 9:38:39
Modification; 21/12/2010 5:38:16
MD5; 2008845b41d561fb77b77bbe0045099e
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_ffc423831db91904\slwga.dll
Size: 14336 bytes
Creation; 9/2/2011 9:38:39
Modification; 21/12/2010 5:29:6
MD5; 2332de32759ebcc691850e092b2564a6
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 7/6/2011 9:4:25
Modification; 20/11/2010 12:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
D:\Windows\System32\slwga.dll
Size: 12288 bytes
Creation; 19/1/2008 5:41:48
Modification; 19/1/2008 7:36:30
MD5; 7269a928bc18dafbddcffb96b6e987f1
Matched: slwga.dll
-----------------------
D:\Windows\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6001.18000_none_4e4769e7f9aab897\slwga.dll
Size: 12288 bytes
Creation; 19/1/2008 8:53:9
Modification; 19/1/2008 8:53:9
MD5; 7269a928bc18dafbddcffb96b6e987f1
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - f1dd3acaee5e6b4bbc69bc6df75cef66


-------- End of File, program close at 2205_01-07-2012 --------

Thanks and regards - Jim
Jim701
Active Member
 
Posts: 10
Joined: June 30th, 2012, 11:59 am

Re: MS IE Explorer window vibrating - believed to be malware

Unread postby diver79 » July 2nd, 2012, 3:41 pm

Hi Jim,

Jim701 wrote:I am not sure what the significance of your question concerning Office 2010 is? It is a fully licenced product and I can supply the key if required. It was supplied by an organisation that I did some work for some years ago as an uprade to Office 2007 which I purchased. At the time they wanted all files in the same format. Does MS Word have any effect on the the problem I am having with IE Explorer?
That's fine Jim. It is something that I needed to check before continuing. We can proceed now.

You have a number of toolbars installed that attempt to redirect searches etc. I don't think they are causing your problem but we will remove either way. First I'd like to check for additional infections.


aswMBR Scan
Please download aswMBR and save it to your Desktop.
  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.


TDSSKiller
Please download TDSSKiller.exe and save it to your Desktop.
  • Right click on TDSSKiller.exe and select Run as Administrator to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: MS IE Explorer window vibrating - believed to be malware

Unread postby Jim701 » July 2nd, 2012, 5:19 pm

Thanks for your help so far. Here are the next two scans.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-02 21:34:46
-----------------------------
21:34:46.156 OS Version: Windows 6.1.7601 Service Pack 1
21:34:46.156 Number of processors: 4 586 0xF0B
21:34:46.158 ComputerName: DESKTOP UserName: Alex
21:35:13.440 Initialize success
21:44:37.380 AVAST engine defs: 12070201
21:46:24.747 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
21:46:24.750 Disk 0 Vendor: ST3250310AS 4.ADA Size: 238418MB BusType: 11
21:46:24.845 Disk 0 MBR read successfully
21:46:24.848 Disk 0 MBR scan
21:46:24.854 Disk 0 Windows 7 default MBR code
21:46:24.857 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
21:46:24.866 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2048 MB offset 208896
21:46:24.880 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 236267 MB offset 4403200
21:46:24.899 Disk 0 scanning sectors +488278016
21:46:24.962 Disk 0 scanning C:\Windows\system32\drivers
21:46:36.442 Service scanning
21:47:03.593 Modules scanning
21:47:09.999 Disk 0 trace - called modules:
21:47:10.020 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
21:47:10.025 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863f9550]
21:47:10.029 3 CLASSPNP.SYS[8bdc359e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x85e76908]
21:47:10.889 AVAST engine scan C:\Windows
21:47:12.883 AVAST engine scan C:\Windows\system32
21:50:47.537 AVAST engine scan C:\Windows\system32\drivers
21:51:08.598 AVAST engine scan C:\Users\Alex
21:56:46.134 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
21:56:46.146 The log file has been saved successfully to "F:\aswMBR.txt"


22:03:43.0054 5964 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
22:03:44.0221 5964 ============================================================
22:03:44.0221 5964 Current date / time: 2012/07/02 22:03:44.0221
22:03:44.0221 5964 SystemInfo:
22:03:44.0221 5964
22:03:44.0222 5964 OS Version: 6.1.7601 ServicePack: 1.0
22:03:44.0222 5964 Product type: Workstation
22:03:44.0222 5964 ComputerName: DESKTOP
22:03:44.0222 5964 UserName: Alex
22:03:44.0222 5964 Windows directory: C:\Windows
22:03:44.0222 5964 System windows directory: C:\Windows
22:03:44.0222 5964 Processor architecture: Intel x86
22:03:44.0222 5964 Number of processors: 4
22:03:44.0222 5964 Page size: 0x1000
22:03:44.0222 5964 Boot type: Normal boot
22:03:44.0222 5964 ============================================================
22:03:46.0752 5964 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:03:46.0773 5964 Drive \Device\Harddisk1\DR1 - Size: 0x3C000000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:03:46.0777 5964 ============================================================
22:03:46.0777 5964 \Device\Harddisk0\DR0:
22:03:46.0785 5964 MBR partitions:
22:03:46.0785 5964 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x400000
22:03:46.0785 5964 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x433000, BlocksNum 0x1CD75800
22:03:46.0785 5964 \Device\Harddisk1\DR1:
22:03:46.0786 5964 MBR partitions:
22:03:46.0786 5964 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1DDFE0
22:03:46.0786 5964 ============================================================
22:03:46.0812 5964 C: <-> \Device\Harddisk0\DR0\Partition1
22:03:46.0837 5964 D: <-> \Device\Harddisk0\DR0\Partition0
22:03:46.0837 5964 ============================================================
22:03:46.0837 5964 Initialize success
22:03:46.0837 5964 ============================================================
22:04:24.0490 4100 ============================================================
22:04:24.0490 4100 Scan started
22:04:24.0490 4100 Mode: Manual;
22:04:24.0490 4100 ============================================================
22:04:26.0124 4100 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
22:04:26.0129 4100 1394ohci - ok
22:04:26.0170 4100 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
22:04:26.0178 4100 ACPI - ok
22:04:26.0209 4100 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
22:04:26.0210 4100 AcpiPmi - ok
22:04:26.0344 4100 Adobe Version Cue CS3 (14c23516c990dcd6052152cf034dde40) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
22:04:26.0374 4100 Adobe Version Cue CS3 - ok
22:04:26.0460 4100 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:04:26.0462 4100 AdobeFlashPlayerUpdateSvc - ok
22:04:26.0524 4100 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:04:26.0538 4100 adp94xx - ok
22:04:26.0563 4100 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:04:26.0573 4100 adpahci - ok
22:04:26.0588 4100 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:04:26.0602 4100 adpu320 - ok
22:04:26.0640 4100 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
22:04:26.0642 4100 AeLookupSvc - ok
22:04:26.0703 4100 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
22:04:26.0718 4100 AFD - ok
22:04:26.0753 4100 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
22:04:26.0755 4100 agp440 - ok
22:04:26.0803 4100 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:04:26.0805 4100 aic78xx - ok
22:04:26.0852 4100 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
22:04:26.0854 4100 ALG - ok
22:04:26.0961 4100 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
22:04:26.0963 4100 aliide - ok
22:04:27.0002 4100 AMD External Events Utility (ab04e0d25c677d350ced854b5d180495) C:\Windows\system32\atiesrxx.exe
22:04:27.0011 4100 AMD External Events Utility - ok
22:04:27.0036 4100 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
22:04:27.0038 4100 amdagp - ok
22:04:27.0051 4100 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
22:04:27.0052 4100 amdide - ok
22:04:27.0092 4100 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:04:27.0094 4100 AmdK8 - ok
22:04:27.0109 4100 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:04:27.0111 4100 AmdPPM - ok
22:04:27.0130 4100 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
22:04:27.0132 4100 amdsata - ok
22:04:27.0163 4100 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:04:27.0164 4100 amdsbs - ok
22:04:27.0178 4100 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
22:04:27.0180 4100 amdxata - ok
22:04:27.0220 4100 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
22:04:27.0222 4100 AppID - ok
22:04:27.0266 4100 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
22:04:27.0267 4100 AppIDSvc - ok
22:04:27.0305 4100 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
22:04:27.0307 4100 Appinfo - ok
22:04:27.0366 4100 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
22:04:27.0379 4100 AppMgmt - ok
22:04:27.0429 4100 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:04:27.0431 4100 arc - ok
22:04:27.0450 4100 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:04:27.0456 4100 arcsas - ok
22:04:27.0485 4100 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:04:27.0486 4100 AsyncMac - ok
22:04:27.0523 4100 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
22:04:27.0523 4100 atapi - ok
22:04:27.0625 4100 atchksrv (5b38d6e5fedbcc7925597412554798bb) C:\Program Files\Intel\AMT\atchksrv.exe
22:04:27.0627 4100 atchksrv - ok
22:04:27.0855 4100 atikmdag (18f4c1c503f1cdd39ad006aa54b79ea8) C:\Windows\system32\DRIVERS\atikmdag.sys
22:04:27.0953 4100 atikmdag - ok
22:04:28.0104 4100 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:04:28.0116 4100 AudioEndpointBuilder - ok
22:04:28.0123 4100 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:04:28.0127 4100 Audiosrv - ok
22:04:28.0226 4100 Avgfwfd (c46ba2c177df0b84f9c0bfc1e4574dc7) C:\Windows\system32\DRIVERS\avgfwd6x.sys
22:04:28.0228 4100 Avgfwfd - ok
22:04:28.0439 4100 avgfws (3f246752bc1309f71a737c6a90dd5295) C:\Program Files\AVG\AVG2012\avgfws.exe
22:04:28.0456 4100 avgfws - ok
22:04:28.0720 4100 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
22:04:28.0752 4100 AVGIDSAgent - ok
22:04:28.0894 4100 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
22:04:28.0898 4100 AVGIDSDriver - ok
22:04:28.0941 4100 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
22:04:28.0942 4100 AVGIDSFilter - ok
22:04:28.0992 4100 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
22:04:28.0993 4100 AVGIDSHX - ok
22:04:29.0043 4100 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
22:04:29.0045 4100 AVGIDSShim - ok
22:04:29.0093 4100 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
22:04:29.0104 4100 Avgldx86 - ok
22:04:29.0160 4100 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
22:04:29.0162 4100 Avgmfx86 - ok
22:04:29.0198 4100 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
22:04:29.0200 4100 Avgrkx86 - ok
22:04:29.0244 4100 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
22:04:29.0254 4100 Avgtdix - ok
22:04:29.0366 4100 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
22:04:29.0368 4100 avgwd - ok
22:04:29.0413 4100 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
22:04:29.0416 4100 AxInstSV - ok
22:04:29.0458 4100 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:04:29.0472 4100 b06bdrv - ok
22:04:29.0508 4100 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:04:29.0518 4100 b57nd60x - ok
22:04:29.0558 4100 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
22:04:29.0561 4100 BDESVC - ok
22:04:29.0573 4100 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:04:29.0575 4100 Beep - ok
22:04:29.0634 4100 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
22:04:29.0641 4100 BFE - ok
22:04:29.0707 4100 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
22:04:29.0750 4100 BITS - ok
22:04:29.0794 4100 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:04:29.0796 4100 blbdrive - ok
22:04:29.0894 4100 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files\Bonjour\mDNSResponder.exe
22:04:29.0897 4100 Bonjour Service - ok
22:04:29.0948 4100 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
22:04:29.0950 4100 bowser - ok
22:04:29.0970 4100 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:04:29.0972 4100 BrFiltLo - ok
22:04:29.0986 4100 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:04:29.0987 4100 BrFiltUp - ok
22:04:30.0038 4100 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
22:04:30.0044 4100 Browser - ok
22:04:30.0075 4100 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:04:30.0078 4100 Brserid - ok
22:04:30.0114 4100 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:04:30.0116 4100 BrSerWdm - ok
22:04:30.0126 4100 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:04:30.0127 4100 BrUsbMdm - ok
22:04:30.0140 4100 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:04:30.0141 4100 BrUsbSer - ok
22:04:30.0157 4100 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:04:30.0159 4100 BTHMODEM - ok
22:04:30.0215 4100 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
22:04:30.0217 4100 bthserv - ok
22:04:30.0255 4100 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:04:30.0257 4100 cdfs - ok
22:04:30.0295 4100 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
22:04:30.0300 4100 cdrom - ok
22:04:30.0343 4100 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:04:30.0344 4100 CertPropSvc - ok
22:04:30.0388 4100 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:04:30.0389 4100 circlass - ok
22:04:30.0423 4100 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:04:30.0433 4100 CLFS - ok
22:04:30.0511 4100 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:04:30.0513 4100 clr_optimization_v2.0.50727_32 - ok
22:04:30.0592 4100 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:04:30.0622 4100 clr_optimization_v4.0.30319_32 - ok
22:04:30.0632 4100 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:04:30.0633 4100 CmBatt - ok
22:04:30.0671 4100 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
22:04:30.0672 4100 cmdide - ok
22:04:30.0711 4100 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
22:04:30.0726 4100 CNG - ok
22:04:30.0749 4100 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:04:30.0750 4100 Compbatt - ok
22:04:30.0785 4100 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
22:04:30.0786 4100 CompositeBus - ok
22:04:30.0804 4100 COMSysApp - ok
22:04:30.0822 4100 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:04:30.0824 4100 crcdisk - ok
22:04:30.0871 4100 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
22:04:30.0877 4100 CryptSvc - ok
22:04:30.0923 4100 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
22:04:30.0937 4100 CSC - ok
22:04:30.0977 4100 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
22:04:30.0997 4100 CscService - ok
22:04:31.0028 4100 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:04:31.0032 4100 DcomLaunch - ok
22:04:31.0063 4100 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
22:04:31.0073 4100 defragsvc - ok
22:04:31.0178 4100 dfg (96c25c84d31f3569e579baa434a85174) C:\Windows\system32\drivers\dfg.sys
22:04:31.0179 4100 dfg - ok
22:04:31.0222 4100 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
22:04:31.0224 4100 DfsC - ok
22:04:31.0288 4100 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
22:04:31.0297 4100 Dhcp - ok
22:04:31.0312 4100 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:04:31.0314 4100 discache - ok
22:04:31.0382 4100 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:04:31.0383 4100 Disk - ok
22:04:31.0423 4100 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
22:04:31.0436 4100 Dnscache - ok
22:04:31.0481 4100 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
22:04:31.0491 4100 dot3svc - ok
22:04:31.0535 4100 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
22:04:31.0539 4100 DPS - ok
22:04:31.0646 4100 DragonSvc (f7bda38afbda04f0a89deba767eeda79) C:\Program Files\Common Files\Nuance\dgnsvc.exe
22:04:31.0649 4100 DragonSvc - ok
22:04:31.0706 4100 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:04:31.0707 4100 drmkaud - ok
22:04:31.0764 4100 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
22:04:31.0795 4100 DXGKrnl - ok
22:04:31.0868 4100 e1express (0535bfbedb9378ddd15bdf9957d57d71) C:\Windows\system32\DRIVERS\e1e6232.sys
22:04:31.0877 4100 e1express - ok
22:04:31.0899 4100 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
22:04:31.0904 4100 EapHost - ok
22:04:32.0087 4100 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:04:32.0157 4100 ebdrv - ok
22:04:32.0248 4100 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
22:04:32.0250 4100 EFS - ok
22:04:32.0315 4100 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
22:04:32.0334 4100 ehRecvr - ok
22:04:32.0360 4100 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
22:04:32.0366 4100 ehSched - ok
22:04:32.0440 4100 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:04:32.0453 4100 elxstor - ok
22:04:32.0488 4100 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
22:04:32.0490 4100 ErrDev - ok
22:04:32.0550 4100 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
22:04:32.0553 4100 EventSystem - ok
22:04:32.0573 4100 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:04:32.0586 4100 exfat - ok
22:04:32.0612 4100 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:04:32.0617 4100 fastfat - ok
22:04:32.0679 4100 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
22:04:32.0701 4100 Fax - ok
22:04:32.0725 4100 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:04:32.0726 4100 fdc - ok
22:04:32.0743 4100 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
22:04:32.0745 4100 fdPHost - ok
22:04:32.0752 4100 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
22:04:32.0754 4100 FDResPub - ok
22:04:32.0774 4100 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:04:32.0775 4100 FileInfo - ok
22:04:32.0786 4100 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:04:32.0787 4100 Filetrace - ok
22:04:32.0930 4100 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:04:33.0210 4100 FLEXnet Licensing Service - ok
22:04:33.0237 4100 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:04:33.0238 4100 flpydisk - ok
22:04:33.0277 4100 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:04:33.0290 4100 FltMgr - ok
22:04:33.0370 4100 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
22:04:33.0377 4100 FontCache - ok
22:04:33.0472 4100 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:04:33.0474 4100 FontCache3.0.0.0 - ok
22:04:33.0493 4100 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:04:33.0494 4100 FsDepends - ok
22:04:33.0519 4100 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
22:04:33.0520 4100 Fs_Rec - ok
22:04:33.0573 4100 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
22:04:33.0584 4100 fvevol - ok
22:04:33.0616 4100 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:04:33.0618 4100 gagp30kx - ok
22:04:33.0695 4100 GoToAssist (8f6ae606eb0cc884ee12c41948424422) C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
22:04:33.0697 4100 GoToAssist - ok
22:04:33.0758 4100 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
22:04:33.0783 4100 gpsvc - ok
22:04:33.0827 4100 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys
22:04:33.0829 4100 grmnusb - ok
22:04:33.0911 4100 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:04:33.0913 4100 gupdate - ok
22:04:33.0935 4100 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
22:04:33.0937 4100 gupdatem - ok
22:04:33.0974 4100 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:04:33.0975 4100 hcw85cir - ok
22:04:34.0038 4100 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
22:04:34.0046 4100 HdAudAddService - ok
22:04:34.0087 4100 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
22:04:34.0092 4100 HDAudBus - ok
22:04:34.0121 4100 HECI (0bf1d760b05caaaf231123d53c4789e2) C:\Windows\system32\DRIVERS\HECI.sys
22:04:34.0122 4100 HECI - ok
22:04:34.0139 4100 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:04:34.0140 4100 HidBatt - ok
22:04:34.0159 4100 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:04:34.0164 4100 HidBth - ok
22:04:34.0194 4100 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:04:34.0195 4100 HidIr - ok
22:04:34.0254 4100 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
22:04:34.0256 4100 hidserv - ok
22:04:34.0320 4100 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
22:04:34.0321 4100 HidUsb - ok
22:04:34.0354 4100 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
22:04:34.0356 4100 hkmsvc - ok
22:04:34.0477 4100 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
22:04:34.0531 4100 HomeGroupListener - ok
22:04:34.0555 4100 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
22:04:34.0565 4100 HomeGroupProvider - ok
22:04:34.0604 4100 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
22:04:34.0605 4100 HpSAMD - ok
22:04:34.0666 4100 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
22:04:34.0678 4100 HTTP - ok
22:04:34.0721 4100 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
22:04:34.0722 4100 hwpolicy - ok
22:04:34.0769 4100 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
22:04:34.0770 4100 i8042prt - ok
22:04:34.0818 4100 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
22:04:34.0832 4100 iaStorV - ok
22:04:34.0953 4100 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:04:34.0956 4100 IDriverT - ok
22:04:35.0060 4100 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:04:35.0086 4100 idsvc - ok
22:04:35.0196 4100 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:04:35.0197 4100 iirsp - ok
22:04:35.0288 4100 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
22:04:35.0299 4100 IKEEXT - ok
22:04:35.0332 4100 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
22:04:35.0333 4100 intelide - ok
22:04:35.0351 4100 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:04:35.0352 4100 intelppm - ok
22:04:35.0405 4100 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
22:04:35.0408 4100 IPBusEnum - ok
22:04:35.0430 4100 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:04:35.0432 4100 IpFilterDriver - ok
22:04:35.0489 4100 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
22:04:35.0518 4100 iphlpsvc - ok
22:04:35.0558 4100 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
22:04:35.0560 4100 IPMIDRV - ok
22:04:35.0596 4100 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:04:35.0599 4100 IPNAT - ok
22:04:35.0637 4100 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:04:35.0639 4100 IRENUM - ok
22:04:35.0684 4100 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
22:04:35.0686 4100 isapnp - ok
22:04:35.0710 4100 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
22:04:35.0720 4100 iScsiPrt - ok
22:04:35.0763 4100 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:04:35.0764 4100 kbdclass - ok
22:04:35.0788 4100 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
22:04:35.0789 4100 kbdhid - ok
22:04:35.0821 4100 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
22:04:35.0823 4100 KeyIso - ok
22:04:35.0864 4100 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
22:04:35.0866 4100 KSecDD - ok
22:04:35.0894 4100 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
22:04:35.0907 4100 KSecPkg - ok
22:04:35.0938 4100 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
22:04:35.0947 4100 KtmRm - ok
22:04:35.0991 4100 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
22:04:35.0995 4100 LanmanServer - ok
22:04:36.0009 4100 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
22:04:36.0013 4100 LanmanWorkstation - ok
22:04:36.0067 4100 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:04:36.0068 4100 lltdio - ok
22:04:36.0098 4100 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
22:04:36.0110 4100 lltdsvc - ok
22:04:36.0124 4100 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
22:04:36.0126 4100 lmhosts - ok
22:04:36.0236 4100 LMS (ceda82048c4958171674d0e9373b1a68) C:\Program Files\Intel\AMT\LMS.exe
22:04:36.0238 4100 LMS - ok
22:04:36.0283 4100 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:04:36.0288 4100 LSI_FC - ok
22:04:36.0317 4100 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:04:36.0323 4100 LSI_SAS - ok
22:04:36.0337 4100 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:04:36.0339 4100 LSI_SAS2 - ok
22:04:36.0357 4100 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:04:36.0362 4100 LSI_SCSI - ok
22:04:36.0378 4100 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:04:36.0384 4100 luafv - ok
22:04:36.0429 4100 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\Windows\system32\Drivers\LUsbFilt.Sys
22:04:36.0430 4100 LUsbFilt - ok
22:04:36.0485 4100 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\Drivers\LVPr2Mon.sys
22:04:36.0486 4100 LVPr2Mon - ok
22:04:36.0573 4100 LVPrcSrv (2333057542c91ae8228bdccc2e5f2632) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
22:04:36.0575 4100 LVPrcSrv - ok
22:04:36.0733 4100 LVRS (6917b407dbec11b3a078abfc2ec2ac7c) C:\Windows\system32\DRIVERS\lvrs.sys
22:04:36.0755 4100 LVRS - ok
22:04:37.0083 4100 LVUVC (44876e70e07e9a653bbe423dbfa35a1a) C:\Windows\system32\DRIVERS\lvuvc.sys
22:04:37.0217 4100 LVUVC - ok
22:04:37.0363 4100 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
22:04:37.0364 4100 MBAMProtector - ok
22:04:37.0456 4100 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:04:37.0473 4100 MBAMService - ok
22:04:37.0503 4100 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
22:04:37.0507 4100 Mcx2Svc - ok
22:04:37.0525 4100 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:04:37.0527 4100 megasas - ok
22:04:37.0563 4100 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:04:37.0572 4100 MegaSR - ok
22:04:37.0646 4100 Microsoft SharePoint Workspace Audit Service - ok
22:04:37.0672 4100 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:04:37.0674 4100 MMCSS - ok
22:04:37.0698 4100 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:04:37.0699 4100 Modem - ok
22:04:37.0740 4100 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:04:37.0741 4100 monitor - ok
22:04:37.0783 4100 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:04:37.0784 4100 mouclass - ok
22:04:37.0811 4100 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:04:37.0812 4100 mouhid - ok
22:04:37.0846 4100 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
22:04:37.0848 4100 mountmgr - ok
22:04:37.0885 4100 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
22:04:37.0888 4100 mpio - ok
22:04:37.0905 4100 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:04:37.0907 4100 mpsdrv - ok
22:04:38.0417 4100 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
22:04:38.0439 4100 MpsSvc - ok
22:04:38.0483 4100 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
22:04:38.0486 4100 MRxDAV - ok
22:04:38.0529 4100 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:04:38.0535 4100 mrxsmb - ok
22:04:38.0577 4100 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:04:38.0589 4100 mrxsmb10 - ok
22:04:38.0608 4100 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:04:38.0614 4100 mrxsmb20 - ok
22:04:38.0648 4100 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
22:04:38.0649 4100 msahci - ok
22:04:38.0666 4100 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
22:04:38.0669 4100 msdsm - ok
22:04:38.0698 4100 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
22:04:38.0711 4100 MSDTC - ok
22:04:38.0735 4100 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:04:38.0736 4100 Msfs - ok
22:04:38.0748 4100 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:04:38.0750 4100 mshidkmdf - ok
22:04:38.0777 4100 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
22:04:38.0778 4100 msisadrv - ok
22:04:38.0813 4100 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
22:04:38.0819 4100 MSiSCSI - ok
22:04:38.0823 4100 msiserver - ok
22:04:38.0884 4100 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:04:38.0885 4100 MSKSSRV - ok
22:04:38.0900 4100 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:04:38.0901 4100 MSPCLOCK - ok
22:04:38.0910 4100 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:04:38.0911 4100 MSPQM - ok
22:04:38.0933 4100 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:04:38.0938 4100 MsRPC - ok
22:04:38.0977 4100 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
22:04:38.0978 4100 mssmbios - ok
22:04:38.0992 4100 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:04:38.0994 4100 MSTEE - ok
22:04:39.0008 4100 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:04:39.0009 4100 MTConfig - ok
22:04:39.0041 4100 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:04:39.0043 4100 Mup - ok
22:04:39.0091 4100 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
22:04:39.0107 4100 napagent - ok
22:04:39.0167 4100 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:04:39.0176 4100 NativeWifiP - ok
22:04:39.0239 4100 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
22:04:39.0254 4100 NDIS - ok
22:04:39.0267 4100 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:04:39.0268 4100 NdisCap - ok
22:04:39.0307 4100 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:04:39.0309 4100 NdisTapi - ok
22:04:39.0339 4100 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
22:04:39.0341 4100 Ndisuio - ok
22:04:39.0377 4100 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
22:04:39.0388 4100 NdisWan - ok
22:04:39.0428 4100 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
22:04:39.0429 4100 NDProxy - ok
22:04:39.0467 4100 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:04:39.0468 4100 NetBIOS - ok
22:04:39.0487 4100 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
22:04:39.0498 4100 NetBT - ok
22:04:39.0519 4100 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
22:04:39.0521 4100 Netlogon - ok
22:04:39.0574 4100 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
22:04:39.0580 4100 Netman - ok
22:04:39.0633 4100 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
22:04:39.0648 4100 netprofm - ok
22:04:39.0766 4100 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:04:39.0780 4100 NetTcpPortSharing - ok
22:04:39.0821 4100 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:04:39.0822 4100 nfrd960 - ok
22:04:39.0974 4100 NitroDriverReadSpool2 (dc6996b63c4dc8a36fa6cbb8c9c09f92) C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
22:04:39.0976 4100 NitroDriverReadSpool2 - ok
22:04:40.0026 4100 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
22:04:40.0031 4100 NlaSvc - ok
22:04:40.0096 4100 nlsX86cc (3bc430cf68bc9ed111042bde2ddd72fa) C:\Windows\system32\NLSSRV32.EXE
22:04:40.0098 4100 nlsX86cc - ok
22:04:40.0132 4100 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:04:40.0133 4100 Npfs - ok
22:04:40.0151 4100 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
22:04:40.0154 4100 nsi - ok
22:04:40.0161 4100 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:04:40.0162 4100 nsiproxy - ok
22:04:40.0246 4100 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
22:04:40.0288 4100 Ntfs - ok
22:04:40.0326 4100 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:04:40.0327 4100 Null - ok
22:04:40.0364 4100 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
22:04:40.0368 4100 nvraid - ok
22:04:40.0393 4100 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
22:04:40.0403 4100 nvstor - ok
22:04:40.0424 4100 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
22:04:40.0436 4100 nv_agp - ok
22:04:40.0472 4100 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
22:04:40.0473 4100 ohci1394 - ok
22:04:40.0551 4100 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:04:40.0552 4100 ose - ok
22:04:40.0823 4100 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:04:40.0941 4100 osppsvc - ok
22:04:41.0055 4100 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:04:41.0064 4100 p2pimsvc - ok
22:04:41.0106 4100 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
22:04:41.0122 4100 p2psvc - ok
22:04:41.0170 4100 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:04:41.0171 4100 Parport - ok
22:04:41.0208 4100 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
22:04:41.0210 4100 partmgr - ok
22:04:41.0217 4100 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:04:41.0218 4100 Parvdm - ok
22:04:41.0235 4100 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
22:04:41.0247 4100 PcaSvc - ok
22:04:41.0287 4100 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
22:04:41.0299 4100 pci - ok
22:04:41.0306 4100 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
22:04:41.0307 4100 pciide - ok
22:04:41.0332 4100 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:04:41.0343 4100 pcmcia - ok
22:04:41.0366 4100 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:04:41.0367 4100 pcw - ok
22:04:41.0426 4100 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:04:41.0440 4100 PEAUTH - ok
22:04:41.0515 4100 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
22:04:41.0521 4100 PeerDistSvc - ok
22:04:41.0668 4100 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
22:04:41.0728 4100 pla - ok
22:04:41.0871 4100 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
22:04:41.0887 4100 PlugPlay - ok
22:04:41.0913 4100 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
22:04:41.0916 4100 PNRPAutoReg - ok
22:04:41.0937 4100 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:04:41.0941 4100 PNRPsvc - ok
22:04:41.0997 4100 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
22:04:42.0013 4100 PolicyAgent - ok
22:04:42.0055 4100 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
22:04:42.0059 4100 Power - ok
22:04:42.0118 4100 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:04:42.0120 4100 PptpMiniport - ok
22:04:42.0146 4100 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:04:42.0148 4100 Processor - ok
22:04:42.0202 4100 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
22:04:42.0214 4100 ProfSvc - ok
22:04:42.0235 4100 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
22:04:42.0237 4100 ProtectedStorage - ok
22:04:42.0275 4100 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:04:42.0279 4100 Psched - ok
22:04:42.0324 4100 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
22:04:42.0325 4100 PxHelp20 - ok
22:04:42.0403 4100 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:04:42.0451 4100 ql2300 - ok
22:04:42.0563 4100 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:04:42.0568 4100 ql40xx - ok
22:04:42.0595 4100 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
22:04:42.0605 4100 QWAVE - ok
22:04:42.0633 4100 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:04:42.0635 4100 QWAVEdrv - ok
22:04:42.0646 4100 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:04:42.0647 4100 RasAcd - ok
22:04:42.0677 4100 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:04:42.0679 4100 RasAgileVpn - ok
22:04:42.0697 4100 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
22:04:42.0711 4100 RasAuto - ok
22:04:42.0726 4100 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:04:42.0728 4100 Rasl2tp - ok
22:04:42.0779 4100 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
22:04:42.0796 4100 RasMan - ok
22:04:42.0823 4100 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:04:42.0825 4100 RasPppoe - ok
22:04:42.0833 4100 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:04:42.0835 4100 RasSstp - ok
22:04:42.0880 4100 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
22:04:42.0890 4100 rdbss - ok
22:04:42.0897 4100 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:04:42.0899 4100 rdpbus - ok
22:04:42.0930 4100 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:04:42.0931 4100 RDPCDD - ok
22:04:42.0968 4100 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
22:04:42.0981 4100 RDPDR - ok
22:04:43.0011 4100 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:04:43.0012 4100 RDPENCDD - ok
22:04:43.0043 4100 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:04:43.0044 4100 RDPREFMP - ok
22:04:43.0092 4100 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
22:04:43.0103 4100 RDPWD - ok
22:04:43.0156 4100 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
22:04:43.0166 4100 rdyboost - ok
22:04:43.0196 4100 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
22:04:43.0199 4100 RemoteAccess - ok
22:04:43.0232 4100 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
22:04:43.0244 4100 RemoteRegistry - ok
22:04:43.0291 4100 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
22:04:43.0293 4100 RimUsb - ok
22:04:43.0337 4100 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
22:04:43.0338 4100 RimVSerPort - ok
22:04:43.0379 4100 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
22:04:43.0380 4100 ROOTMODEM - ok
22:04:43.0745 4100 Roxio UPnP Renderer 9 (afd61a7c48a3e15c86a6fadf0b69a2e4) C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
22:04:43.0751 4100 Roxio UPnP Renderer 9 - ok
22:04:43.0779 4100 Roxio Upnp Server 9 (efbb36e2bb02169d26e9980778fc20d3) C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
22:04:43.0783 4100 Roxio Upnp Server 9 - ok
22:04:43.0875 4100 RoxLiveShare9 (78e680a105f47b6aa0003bd23ed9fa51) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
22:04:43.0879 4100 RoxLiveShare9 - ok
22:04:43.0945 4100 RoxMediaDB9 (9d5c024170c376d7cc66ed853fda9068) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
22:04:43.0976 4100 RoxMediaDB9 - ok
22:04:44.0016 4100 RoxWatch9 (87f175539dbba297018aa7fcdd563ff7) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
22:04:44.0028 4100 RoxWatch9 - ok
22:04:44.0141 4100 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
22:04:44.0144 4100 RpcEptMapper - ok
22:04:44.0163 4100 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
22:04:44.0165 4100 RpcLocator - ok
22:04:44.0213 4100 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:04:44.0216 4100 RpcSs - ok
22:04:44.0299 4100 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:04:44.0302 4100 rspndr - ok
22:04:44.0334 4100 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
22:04:44.0335 4100 s3cap - ok
22:04:44.0359 4100 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
22:04:44.0361 4100 SamSs - ok
22:04:44.0391 4100 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
22:04:44.0396 4100 sbp2port - ok
22:04:44.0427 4100 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
22:04:44.0441 4100 SCardSvr - ok
22:04:44.0482 4100 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
22:04:44.0483 4100 scfilter - ok
22:04:44.0561 4100 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
22:04:44.0591 4100 Schedule - ok
22:04:44.0627 4100 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:04:44.0628 4100 SCPolicySvc - ok
22:04:44.0665 4100 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
22:04:44.0678 4100 SDRSVC - ok
22:04:44.0716 4100 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:04:44.0717 4100 secdrv - ok
22:04:44.0740 4100 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
22:04:44.0742 4100 seclogon - ok
22:04:44.0777 4100 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
22:04:44.0780 4100 SENS - ok
22:04:44.0797 4100 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
22:04:44.0800 4100 SensrSvc - ok
22:04:44.0807 4100 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:04:44.0808 4100 Serenum - ok
22:04:44.0849 4100 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:04:44.0855 4100 Serial - ok
22:04:44.0886 4100 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:04:44.0888 4100 sermouse - ok
22:04:44.0944 4100 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
22:04:44.0948 4100 SessionEnv - ok
22:04:44.0985 4100 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
22:04:44.0987 4100 sffdisk - ok
22:04:45.0013 4100 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
22:04:45.0014 4100 sffp_mmc - ok
22:04:45.0029 4100 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
22:04:45.0031 4100 sffp_sd - ok
22:04:45.0049 4100 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:04:45.0050 4100 sfloppy - ok
22:04:45.0082 4100 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
22:04:45.0090 4100 SharedAccess - ok
22:04:45.0154 4100 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
22:04:45.0166 4100 ShellHWDetection - ok
22:04:45.0202 4100 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
22:04:45.0203 4100 sisagp - ok
22:04:45.0240 4100 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:04:45.0241 4100 SiSRaid2 - ok
22:04:45.0254 4100 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:04:45.0255 4100 SiSRaid4 - ok
22:04:45.0293 4100 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:04:45.0294 4100 Smb - ok
22:04:45.0329 4100 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
22:04:45.0332 4100 SNMPTRAP - ok
22:04:45.0338 4100 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:04:45.0340 4100 spldr - ok
22:04:45.0384 4100 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
22:04:45.0387 4100 Spooler - ok
22:04:45.0561 4100 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
22:04:45.0581 4100 sppsvc - ok
22:04:45.0687 4100 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
22:04:45.0691 4100 sppuinotify - ok
22:04:45.0770 4100 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
22:04:45.0778 4100 srv - ok
22:04:45.0800 4100 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
22:04:45.0808 4100 srv2 - ok
22:04:45.0827 4100 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
22:04:45.0831 4100 srvnet - ok
22:04:45.0864 4100 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
22:04:45.0876 4100 SSDPSRV - ok
22:04:45.0892 4100 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
22:04:45.0907 4100 SstpSvc - ok
22:04:45.0931 4100 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:04:45.0932 4100 stexstor - ok
22:04:45.0991 4100 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
22:04:46.0011 4100 StiSvc - ok
22:04:46.0053 4100 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
22:04:46.0055 4100 storflt - ok
22:04:46.0078 4100 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
22:04:46.0082 4100 StorSvc - ok
22:04:46.0109 4100 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
22:04:46.0110 4100 storvsc - ok
22:04:46.0141 4100 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:04:46.0142 4100 swenum - ok
22:04:46.0213 4100 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
22:04:46.0216 4100 swprv - ok
22:04:46.0312 4100 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
22:04:46.0321 4100 SysMain - ok
22:04:46.0367 4100 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
22:04:46.0371 4100 TabletInputService - ok
22:04:46.0403 4100 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
22:04:46.0414 4100 TapiSrv - ok
22:04:46.0439 4100 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
22:04:46.0443 4100 TBS - ok
22:04:46.0557 4100 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
22:04:46.0605 4100 Tcpip - ok
22:04:46.0642 4100 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
22:04:46.0652 4100 TCPIP6 - ok
22:04:46.0897 4100 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:04:46.0899 4100 tcpipreg - ok
22:04:46.0935 4100 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:04:46.0937 4100 TDPIPE - ok
22:04:46.0966 4100 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
22:04:46.0968 4100 TDTCP - ok
22:04:47.0003 4100 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
22:04:47.0005 4100 tdx - ok
22:04:47.0033 4100 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
22:04:47.0035 4100 TermDD - ok
22:04:47.0087 4100 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
22:04:47.0124 4100 TermService - ok
22:04:47.0160 4100 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
22:04:47.0163 4100 Themes - ok
22:04:47.0184 4100 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:04:47.0187 4100 THREADORDER - ok
22:04:47.0298 4100 TomTomHOMEService (747e60b773e95f6c93d5621b550d6865) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
22:04:47.0299 4100 TomTomHOMEService - ok
22:04:47.0346 4100 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
22:04:47.0349 4100 TrkWks - ok
22:04:47.0407 4100 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
22:04:47.0409 4100 TrustedInstaller - ok
22:04:47.0444 4100 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:04:47.0446 4100 tssecsrv - ok
22:04:47.0496 4100 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:04:47.0499 4100 TsUsbFlt - ok
22:04:47.0567 4100 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:04:47.0571 4100 tunnel - ok
22:04:47.0592 4100 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:04:47.0593 4100 uagp35 - ok
22:04:47.0633 4100 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:04:47.0642 4100 udfs - ok
22:04:47.0677 4100 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
22:04:47.0681 4100 UI0Detect - ok
22:04:47.0730 4100 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:04:47.0732 4100 uliagpkx - ok
22:04:47.0777 4100 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
22:04:47.0778 4100 umbus - ok
22:04:47.0793 4100 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:04:47.0794 4100 UmPass - ok
22:04:47.0832 4100 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
22:04:47.0840 4100 UmRdpService - ok
22:04:48.0011 4100 UNS (641572746179865ba2afd8fe2987541a) C:\Program Files\Intel\AMT\UNS.exe
22:04:48.0030 4100 UNS - ok
22:04:48.0134 4100 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
22:04:48.0168 4100 upnphost - ok
22:04:48.0238 4100 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
22:04:48.0240 4100 usbaudio - ok
22:04:48.0277 4100 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:04:48.0279 4100 usbccgp - ok
22:04:48.0320 4100 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:04:48.0325 4100 usbcir - ok
22:04:48.0336 4100 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
22:04:48.0337 4100 usbehci - ok
22:04:48.0385 4100 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:04:48.0401 4100 usbhub - ok
22:04:48.0420 4100 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
22:04:48.0422 4100 usbohci - ok
22:04:48.0450 4100 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:04:48.0451 4100 usbprint - ok
22:04:48.0490 4100 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:04:48.0491 4100 USBSTOR - ok
22:04:48.0513 4100 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:04:48.0514 4100 usbuhci - ok
22:04:48.0559 4100 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
22:04:48.0572 4100 usbvideo - ok
22:04:48.0592 4100 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
22:04:48.0595 4100 UxSms - ok
22:04:48.0616 4100 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
22:04:48.0618 4100 VaultSvc - ok
22:04:48.0631 4100 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:04:48.0633 4100 vdrvroot - ok
22:04:48.0689 4100 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
22:04:48.0695 4100 vds - ok
22:04:48.0748 4100 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:04:48.0750 4100 vga - ok
22:04:48.0783 4100 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:04:48.0784 4100 VgaSave - ok
22:04:48.0826 4100 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:04:48.0837 4100 vhdmp - ok
22:04:48.0877 4100 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:04:48.0879 4100 viaagp - ok
22:04:48.0899 4100 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:04:48.0900 4100 ViaC7 - ok
22:04:48.0913 4100 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:04:48.0928 4100 viaide - ok
22:04:49.0084 4100 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
22:04:49.0088 4100 vmbus - ok
22:04:49.0114 4100 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
22:04:49.0115 4100 VMBusHID - ok
22:04:49.0130 4100 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:04:49.0132 4100 volmgr - ok
22:04:49.0159 4100 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:04:49.0167 4100 volmgrx - ok
22:04:49.0205 4100 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:04:49.0216 4100 volsnap - ok
22:04:49.0251 4100 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:04:49.0255 4100 vsmraid - ok
22:04:49.0338 4100 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
22:04:49.0348 4100 VSS - ok
22:04:49.0533 4100 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
22:04:49.0540 4100 vToolbarUpdater11.2.0 - ok
22:04:49.0649 4100 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
22:04:49.0650 4100 vwifibus - ok
22:04:49.0690 4100 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
22:04:49.0711 4100 W32Time - ok
22:04:49.0746 4100 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:04:49.0748 4100 WacomPen - ok
22:04:49.0794 4100 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:04:49.0796 4100 WANARP - ok
22:04:49.0800 4100 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:04:49.0801 4100 Wanarpv6 - ok
22:04:49.0909 4100 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
22:04:49.0944 4100 WatAdminSvc - ok
22:04:50.0021 4100 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
22:04:50.0029 4100 wbengine - ok
22:04:50.0071 4100 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
22:04:50.0084 4100 WbioSrvc - ok
22:04:50.0135 4100 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
22:04:50.0140 4100 wcncsvc - ok
22:04:50.0152 4100 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
22:04:50.0156 4100 WcsPlugInService - ok
22:04:50.0210 4100 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:04:50.0211 4100 Wd - ok
22:04:50.0248 4100 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:04:50.0261 4100 Wdf01000 - ok
22:04:50.0272 4100 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:04:50.0276 4100 WdiServiceHost - ok
22:04:50.0279 4100 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:04:50.0282 4100 WdiSystemHost - ok
22:04:50.0336 4100 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
22:04:50.0345 4100 WebClient - ok
22:04:50.0365 4100 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
22:04:50.0377 4100 Wecsvc - ok
22:04:50.0408 4100 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
22:04:50.0412 4100 wercplsupport - ok
22:04:50.0444 4100 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
22:04:50.0448 4100 WerSvc - ok
22:04:50.0484 4100 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:04:50.0486 4100 WfpLwf - ok
22:04:50.0527 4100 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:04:50.0529 4100 WIMMount - ok
22:04:50.0618 4100 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
22:04:50.0642 4100 WinDefend - ok
22:04:50.0648 4100 WinHttpAutoProxySvc - ok
22:04:50.0711 4100 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
22:04:50.0713 4100 Winmgmt - ok
22:04:50.0908 4100 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
22:04:50.0923 4100 WinRM - ok
22:04:50.0983 4100 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
22:04:51.0011 4100 Wlansvc - ok
22:04:51.0064 4100 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:04:51.0065 4100 WmiAcpi - ok
22:04:51.0130 4100 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
22:04:51.0135 4100 wmiApSrv - ok
22:04:51.0272 4100 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:04:51.0281 4100 WMPNetworkSvc - ok
22:04:51.0310 4100 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
22:04:51.0314 4100 WPCSvc - ok
22:04:51.0354 4100 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
22:04:51.0360 4100 WPDBusEnum - ok
22:04:51.0403 4100 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:04:51.0405 4100 ws2ifsl - ok
22:04:51.0415 4100 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
22:04:51.0418 4100 wscsvc - ok
22:04:51.0451 4100 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
22:04:51.0452 4100 WSDPrintDevice - ok
22:04:51.0456 4100 WSearch - ok
22:04:51.0581 4100 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
22:04:51.0598 4100 wuauserv - ok
22:04:51.0729 4100 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:04:51.0734 4100 WudfPf - ok
22:04:51.0798 4100 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:04:51.0800 4100 WUDFRd - ok
22:04:51.0846 4100 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
22:04:51.0850 4100 wudfsvc - ok
22:04:51.0894 4100 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
22:04:51.0908 4100 WwanSvc - ok
22:04:51.0949 4100 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:04:52.0136 4100 \Device\Harddisk0\DR0 - ok
22:04:52.0141 4100 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
22:04:54.0260 4100 \Device\Harddisk1\DR1 - ok
22:04:54.0274 4100 Boot (0x1200) (d10dd4b94c856a9ee29ba1ac2327a468) \Device\Harddisk0\DR0\Partition0
22:04:54.0275 4100 \Device\Harddisk0\DR0\Partition0 - ok
22:04:54.0277 4100 Boot (0x1200) (4c603b090acaf4c4acd9568d22fd4d32) \Device\Harddisk0\DR0\Partition1
22:04:54.0278 4100 \Device\Harddisk0\DR0\Partition1 - ok
22:04:54.0281 4100 Boot (0x1200) (ccf27916bcb76f19a8c55397f3f1d349) \Device\Harddisk1\DR1\Partition0
22:04:54.0282 4100 \Device\Harddisk1\DR1\Partition0 - ok
22:04:54.0283 4100 ============================================================
22:04:54.0283 4100 Scan finished
22:04:54.0283 4100 ============================================================
22:04:54.0291 5664 Detected object count: 0
22:04:54.0291 5664 Actual detected object count: 0
Jim701
Active Member
 
Posts: 10
Joined: June 30th, 2012, 11:59 am

Re: MS IE Explorer window vibrating - believed to be malware

Unread postby diver79 » July 2nd, 2012, 5:38 pm

Hi Jim,

Scans came back clear, we'll deal with the searchqu infection now and see what else we find.


Create a System Restore Point
  • Right-click on the Computer icon on your desktop and select Properties.
  • In the left pane under Tasks ... click on System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  • Select the System Protection tab ...then choose Create.
  • In the System Restore dialog box, type a description for the restore point ... click Create, again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  • Click OK ...then close the System Restore dialog.
If you have successfully created a System Restore Point...we can proceed.


OTL - Custom Fix
Please right-click on the filename link below and select "Save target as..." or "Save Link as...", choose the Desktop location, and choose to save as the filename Fix.txt
SQW7-Vista_x32.TXT

Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
Double Click the OTL icon (Right click and choose "Run as administrator" in Vista/Win7)
  • Click the Run Fix button at the top.
  • You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on OK
  • When the Open dialog comes up, Navigate to the Desktop, scroll to find the file named Fix.txt and click Open
  • Some text will appear in the Custom scans/Fixes box.
  • Click the Run Fix button.
  • Let the program run unhindered and reboot the PC when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply. The file will also appear on your desktop as OTL.txt


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


  • Right click SystemLook.exe and select Run as Administrator to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    Search_Results
    search-results
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: MS IE Explorer window vibrating - believed to be malware

Unread postby Jim701 » July 2nd, 2012, 7:01 pm

ll processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll deleted successfully.
File C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll deleted successfully.
File C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll not found.
========== REGISTRY ==========
Registry key hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\2b1e51d87b2d71a44bb42ddd5e894160\installproperties\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ilivid\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\windows searchqu toolbar\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{8d15e1b2-d2b7-4a17-b44b-d2dde5981406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d15e1b2-d2b7-4a17-b44b-d2dde5981406}\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\windows searchqu toolbar\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\ilivid\ not found.
Registry key hkey_local_machine\software\classes\ilivid\ not found.
Registry key hkey_local_machine\software\classes\installer\products\2b1e51d87b2d71a44bb42ddd5e894160\ not found.
Registry key hkey_local_machine\software\ilivid\ not found.
Registry key hkey_local_machine\software\ilivid\player\hosts\ilivid.com\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{949d2c04-d3c1-490a-8a03-440b5c32b5f2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{949d2c04-d3c1-490a-8a03-440b5c32b5f2}\ not found.
Registry key hkey_current_user\software\datamngr_toolbar\ not found.
Registry key hkey_local_machine\software\classes\browserconnection.loader\ not found.
Registry key hkey_local_machine\software\classes\browserconnection.loader.1\ not found.
Registry key hkey_local_machine\software\classes\clsid\{9d717f81-9148-4f12-8568-69135f087db0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d717f81-9148-4f12-8568-69135f087db0}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{69cf75c1-35ab-4de5-a51f-662c9020ad4a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69cf75c1-35ab-4de5-a51f-662c9020ad4a}\ not found.
Registry key hkey_current_user\software\appdatalow\software\searchqutoolbar\ deleted successfully.
Registry key hkey_current_user\software\datamngr\ deleted successfully.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\bandoo\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key hkey_current_user\software\trolltech\ deleted successfully.
Registry key hkey_current_user\software\ilivid\ not found.
Registry key hkey_current_user\software\searchqutoolbar\ not found.
Registry key hkey_local_machine\software\datamngr\ deleted successfully.
Registry key hkey_local_machine\software\bandoo\ deleted successfully.
Registry key hkey_local_machine\software\classes\appid\bandoocore.exe\ deleted successfully.
Registry key hkey_local_machine\software\classes\appid\{1301a8a5-3dfb-4731-a162-b357d00c9644}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301a8a5-3dfb-4731-a162-b357d00c9644}\ not found.
Registry key hkey_local_machine\software\classes\applications\ilividsetupv1.exe\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.bandoocore.1\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.bandoocore\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.resourcesmngr.1\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.resourcesmngr\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.settingsmngr.1\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.settingsmngr\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.statisticmngr.1\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.statisticmngr\ deleted successfully.
Registry key hkey_local_machine\software\classes\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{bb76a90b-2b4c-4378-8506-9a2b6e16943c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb76a90b-2b4c-4378-8506-9a2b6e16943c}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{c3ab94a4-bfd0-4bba-a331-de504f07d2db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3ab94a4-bfd0-4bba-a331-de504f07d2db}\ not found.
Registry key hkey_local_machine\software\classes\interface\{477f210a-2a86-4666-9c4b-1189634d2c84}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477f210a-2a86-4666-9c4b-1189634d2c84}\ not found.
Registry key hkey_local_machine\software\classes\interface\{ff871e51-2655-4d06-aed5-745962a96b32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff871e51-2655-4d06-aed5-745962a96b32}\ not found.
Registry key hkey_local_machine\software\classes\searchquiehelper.dnsguard.1\ not found.
Registry key hkey_local_machine\software\classes\searchquiehelper.dnsguard\ not found.
Registry key hkey_local_machine\software\classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key hkey_local_machine\software\classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\searchqu toolbar\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{f9189560-573a-4fde-b055-ae7b0f4cf080}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9189560-573a-4fde-b055-ae7b0f4cf080}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key hkey_local_machine\software\microsoft\radar\heapleakdetection\diagnosedapplications\ilivid.exe\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasapi32\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasmancs\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasapi32\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasmancs\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\tracing\ilividsetupv1_rasapi32\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\tracing\ilividsetupv1_rasmancs\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\searchqu 406 mediabar\ not found.
Registry key hkey_local_machine\software\searchqumediabartb\ not found.
Registry key hkey_local_machine\software\classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key hkey_local_machine\software\classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key hkey_local_machine\software\classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\clsid\{9d717f81-9148-4f12-8568-69135f087db0}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key hkey_local_machine\software\classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry value hkey_current_user\software\microsoft\internet explorer\main\\start page deleted successfully.
Registry value hkey_local_machine\software\microsoft\internet explorer\toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value hkey_current_user\software\classes\local settings\software\microsoft\windows\shell\muicache\\c:\program files\ilivid\ilivid.exe not found.
Registry value hkey_current_user\software\classes\local settings\software\microsoft\windows\shell\muicache\\c:\program files\ilivid\vlc\vlc.exe not found.
Registry value hkey_local_machine\software\microsoft\windows\currentversion\installer\folders\\c:\programdata\microsoft\windows\start menu\programs\ilivid\ not found.
Registry value hkey_local_machine\software\microsoft\windows\currentversion\run\\datamngr not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d}\ not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{924eb14a-495b-49f3-b558-a7c81e88c85d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924eb14a-495b-49f3-b558-a7c81e88c85d}\ not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{6d11a718-4174-474f-a0a4-08d56b03bfeb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d11a718-4174-474f-a0a4-08d56b03bfeb}\ not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{ec25043d-aac6-416f-ba2d-c44e34fb533b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec25043d-aac6-416f-ba2d-c44e34fb533b}\ not found.
Registry value hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{924eb14a-495b-49f3-b558-a7c81e88c85d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924eb14a-495b-49f3-b558-a7c81e88c85d}\ not found.
Registry value hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{6d11a718-4174-474f-a0a4-08d56b03bfeb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d11a718-4174-474f-a0a4-08d56b03bfeb}\ not found.
Registry value hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{ec25043d-aac6-416f-ba2d-c44e34fb533b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec25043d-aac6-416f-ba2d-c44e34fb533b}\ not found.
Registry value hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d}\ not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{ec25043d-aac6-416f-ba2d-c44e34fb533b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec25043d-aac6-416f-ba2d-c44e34fb533b}\ not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d}\ not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{924eb14a-495b-49f3-b558-a7c81e88c85d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924eb14a-495b-49f3-b558-a7c81e88c85d}\ not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{6d11a718-4174-474f-a0a4-08d56b03bfeb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d11a718-4174-474f-a0a4-08d56b03bfeb}\ not found.
========== FILES ==========
File/Folder C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\searchquwebsearch.xml not found.
File/Folder C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\searchqutoolbar not found.
File/Folder C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\*@sweetim[1].txt not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\low\*@ilivid[1].txt not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\low\*@ilivid[2].txt not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\low\*@searchqu[1].txt not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\low\*@searchqu[2].txt not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\low\*@stats.ilivid[1].txt not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\low\*@sweetim[1].txt not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\low\*@www.sweetim[2].txt not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\low\*@www.sweetim[3].txt not found.
C:\Users\Alex\AppData\Local\Ilivid Player folder moved successfully.
C:\Users\Alex\AppData\Local\microsoft\windows\temporary internet files\content.ie5\IJ4NR53W\iLividSetupV1.exe moved successfully.
File/Folder C:\Users\Alex\AppData\Local\microsoft\windows\temporary internet files\content.ie5\ilivid[1].7z not found.
File/Folder C:\Users\Alex\AppData\Local\microsoft\windows\temporary internet files\content.ie5\setupdatamngr_searchqu[1].exe not found.
File/Folder C:\Users\Alex\AppData\Local\microsoft\windows\temporary internet files\content.ie5\sweetimsetup.exe not found.
File/Folder C:\Users\Alex\AppData\Local\microsoft\windows\temporary internet files\content.ie5\bandoov6[1].exe not found.
File/Folder C:\Users\Alex\AppData\Local\microsoft\windows\temporary internet files\low\content.ie5\searchqu_net[1].htm not found.
File/Folder C:\Users\Alex\AppData\Local\Temp\bandoofiles not found.
File/Folder C:\Users\Alex\AppData\Local\Temp\bandoov6.exe not found.
C:\Users\Alex\AppData\Local\Temp\SetupDataMngr_Searchqu.exe moved successfully.
File/Folder C:\Users\Alex\AppData\Local\Temp\sweetimreinstall not found.
File/Folder C:\Users\Alex\AppData\Local\Temp\sweetimreinstall\sweetimsetup.exe not found.
File/Folder C:\Users\Alex\AppData\Local\Temp\ilivid.7z not found.
C:\Users\Alex\AppData\Local\Temp\Searchqu.ini moved successfully.
C:\Users\Alex\AppData\Local\Temp\searchqutoolbar-manifest.xml moved successfully.
C:\Users\Alex\appdata\locallow\searchquband folder moved successfully.
File/Folder C:\Users\Alex\appdata\locallow\searchqutoolbar not found.
File/Folder C:\Users\Alex\downloads\sweetimsetup.exe not found.
C:\Users\Alex\downloads\iLividSetupV1.exe moved successfully.
File\Folder c:\programdata\microsoft\windows\start menu\programs\ilivid not found.
File\Folder c:\users\all users\microsoft\windows\start menu\programs\ilivid not found.
File\Folder c:\program files\windows searchqu toolbar not found.
File\Folder c:\program files\windows ilivid toolbar not found.
File\Folder c:\program files\ilivid not found.
File\Folder c:\windows\prefetch\ilivid* not found.
File\Folder c:\windows\prefetch\searchqumediabar* not found.
File\Folder c:\windows\prefetch\setupdatamngr* not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alex
->Temp folder emptied: 310761557 bytes
->Temporary Internet Files folder emptied: 1331046158 bytes
->Java cache emptied: 434722 bytes
->Google Chrome cache emptied: 6437278 bytes
->Flash cache emptied: 2280 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56262132 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 206029 bytes

Total Files Cleaned = 1,626.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07022012_233014

Files\Folders moved on Reboot...
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0HMS4PQJ\google_co_uk[1].htm moved successfully.
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
File move failed. C:\Windows\temp\atchksrv.log scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0HMS4PQJ\google_co_uk[1].htm not found!
File C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!
File C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat not found!
[2012/02/05 16:35:29 | 000,000,000 | ---- | M] () C:\Windows\temp\atchksrv.log : Unable to obtain MD5

Registry entries deleted on Reboot...


ystemLook 30.07.11 by jpshortstuff
Log created at 23:51 on 02/07/2012 by Alex
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\Windows\System32\Macromed\Flash\FlashPlayerTrust\Bandoo.cfg --a---- 43 bytes [13:01 12/09/2011] [13:01 12/09/2011] C07E8020FFE7E61713AC6D5C6BB0AB11

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\07022012_233014\C_Users\Alex\AppData\Local\Temp\Searchqu.ini --a---- 354 bytes [21:37 09/04/2012] [21:37 09/04/2012] 513CA4229CBC05C26B1BFE8032E76EDF
C:\_OTL\MovedFiles\07022012_233014\C_Users\Alex\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [08:42 27/02/2012] [08:42 27/02/2012] B4CF632013D5A08B137DB737D2825F12
C:\_OTL\MovedFiles\07022012_233014\C_Users\Alex\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3779936 bytes [21:37 09/04/2012] [21:37 09/04/2012] 272A776C4425F061837AE105FA3406C5

Searching for "*iLivid*"
C:\_OTL\MovedFiles\07022012_233014\C_Users\Alex\AppData\Local\microsoft\windows\temporary internet files\content.ie5\IJ4NR53W\iLividSetupV1.exe --a---- 516136 bytes [21:35 09/04/2012] [21:35 09/04/2012] 76B65D5B9B8E68D2AC9E8C0FB12CBD6C
C:\_OTL\MovedFiles\07022012_233014\C_Users\Alex\downloads\iLividSetupV1.exe --a---- 2075104 bytes [12:57 12/09/2011] [12:57 12/09/2011] 9D198B19AEBC19486A53C9EF05F0D85B

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\07022012_233014\C_Users\Alex\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3779936 bytes [21:37 09/04/2012] [21:37 09/04/2012] 272A776C4425F061837AE105FA3406C5

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
C:\Users\Alex\AppData\LocalLow\Bandoo d------ [13:01 12/09/2011]
C:\Users\Alex\AppData\Roaming\Bandoo d------ [13:01 12/09/2011]

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\07022012_233014\C_Users\Alex\AppData\locallow\searchquband d------ [13:01 12/09/2011]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\07022012_233014\C_Users\Alex\AppData\Local\Ilivid Player d------ [13:01 12/09/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Users\Alex\AppData\LocalLow\DataMngr d------ [13:01 12/09/2011]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BandooV6_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BandooV6_RASMANCS]

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\42513ca4_0]
@="{0.0.0.00000000}.{7d0549e1-92b0-453e-8605-9af98f4b8292}|\Device\HarddiskVolume3\Program Files\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-482344202-581333641-2261761304-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\42513ca4_0]
@="{0.0.0.00000000}.{7d0549e1-92b0-453e-8605-9af98f4b8292}|\Device\HarddiskVolume3\Program Files\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72518D9D-37A1-4AAC-AFCC-D9CFD226491F}]
"AppPath"="C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-482344202-581333641-2261761304-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-482344202-581333641-2261761304-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "Search_Results"
No data found.

Searching for "search-results"
No data found.

-= EOF =-


Thanks - Alex
Jim701
Active Member
 
Posts: 10
Joined: June 30th, 2012, 11:59 am

Re: MS IE Explorer window vibrating - believed to be malware

Unread postby Jim701 » July 2nd, 2012, 7:02 pm

ll processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll deleted successfully.
File C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll deleted successfully.
File C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll not found.
========== REGISTRY ==========
Registry key hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\2b1e51d87b2d71a44bb42ddd5e894160\installproperties\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ilivid\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\windows searchqu toolbar\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{8d15e1b2-d2b7-4a17-b44b-d2dde5981406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d15e1b2-d2b7-4a17-b44b-d2dde5981406}\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\windows searchqu toolbar\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\ilivid\ not found.
Registry key hkey_local_machine\software\classes\ilivid\ not found.
Registry key hkey_local_machine\software\classes\installer\products\2b1e51d87b2d71a44bb42ddd5e894160\ not found.
Registry key hkey_local_machine\software\ilivid\ not found.
Registry key hkey_local_machine\software\ilivid\player\hosts\ilivid.com\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{949d2c04-d3c1-490a-8a03-440b5c32b5f2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{949d2c04-d3c1-490a-8a03-440b5c32b5f2}\ not found.
Registry key hkey_current_user\software\datamngr_toolbar\ not found.
Registry key hkey_local_machine\software\classes\browserconnection.loader\ not found.
Registry key hkey_local_machine\software\classes\browserconnection.loader.1\ not found.
Registry key hkey_local_machine\software\classes\clsid\{9d717f81-9148-4f12-8568-69135f087db0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d717f81-9148-4f12-8568-69135f087db0}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{69cf75c1-35ab-4de5-a51f-662c9020ad4a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69cf75c1-35ab-4de5-a51f-662c9020ad4a}\ not found.
Registry key hkey_current_user\software\appdatalow\software\searchqutoolbar\ deleted successfully.
Registry key hkey_current_user\software\datamngr\ deleted successfully.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\bandoo\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key hkey_current_user\software\trolltech\ deleted successfully.
Registry key hkey_current_user\software\ilivid\ not found.
Registry key hkey_current_user\software\searchqutoolbar\ not found.
Registry key hkey_local_machine\software\datamngr\ deleted successfully.
Registry key hkey_local_machine\software\bandoo\ deleted successfully.
Registry key hkey_local_machine\software\classes\appid\bandoocore.exe\ deleted successfully.
Registry key hkey_local_machine\software\classes\appid\{1301a8a5-3dfb-4731-a162-b357d00c9644}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301a8a5-3dfb-4731-a162-b357d00c9644}\ not found.
Registry key hkey_local_machine\software\classes\applications\ilividsetupv1.exe\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.bandoocore.1\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.bandoocore\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.resourcesmngr.1\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.resourcesmngr\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.settingsmngr.1\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.settingsmngr\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.statisticmngr.1\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.statisticmngr\ deleted successfully.
Registry key hkey_local_machine\software\classes\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{bb76a90b-2b4c-4378-8506-9a2b6e16943c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb76a90b-2b4c-4378-8506-9a2b6e16943c}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{c3ab94a4-bfd0-4bba-a331-de504f07d2db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3ab94a4-bfd0-4bba-a331-de504f07d2db}\ not found.
Registry key hkey_local_machine\software\classes\interface\{477f210a-2a86-4666-9c4b-1189634d2c84}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477f210a-2a86-4666-9c4b-1189634d2c84}\ not found.
Registry key hkey_local_machine\software\classes\interface\{ff871e51-2655-4d06-aed5-745962a96b32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff871e51-2655-4d06-aed5-745962a96b32}\ not found.
Registry key hkey_local_machine\software\classes\searchquiehelper.dnsguard.1\ not found.
Registry key hkey_local_machine\software\classes\searchquiehelper.dnsguard\ not found.
Registry key hkey_local_machine\software\classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key hkey_local_machine\software\classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\searchqu toolbar\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{f9189560-573a-4fde-b055-ae7b0f4cf080}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9189560-573a-4fde-b055-ae7b0f4cf080}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key hkey_local_machine\software\microsoft\radar\heapleakdetection\diagnosedapplications\ilivid.exe\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasapi32\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasmancs\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasapi32\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasmancs\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\tracing\ilividsetupv1_rasapi32\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\tracing\ilividsetupv1_rasmancs\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\searchqu 406 mediabar\ not found.
Registry key hkey_local_machine\software\searchqumediabartb\ not found.
Registry key hkey_local_machine\software\classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key hkey_local_machine\software\classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key hkey_local_machine\software\classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\clsid\{9d717f81-9148-4f12-8568-69135f087db0}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key hkey_local_machine\software\classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry value hkey_current_user\software\microsoft\internet explorer\main\\start page deleted successfully.
Registry value hkey_local_machine\software\microsoft\internet explorer\toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value hkey_current_user\software\classes\local settings\software\microsoft\windows\shell\muicache\\c:\program files\ilivid\ilivid.exe not found.
Registry value hkey_current_user\software\classes\local settings\software\microsoft\windows\shell\muicache\\c:\program files\ilivid\vlc\vlc.exe not found.
Registry value hkey_local_machine\software\microsoft\windows\currentversion\installer\folders\\c:\programdata\microsoft\windows\start menu\programs\ilivid\ not found.
Registry value hkey_local_machine\software\microsoft\windows\currentversion\run\\datamngr not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d}\ not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{924eb14a-495b-49f3-b558-a7c81e88c85d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924eb14a-495b-49f3-b558-a7c81e88c85d}\ not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{6d11a718-4174-474f-a0a4-08d56b03bfeb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d11a718-4174-474f-a0a4-08d56b03bfeb}\ not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{ec25043d-aac6-416f-ba2d-c44e34fb533b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec25043d-aac6-416f-ba2d-c44e34fb533b}\ not found.
Registry value hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{924eb14a-495b-49f3-b558-a7c81e88c85d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924eb14a-495b-49f3-b558-a7c81e88c85d}\ not found.
Registry value hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{6d11a718-4174-474f-a0a4-08d56b03bfeb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d11a718-4174-474f-a0a4-08d56b03bfeb}\ not found.
Registry value hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{ec25043d-aac6-416f-ba2d-c44e34fb533b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec25043d-aac6-416f-ba2d-c44e34fb533b}\ not found.
Registry value hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d}\ not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{ec25043d-aac6-416f-ba2d-c44e34fb533b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec25043d-aac6-416f-ba2d-c44e34fb533b}\ not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d}\ not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{924eb14a-495b-49f3-b558-a7c81e88c85d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924eb14a-495b-49f3-b558-a7c81e88c85d}\ not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{6d11a718-4174-474f-a0a4-08d56b03bfeb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d11a718-4174-474f-a0a4-08d56b03bfeb}\ not found.
========== FILES ==========
File/Folder C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\searchquwebsearch.xml not found.
File/Folder C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\searchqutoolbar not found.
File/Folder C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\*@sweetim[1].txt not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\low\*@ilivid[1].txt not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\low\*@ilivid[2].txt not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\low\*@searchqu[1].txt not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\low\*@searchqu[2].txt not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\low\*@stats.ilivid[1].txt not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\low\*@sweetim[1].txt not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\low\*@www.sweetim[2].txt not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\low\*@www.sweetim[3].txt not found.
C:\Users\Alex\AppData\Local\Ilivid Player folder moved successfully.
C:\Users\Alex\AppData\Local\microsoft\windows\temporary internet files\content.ie5\IJ4NR53W\iLividSetupV1.exe moved successfully.
File/Folder C:\Users\Alex\AppData\Local\microsoft\windows\temporary internet files\content.ie5\ilivid[1].7z not found.
File/Folder C:\Users\Alex\AppData\Local\microsoft\windows\temporary internet files\content.ie5\setupdatamngr_searchqu[1].exe not found.
File/Folder C:\Users\Alex\AppData\Local\microsoft\windows\temporary internet files\content.ie5\sweetimsetup.exe not found.
File/Folder C:\Users\Alex\AppData\Local\microsoft\windows\temporary internet files\content.ie5\bandoov6[1].exe not found.
File/Folder C:\Users\Alex\AppData\Local\microsoft\windows\temporary internet files\low\content.ie5\searchqu_net[1].htm not found.
File/Folder C:\Users\Alex\AppData\Local\Temp\bandoofiles not found.
File/Folder C:\Users\Alex\AppData\Local\Temp\bandoov6.exe not found.
C:\Users\Alex\AppData\Local\Temp\SetupDataMngr_Searchqu.exe moved successfully.
File/Folder C:\Users\Alex\AppData\Local\Temp\sweetimreinstall not found.
File/Folder C:\Users\Alex\AppData\Local\Temp\sweetimreinstall\sweetimsetup.exe not found.
File/Folder C:\Users\Alex\AppData\Local\Temp\ilivid.7z not found.
C:\Users\Alex\AppData\Local\Temp\Searchqu.ini moved successfully.
C:\Users\Alex\AppData\Local\Temp\searchqutoolbar-manifest.xml moved successfully.
C:\Users\Alex\appdata\locallow\searchquband folder moved successfully.
File/Folder C:\Users\Alex\appdata\locallow\searchqutoolbar not found.
File/Folder C:\Users\Alex\downloads\sweetimsetup.exe not found.
C:\Users\Alex\downloads\iLividSetupV1.exe moved successfully.
File\Folder c:\programdata\microsoft\windows\start menu\programs\ilivid not found.
File\Folder c:\users\all users\microsoft\windows\start menu\programs\ilivid not found.
File\Folder c:\program files\windows searchqu toolbar not found.
File\Folder c:\program files\windows ilivid toolbar not found.
File\Folder c:\program files\ilivid not found.
File\Folder c:\windows\prefetch\ilivid* not found.
File\Folder c:\windows\prefetch\searchqumediabar* not found.
File\Folder c:\windows\prefetch\setupdatamngr* not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alex
->Temp folder emptied: 310761557 bytes
->Temporary Internet Files folder emptied: 1331046158 bytes
->Java cache emptied: 434722 bytes
->Google Chrome cache emptied: 6437278 bytes
->Flash cache emptied: 2280 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56262132 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 206029 bytes

Total Files Cleaned = 1,626.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07022012_233014

Files\Folders moved on Reboot...
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0HMS4PQJ\google_co_uk[1].htm moved successfully.
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
File move failed. C:\Windows\temp\atchksrv.log scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0HMS4PQJ\google_co_uk[1].htm not found!
File C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!
File C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat not found!
[2012/02/05 16:35:29 | 000,000,000 | ---- | M] () C:\Windows\temp\atchksrv.log : Unable to obtain MD5

Registry entries deleted on Reboot...


ystemLook 30.07.11 by jpshortstuff
Log created at 23:51 on 02/07/2012 by Alex
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\Windows\System32\Macromed\Flash\FlashPlayerTrust\Bandoo.cfg --a---- 43 bytes [13:01 12/09/2011] [13:01 12/09/2011] C07E8020FFE7E61713AC6D5C6BB0AB11

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\07022012_233014\C_Users\Alex\AppData\Local\Temp\Searchqu.ini --a---- 354 bytes [21:37 09/04/2012] [21:37 09/04/2012] 513CA4229CBC05C26B1BFE8032E76EDF
C:\_OTL\MovedFiles\07022012_233014\C_Users\Alex\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [08:42 27/02/2012] [08:42 27/02/2012] B4CF632013D5A08B137DB737D2825F12
C:\_OTL\MovedFiles\07022012_233014\C_Users\Alex\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3779936 bytes [21:37 09/04/2012] [21:37 09/04/2012] 272A776C4425F061837AE105FA3406C5

Searching for "*iLivid*"
C:\_OTL\MovedFiles\07022012_233014\C_Users\Alex\AppData\Local\microsoft\windows\temporary internet files\content.ie5\IJ4NR53W\iLividSetupV1.exe --a---- 516136 bytes [21:35 09/04/2012] [21:35 09/04/2012] 76B65D5B9B8E68D2AC9E8C0FB12CBD6C
C:\_OTL\MovedFiles\07022012_233014\C_Users\Alex\downloads\iLividSetupV1.exe --a---- 2075104 bytes [12:57 12/09/2011] [12:57 12/09/2011] 9D198B19AEBC19486A53C9EF05F0D85B

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\07022012_233014\C_Users\Alex\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3779936 bytes [21:37 09/04/2012] [21:37 09/04/2012] 272A776C4425F061837AE105FA3406C5

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
C:\Users\Alex\AppData\LocalLow\Bandoo d------ [13:01 12/09/2011]
C:\Users\Alex\AppData\Roaming\Bandoo d------ [13:01 12/09/2011]

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\07022012_233014\C_Users\Alex\AppData\locallow\searchquband d------ [13:01 12/09/2011]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\07022012_233014\C_Users\Alex\AppData\Local\Ilivid Player d------ [13:01 12/09/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Users\Alex\AppData\LocalLow\DataMngr d------ [13:01 12/09/2011]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BandooV6_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BandooV6_RASMANCS]

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\42513ca4_0]
@="{0.0.0.00000000}.{7d0549e1-92b0-453e-8605-9af98f4b8292}|\Device\HarddiskVolume3\Program Files\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-482344202-581333641-2261761304-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\42513ca4_0]
@="{0.0.0.00000000}.{7d0549e1-92b0-453e-8605-9af98f4b8292}|\Device\HarddiskVolume3\Program Files\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72518D9D-37A1-4AAC-AFCC-D9CFD226491F}]
"AppPath"="C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-482344202-581333641-2261761304-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-482344202-581333641-2261761304-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "Search_Results"
No data found.

Searching for "search-results"
No data found.

-= EOF =-


Thanks - Alex
Jim701
Active Member
 
Posts: 10
Joined: June 30th, 2012, 11:59 am

Re: MS IE Explorer window vibrating - believed to be malware

Unread postby Jim701 » July 2nd, 2012, 7:03 pm

ll processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll deleted successfully.
File C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll deleted successfully.
File C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll not found.
========== REGISTRY ==========
Registry key hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\2b1e51d87b2d71a44bb42ddd5e894160\installproperties\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ilivid\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\windows searchqu toolbar\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{8d15e1b2-d2b7-4a17-b44b-d2dde5981406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d15e1b2-d2b7-4a17-b44b-d2dde5981406}\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\windows searchqu toolbar\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\ilivid\ not found.
Registry key hkey_local_machine\software\classes\ilivid\ not found.
Registry key hkey_local_machine\software\classes\installer\products\2b1e51d87b2d71a44bb42ddd5e894160\ not found.
Registry key hkey_local_machine\software\ilivid\ not found.
Registry key hkey_local_machine\software\ilivid\player\hosts\ilivid.com\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{949d2c04-d3c1-490a-8a03-440b5c32b5f2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{949d2c04-d3c1-490a-8a03-440b5c32b5f2}\ not found.
Registry key hkey_current_user\software\datamngr_toolbar\ not found.
Registry key hkey_local_machine\software\classes\browserconnection.loader\ not found.
Registry key hkey_local_machine\software\classes\browserconnection.loader.1\ not found.
Registry key hkey_local_machine\software\classes\clsid\{9d717f81-9148-4f12-8568-69135f087db0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d717f81-9148-4f12-8568-69135f087db0}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{69cf75c1-35ab-4de5-a51f-662c9020ad4a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69cf75c1-35ab-4de5-a51f-662c9020ad4a}\ not found.
Registry key hkey_current_user\software\appdatalow\software\searchqutoolbar\ deleted successfully.
Registry key hkey_current_user\software\datamngr\ deleted successfully.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\bandoo\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key hkey_current_user\software\trolltech\ deleted successfully.
Registry key hkey_current_user\software\ilivid\ not found.
Registry key hkey_current_user\software\searchqutoolbar\ not found.
Registry key hkey_local_machine\software\datamngr\ deleted successfully.
Registry key hkey_local_machine\software\bandoo\ deleted successfully.
Registry key hkey_local_machine\software\classes\appid\bandoocore.exe\ deleted successfully.
Registry key hkey_local_machine\software\classes\appid\{1301a8a5-3dfb-4731-a162-b357d00c9644}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301a8a5-3dfb-4731-a162-b357d00c9644}\ not found.
Registry key hkey_local_machine\software\classes\applications\ilividsetupv1.exe\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.bandoocore.1\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.bandoocore\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.resourcesmngr.1\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.resourcesmngr\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.settingsmngr.1\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.settingsmngr\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.statisticmngr.1\ deleted successfully.
Registry key hkey_local_machine\software\classes\bandoocore.statisticmngr\ deleted successfully.
Registry key hkey_local_machine\software\classes\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{bb76a90b-2b4c-4378-8506-9a2b6e16943c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb76a90b-2b4c-4378-8506-9a2b6e16943c}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{c3ab94a4-bfd0-4bba-a331-de504f07d2db}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3ab94a4-bfd0-4bba-a331-de504f07d2db}\ not found.
Registry key hkey_local_machine\software\classes\interface\{477f210a-2a86-4666-9c4b-1189634d2c84}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477f210a-2a86-4666-9c4b-1189634d2c84}\ not found.
Registry key hkey_local_machine\software\classes\interface\{ff871e51-2655-4d06-aed5-745962a96b32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff871e51-2655-4d06-aed5-745962a96b32}\ not found.
Registry key hkey_local_machine\software\classes\searchquiehelper.dnsguard.1\ not found.
Registry key hkey_local_machine\software\classes\searchquiehelper.dnsguard\ not found.
Registry key hkey_local_machine\software\classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key hkey_local_machine\software\classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\searchqu toolbar\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{f9189560-573a-4fde-b055-ae7b0f4cf080}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9189560-573a-4fde-b055-ae7b0f4cf080}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key hkey_local_machine\software\microsoft\radar\heapleakdetection\diagnosedapplications\ilivid.exe\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasapi32\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasmancs\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasapi32\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasmancs\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\tracing\ilividsetupv1_rasapi32\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\tracing\ilividsetupv1_rasmancs\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\searchqu 406 mediabar\ not found.
Registry key hkey_local_machine\software\searchqumediabartb\ not found.
Registry key hkey_local_machine\software\classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key hkey_local_machine\software\classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ deleted successfully.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key hkey_local_machine\software\classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\clsid\{9d717f81-9148-4f12-8568-69135f087db0}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key hkey_local_machine\software\classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry value hkey_current_user\software\microsoft\internet explorer\main\\start page deleted successfully.
Registry value hkey_local_machine\software\microsoft\internet explorer\toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value hkey_current_user\software\classes\local settings\software\microsoft\windows\shell\muicache\\c:\program files\ilivid\ilivid.exe not found.
Registry value hkey_current_user\software\classes\local settings\software\microsoft\windows\shell\muicache\\c:\program files\ilivid\vlc\vlc.exe not found.
Registry value hkey_local_machine\software\microsoft\windows\currentversion\installer\folders\\c:\programdata\microsoft\windows\start menu\programs\ilivid\ not found.
Registry value hkey_local_machine\software\microsoft\windows\currentversion\run\\datamngr not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d}\ not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{924eb14a-495b-49f3-b558-a7c81e88c85d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924eb14a-495b-49f3-b558-a7c81e88c85d}\ not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{6d11a718-4174-474f-a0a4-08d56b03bfeb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d11a718-4174-474f-a0a4-08d56b03bfeb}\ not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{ec25043d-aac6-416f-ba2d-c44e34fb533b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec25043d-aac6-416f-ba2d-c44e34fb533b}\ not found.
Registry value hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{924eb14a-495b-49f3-b558-a7c81e88c85d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924eb14a-495b-49f3-b558-a7c81e88c85d}\ not found.
Registry value hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{6d11a718-4174-474f-a0a4-08d56b03bfeb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d11a718-4174-474f-a0a4-08d56b03bfeb}\ not found.
Registry value hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{ec25043d-aac6-416f-ba2d-c44e34fb533b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec25043d-aac6-416f-ba2d-c44e34fb533b}\ not found.
Registry value hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d}\ not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{ec25043d-aac6-416f-ba2d-c44e34fb533b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec25043d-aac6-416f-ba2d-c44e34fb533b}\ not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d}\ not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{924eb14a-495b-49f3-b558-a7c81e88c85d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924eb14a-495b-49f3-b558-a7c81e88c85d}\ not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{6d11a718-4174-474f-a0a4-08d56b03bfeb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d11a718-4174-474f-a0a4-08d56b03bfeb}\ not found.
========== FILES ==========
File/Folder C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\searchquwebsearch.xml not found.
File/Folder C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\searchqutoolbar not found.
File/Folder C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\*@sweetim[1].txt not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\low\*@ilivid[1].txt not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\low\*@ilivid[2].txt not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\low\*@searchqu[1].txt not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\low\*@searchqu[2].txt not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\low\*@stats.ilivid[1].txt not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\low\*@sweetim[1].txt not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\low\*@www.sweetim[2].txt not found.
File/Folder C:\Users\Alex\AppData\Roaming\microsoft\windows\cookies\low\*@www.sweetim[3].txt not found.
C:\Users\Alex\AppData\Local\Ilivid Player folder moved successfully.
C:\Users\Alex\AppData\Local\microsoft\windows\temporary internet files\content.ie5\IJ4NR53W\iLividSetupV1.exe moved successfully.
File/Folder C:\Users\Alex\AppData\Local\microsoft\windows\temporary internet files\content.ie5\ilivid[1].7z not found.
File/Folder C:\Users\Alex\AppData\Local\microsoft\windows\temporary internet files\content.ie5\setupdatamngr_searchqu[1].exe not found.
File/Folder C:\Users\Alex\AppData\Local\microsoft\windows\temporary internet files\content.ie5\sweetimsetup.exe not found.
File/Folder C:\Users\Alex\AppData\Local\microsoft\windows\temporary internet files\content.ie5\bandoov6[1].exe not found.
File/Folder C:\Users\Alex\AppData\Local\microsoft\windows\temporary internet files\low\content.ie5\searchqu_net[1].htm not found.
File/Folder C:\Users\Alex\AppData\Local\Temp\bandoofiles not found.
File/Folder C:\Users\Alex\AppData\Local\Temp\bandoov6.exe not found.
C:\Users\Alex\AppData\Local\Temp\SetupDataMngr_Searchqu.exe moved successfully.
File/Folder C:\Users\Alex\AppData\Local\Temp\sweetimreinstall not found.
File/Folder C:\Users\Alex\AppData\Local\Temp\sweetimreinstall\sweetimsetup.exe not found.
File/Folder C:\Users\Alex\AppData\Local\Temp\ilivid.7z not found.
C:\Users\Alex\AppData\Local\Temp\Searchqu.ini moved successfully.
C:\Users\Alex\AppData\Local\Temp\searchqutoolbar-manifest.xml moved successfully.
C:\Users\Alex\appdata\locallow\searchquband folder moved successfully.
File/Folder C:\Users\Alex\appdata\locallow\searchqutoolbar not found.
File/Folder C:\Users\Alex\downloads\sweetimsetup.exe not found.
C:\Users\Alex\downloads\iLividSetupV1.exe moved successfully.
File\Folder c:\programdata\microsoft\windows\start menu\programs\ilivid not found.
File\Folder c:\users\all users\microsoft\windows\start menu\programs\ilivid not found.
File\Folder c:\program files\windows searchqu toolbar not found.
File\Folder c:\program files\windows ilivid toolbar not found.
File\Folder c:\program files\ilivid not found.
File\Folder c:\windows\prefetch\ilivid* not found.
File\Folder c:\windows\prefetch\searchqumediabar* not found.
File\Folder c:\windows\prefetch\setupdatamngr* not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alex
->Temp folder emptied: 310761557 bytes
->Temporary Internet Files folder emptied: 1331046158 bytes
->Java cache emptied: 434722 bytes
->Google Chrome cache emptied: 6437278 bytes
->Flash cache emptied: 2280 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56262132 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 206029 bytes

Total Files Cleaned = 1,626.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07022012_233014

Files\Folders moved on Reboot...
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0HMS4PQJ\google_co_uk[1].htm moved successfully.
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
File move failed. C:\Windows\temp\atchksrv.log scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0HMS4PQJ\google_co_uk[1].htm not found!
File C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!
File C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat not found!
[2012/02/05 16:35:29 | 000,000,000 | ---- | M] () C:\Windows\temp\atchksrv.log : Unable to obtain MD5

Registry entries deleted on Reboot...


ystemLook 30.07.11 by jpshortstuff
Log created at 23:51 on 02/07/2012 by Alex
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\Windows\System32\Macromed\Flash\FlashPlayerTrust\Bandoo.cfg --a---- 43 bytes [13:01 12/09/2011] [13:01 12/09/2011] C07E8020FFE7E61713AC6D5C6BB0AB11

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\07022012_233014\C_Users\Alex\AppData\Local\Temp\Searchqu.ini --a---- 354 bytes [21:37 09/04/2012] [21:37 09/04/2012] 513CA4229CBC05C26B1BFE8032E76EDF
C:\_OTL\MovedFiles\07022012_233014\C_Users\Alex\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [08:42 27/02/2012] [08:42 27/02/2012] B4CF632013D5A08B137DB737D2825F12
C:\_OTL\MovedFiles\07022012_233014\C_Users\Alex\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3779936 bytes [21:37 09/04/2012] [21:37 09/04/2012] 272A776C4425F061837AE105FA3406C5

Searching for "*iLivid*"
C:\_OTL\MovedFiles\07022012_233014\C_Users\Alex\AppData\Local\microsoft\windows\temporary internet files\content.ie5\IJ4NR53W\iLividSetupV1.exe --a---- 516136 bytes [21:35 09/04/2012] [21:35 09/04/2012] 76B65D5B9B8E68D2AC9E8C0FB12CBD6C
C:\_OTL\MovedFiles\07022012_233014\C_Users\Alex\downloads\iLividSetupV1.exe --a---- 2075104 bytes [12:57 12/09/2011] [12:57 12/09/2011] 9D198B19AEBC19486A53C9EF05F0D85B

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\07022012_233014\C_Users\Alex\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3779936 bytes [21:37 09/04/2012] [21:37 09/04/2012] 272A776C4425F061837AE105FA3406C5

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
C:\Users\Alex\AppData\LocalLow\Bandoo d------ [13:01 12/09/2011]
C:\Users\Alex\AppData\Roaming\Bandoo d------ [13:01 12/09/2011]

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\07022012_233014\C_Users\Alex\AppData\locallow\searchquband d------ [13:01 12/09/2011]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\07022012_233014\C_Users\Alex\AppData\Local\Ilivid Player d------ [13:01 12/09/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Users\Alex\AppData\LocalLow\DataMngr d------ [13:01 12/09/2011]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BandooV6_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\BandooV6_RASMANCS]

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\42513ca4_0]
@="{0.0.0.00000000}.{7d0549e1-92b0-453e-8605-9af98f4b8292}|\Device\HarddiskVolume3\Program Files\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-482344202-581333641-2261761304-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\42513ca4_0]
@="{0.0.0.00000000}.{7d0549e1-92b0-453e-8605-9af98f4b8292}|\Device\HarddiskVolume3\Program Files\iLivid\VLC\vlc.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72518D9D-37A1-4AAC-AFCC-D9CFD226491F}]
"AppPath"="C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F9375B5D-D07A-4B6E-BC6D-7D65197C444E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2DD26211-68F4-41D3-9E3A-9429467BF04B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-482344202-581333641-2261761304-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-482344202-581333641-2261761304-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "Search_Results"
No data found.

Searching for "search-results"
No data found.

-= EOF =-


Thanks - Alex
Jim701
Active Member
 
Posts: 10
Joined: June 30th, 2012, 11:59 am

Re: MS IE Explorer window vibrating - believed to be malware

Unread postby diver79 » July 3rd, 2012, 2:02 pm

Hi Alex,

I want to get a scan with OTL now to see what it finds.

OTL Scan
  • Right click on OTL.exe and select Run as Administrator to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt, please post the contents of this in your next reply.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: MS IE Explorer window vibrating - believed to be malware

Unread postby Jim701 » July 3rd, 2012, 4:14 pm

Here is the second OTL.txt file you requested.

OTL logfile created on: 03/07/2012 21:06:50 - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Alex\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 62.55% Memory free
6.49 Gb Paging File | 4.60 Gb Available in Paging File | 70.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 230.73 Gb Total Space | 156.99 Gb Free Space | 68.04% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 0.82 Gb Free Space | 41.13% Space Free | Partition Type: NTFS

Computer Name: DESKTOP | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Alex\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe (Nitro PDF Software)
PRC - C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe (AVG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\atchksrv.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\UNS.exe (Intel)
PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel)
PRC - C:\Program Files\Brownie\BrStsWnd.exe (brother)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Brownie\BRNIPMON.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Brownie\brpjp04a.exe (brother)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\AVG\AVG PC Tuneup\madExcept_.bpl ()
MOD - C:\Program Files\AVG\AVG PC Tuneup\madBasic_.bpl ()
MOD - C:\Program Files\AVG\AVG PC Tuneup\madDisAsm_.bpl ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Program Files\Logitech\Vid HD\SDL.dll ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Common Files\logishrd\SharedBin\LvApi11.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Program Files\Logitech\Vid HD\phonon4.dll ()


========== Win32 Services (SafeList) ==========

SRV - (vToolbarUpdater11.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (NitroDriverReadSpool2) -- C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe (Nitro PDF Software)
SRV - (avgfws) -- C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (DragonSvc) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (atchksrv) Intel(R) -- C:\Program Files\Intel\AMT\atchksrv.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files\Intel\AMT\UNS.exe (Intel)
SRV - (LMS) Intel(R) -- C:\Program Files\Intel\AMT\LMS.exe (Intel)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (dfg) -- C:\Windows\System32\drivers\dfg.sys (defrag Development Team)
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (LVUVC) Logitech Webcam 600(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6232.sys (Intel Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C 89 06 A3 A3 58 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {4A4D1B80-A041-4721-9757-DC1B46109E26}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatche ... tp=bs&qkw={searchTerms}&tbid=60195
IE - HKCU\..\SearchScopes\{4A4D1B80-A041-4721-9757-DC1B46109E26}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_enGB392
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{826E1A96-3872-46FA-9306-74B76EA3B572}: "URL" = http://uk.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20111253,17152,0,18,0
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={ADE846CF-6F4B-4AD5-8E88-6EA14F85ACED}&mid=e94ab488d2b86ff9b70a53ee18e9cf15-9223e20ea742dea8657cad9e1d4e0971e8014619&lang=en&ds=AVG&pr=pr&d=2012-06-30 10:27:56&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://inboxtoolbar.com/search/dispatch ... tp=bs&qkw={searchTerms}&tbid=80150&lng=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/07/03 09:51:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/06/30 23:04:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 09:51:30 | 000,000,000 | ---D | M]

[2010/11/01 16:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2010/11/01 16:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/11/01 16:04:19 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={ADE846CF-6F4B-4AD5-8E88-6EA14F85ACED}&mid=e94ab488d2b86ff9b70a53ee18e9cf15-9223e20ea742dea8657cad9e1d4e0971e8014619&lang=en&ds=AVG&pr=pr&d=2011-12-11 15:30:21&v=10.0.0.7&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - Extension: AVG Safe Search = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\
CHR - Extension: AVG Safe Search = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Skype Click to Call = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77C2F2DE-6B45-4645-990A-8965CD9D1BA1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{31fdb91c-d129-11df-8b31-00219b5f28ea}\Shell - "" = AutoRun
O33 - MountPoints2\{31fdb91c-d129-11df-8b31-00219b5f28ea}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\{affbc35c-075d-11e0-bc9e-00219b5f28ea}\Shell - "" = AutoRun
O33 - MountPoints2\{affbc35c-075d-11e0-bc9e-00219b5f28ea}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/03 09:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/02 23:30:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/02 11:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother HL-2150N
[2012/07/02 11:26:50 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\brlmw03a.dll
[2012/07/02 11:26:12 | 000,200,704 | ---- | C] (brother) -- C:\Windows\System32\Pdrvinst.dll
[2012/06/30 12:46:27 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes
[2012/06/30 12:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/30 12:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/30 12:46:10 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/30 12:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/30 10:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/06/30 10:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/06/30 09:54:47 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2012/06/30 08:50:17 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Nitro PDF
[2012/06/30 08:47:28 | 000,027,144 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll
[2012/06/30 08:47:28 | 000,018,440 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll
[2012/06/30 08:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2012/06/30 08:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2012/06/30 08:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2012/06/30 08:46:10 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Downloaded Installations
[2012/06/30 00:15:18 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Qegih
[2012/06/30 00:15:18 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Keweiz
[2012/06/30 00:15:18 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Ahuqu
[2012/06/27 21:30:43 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\AVG Secure Search
[2012/06/24 21:47:42 | 000,069,640 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
[2011/06/08 21:46:59 | 000,706,504 | ---- | C] (TelevisionFanatic) -- C:\Program Files\Uninstall TelevisionFanatic.dll

========== Files - Modified Within 30 Days ==========

[2012/07/03 20:48:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/03 20:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/03 18:00:00 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Registration3.job
[2012/07/03 15:01:35 | 101,039,536 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/07/03 09:51:42 | 000,000,970 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/03 09:50:44 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/03 09:50:44 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/03 09:49:29 | 000,628,024 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/03 09:49:29 | 000,110,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/03 09:43:37 | 000,000,461 | ---- | M] () -- C:\Windows\Brownie.ini
[2012/07/03 09:43:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/03 09:43:03 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/07/03 09:42:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/03 09:42:53 | 2615,365,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/03 09:42:50 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012/07/02 20:33:21 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2150N.DAT
[2012/07/02 20:33:20 | 000,009,868 | ---- | M] () -- C:\Windows\HL-2150N.INI
[2012/07/02 20:33:20 | 000,000,146 | ---- | M] () -- C:\Windows\BRVIDEO.INI
[2012/07/02 11:26:51 | 000,000,000 | ---- | M] () -- C:\Windows\brmx2001.ini
[2012/07/02 11:26:19 | 000,000,410 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/07/01 00:50:03 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Update3.job
[2012/06/30 23:17:33 | 000,000,270 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{27E75BDF-164A-484B-A17C-9D4CCF0A6D6A}.job
[2012/06/30 23:00:19 | 000,495,112 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/06/30 13:53:14 | 000,002,321 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/06/30 12:46:14 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/30 12:42:03 | 000,270,134 | ---- | M] () -- C:\Users\Alex\AppData\Local\census.cache
[2012/06/30 12:41:01 | 000,145,615 | ---- | M] () -- C:\Users\Alex\AppData\Local\ars.cache
[2012/06/30 12:22:14 | 000,000,036 | ---- | M] () -- C:\Users\Alex\AppData\Local\housecall.guid.cache
[2012/06/30 10:07:04 | 000,001,159 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/06/30 10:07:04 | 000,001,135 | ---- | M] () -- C:\Users\Alex\Desktop\AVG PC Tuneup 2011.lnk
[2012/06/30 08:47:21 | 000,002,052 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Pro 7.lnk
[2012/06/27 21:31:59 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/27 21:31:59 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/27 21:29:24 | 000,625,911 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/06/24 21:47:42 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
[2012/06/24 21:46:56 | 000,027,144 | ---- | M] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll
[2012/06/24 21:46:56 | 000,018,440 | ---- | M] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll

========== Files Created - No Company Name ==========

[2012/07/02 11:26:51 | 000,000,146 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2012/07/02 11:26:51 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2012/07/02 11:26:50 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2150N.INI
[2012/07/02 11:26:50 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2012/07/02 11:26:19 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/07/02 11:26:19 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2150N.DAT
[2012/07/02 11:25:47 | 000,000,461 | ---- | C] () -- C:\Windows\Brownie.ini
[2012/06/30 23:17:33 | 000,000,270 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{27E75BDF-164A-484B-A17C-9D4CCF0A6D6A}.job
[2012/06/30 12:46:14 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/30 12:42:03 | 000,270,134 | ---- | C] () -- C:\Users\Alex\AppData\Local\census.cache
[2012/06/30 12:41:01 | 000,145,615 | ---- | C] () -- C:\Users\Alex\AppData\Local\ars.cache
[2012/06/30 12:22:14 | 000,000,036 | ---- | C] () -- C:\Users\Alex\AppData\Local\housecall.guid.cache
[2012/06/30 10:07:04 | 000,001,159 | ---- | C] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/06/30 10:07:04 | 000,001,135 | ---- | C] () -- C:\Users\Alex\Desktop\AVG PC Tuneup 2011.lnk
[2012/06/30 08:47:21 | 000,002,052 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Pro 7.lnk
[2012/06/30 08:47:19 | 000,002,545 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 7.lnk
[2011/12/31 20:44:58 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/11/29 18:27:19 | 000,002,048 | -HS- | C] () -- C:\Users\Alex\AppData\Local\b60de816\@
[2011/10/14 15:14:19 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Local\{E3F69A56-EC2B-42EA-AB4A-D543E6E57024}
[2011/08/28 09:20:00 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Local\{E1BFBD2A-F03B-4D17-8A48-96890D2FAE36}
[2011/06/18 09:14:06 | 000,000,000 | ---- | C] () -- C:\Users\Alex\AppData\Local\{EFD117DE-C3EA-4CF5-A190-D9991F6A4254}
[2011/06/07 09:04:16 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/10 21:57:06 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/10 13:34:18 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/12/14 22:18:11 | 000,155,745 | ---- | C] () -- C:\Windows\System32\installservice.exe
[2010/12/14 22:18:11 | 000,036,864 | ---- | C] () -- C:\Windows\System32\kill.dll
[2010/11/25 12:05:45 | 000,002,554 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\SAS7_000.DAT
[2010/10/06 10:57:55 | 000,103,784 | ---- | C] () -- C:\Users\Alex\GoToAssistDownloadHelper.exe
[2010/07/27 09:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/07/27 09:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/07/27 09:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/07/27 08:56:04 | 000,090,411 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

========== LOP Check ==========

[2012/06/30 00:18:46 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Ahuqu
[2012/01/22 21:33:22 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\AVG
[2012/01/22 22:24:00 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\AVG2012
[2011/09/12 14:04:50 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Bandoo
[2012/06/30 08:46:10 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Downloaded Installations
[2012/01/22 20:44:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\DriverCure
[2011/11/10 23:00:44 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FVZilla
[2010/11/01 10:11:32 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\GARMIN
[2009/12/27 21:39:47 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\GetRightToGo
[2012/06/30 00:15:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Keweiz
[2009/12/28 23:33:07 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Leadertech
[2012/06/30 08:51:17 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Nitro PDF
[2010/08/17 10:20:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Nuance
[2011/12/29 12:10:32 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PoivY
[2012/06/30 00:29:43 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Qegih
[2010/05/05 15:14:19 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Research In Motion
[2012/01/22 20:44:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SpeedMaxPc
[2011/12/11 19:39:41 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Tific
[2010/11/01 16:04:31 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TomTom
[2011/02/06 19:59:00 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\uTorrent
[2012/07/02 20:34:47 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/05 16:35:28 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\SpeedMaxPc Defrag.job
[2012/07/03 18:00:00 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\SpeedMaxPc Registration3.job
[2012/07/01 00:50:03 | 000,000,396 | ---- | M] () -- C:\Windows\Tasks\SpeedMaxPc Update3.job
[2012/03/18 08:07:11 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\SpeedMaxPc.job
[2012/06/30 23:17:33 | 000,000,270 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{27E75BDF-164A-484B-A17C-9D4CCF0A6D6A}.job

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB41444$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:F35A93AD
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Regards Alex
Jim701
Active Member
 
Posts: 10
Joined: June 30th, 2012, 11:59 am

Re: MS IE Explorer window vibrating - believed to be malware

Unread postby diver79 » July 3rd, 2012, 4:52 pm

Hi Alex,

Code: Select all
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB41444$] -> Error: Cannot create file handle -> Unknown point type
This line shows you may have a zeroaccess rootkit infection (or the remnants of one). Some versions of Zero Access can be very difficult to remove, and it's possible that the only way to clean your machine might be to reformat your hard drive and re-install Windows. So if you have not already done so, please back up your personal files and folders to some external media. See my note below on rootkit infections.

Rootkit
Your computer has a dangerous Rootkit infection. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system. The only true way to ensure there are no remnants of a rootkit on your machine is to fully wipe the hard drive. I understand that this may not be what you want to hear, but it is the safest way to deal with such an infection. There are tools that may identify the infection but removing it can sometimes cause more problems than it solves. The truth is, invasive rootkit malware can dig itself so deep that your safest bet is to wipe and re-install OS.
You are strongly advised to do the following:
  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

To help you understand more, please take some time to read the following articles:
What are rootkits from Wikipedia
How do I respond to a possible identity theft and how do I prevent it
How to backup your files in Windows 7

Should you have any questions please feel free to ask.

We can either attempt a repair or re-install Windows. Let me know what you decide to do.

diver79.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: MS IE Explorer window vibrating - believed to be malware

Unread postby Jim701 » July 4th, 2012, 5:07 am

Thank you for all your help.

It sounds very serious and I have read the documentation that you recommended which makes one all the more scared.

In fact the computer does not have much work-file data on it and what there is I have already backed-up. Reformatting the hard disk however takes time particularly to re-load the new software (I have all the original discs). The software that is the most difficult to reload is Adobe software (I have CS3 suite). You are supposed to de-register Adobe products but that does not always work and Adobe are a very suspicious and will not easily release pass keys. MS Office I can re-load, but again I think Microsoft can be difficult if the original Registration key does not work.

I store all my work files on a laptop which is backed-up to two external back-up drives. Is there anylikely hood that the rootkit could have passed to my laptop either over the network or by swaping USB memory sticks? How could I check the laptop for this rootkit. The computer seems to be working OK.

I have used the infected computer desk-top to access my bank accounts and to pay on-line. I have not noticed any problems but I will keep a very close eye on my statements. As it is faster and has a larger screen than my laptop I use it all the time to work on files that are saved on the laptop.

I am familiar with such faud, because years ago I had my bank account hacked and money taken - immediately returned by the bank. Since they have introduced the little calculator like devevices (I don't know their generic name) that seems to have made bank access much more secure. I changed all my bank account numbers at that time. Also some time ago I also had my e-mail password hacked with the result that they used my computer as a proxy server to send spam e-mails resulting in me getting all the undelivered e-mails returned to me - hundreds of them. The ISP sorted that and I changed the password.

In fact, the last time I had my bank account hacked it was through traditional paper based systems - presenting false cheques which they had printed and false standing orders. Luckily I did not have sufficient money in the account to cover the the amount requested (£20,000) so the bank charged me £50 for presenting a bounced cheque!!!!. When I talked to the bank about it they referred me to the police and had the money gone there would have been no recompense - unlike cyber fraud where the banks will usually return the money - so cyber fraud is not as serieous for the customer as traditional fraud - in my view.

I will de-register all the software and then wipe the hard drive as suggested when I have a clear day to do it. Anything special I need to do to ensure the hard drive really is clean?

Just three further questions:-

Would it be possible to check my laptop for the malware rootkit and could you instruct me how to do it?

How can you prevent this rootkit malware getting onto the computer in future - why doesn't AVG stop it?

Is there any charge for your services and if not how do you finance yourselves?

Regards Alex Warlow (Jim701)
Jim701
Active Member
 
Posts: 10
Joined: June 30th, 2012, 11:59 am

Re: MS IE Explorer window vibrating - believed to be malware

Unread postby diver79 » July 4th, 2012, 12:42 pm

Hi Alex,

I will de-register all the software and then wipe the hard drive as suggested when I have a clear day to do it. Anything special I need to do to ensure the hard drive really is clean?
This is probably the best and safest course of action to take. Just be sure that you format the disk when re-installing. See here for more info. The section titled Using the Custom installation option and formatting the hard disk details the steps you need to take.

Would it be possible to check my laptop for the malware rootkit and could you instruct me how to do it?
Sure, you will need to open a new topic for this.

How can you prevent this rootkit malware getting onto the computer in future - why doesn't AVG stop it?
This particular infection takes advantage of known vulnerabilities in Windows and other third party software (Adobe Reader, Flash Player and Java). Installing all available Windows updates and using the latest version of the aforementioned software will help to prevent the infection. Other methods of infection are downloading cracked software from P2P programs such as uTorrent (Malware authors use P2P as a conduit to spread their wares).
No Anti-Virus application can offer 100% protection from infection. Malware writers are constantly refining the techniques they use to infect a system. It is somewhat of a re-active process. Ultimately you are the biggest line of defence from infection. Safe browsing habits will go a long way to ensure you steer clear of malware. See this post for further information

Is there any charge for your services and if not how do you finance yourselves?
No, there are no charges for the service. The people who volunteer here do so for many reasons. I'm a bit of a tech head and just wanted to know more about how malware operates. This gives me the oppurtunity to help people and learn.

The site does accept donations to help with the cost of hosting. If you would like to donate you can do so here.

I will post some more information later this evening on how you can stay safe online.

Any other questions?
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware