1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Cannot Remove Registry Errors after scan

Discussion in 'Virus & Other Malware Removal' started by johnbcnone, Feb 15, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. johnbcnone

    johnbcnone Thread Starter

    Joined:
    Oct 8, 2006
    Messages:
    16
    I have 4 registry errors which I cannot remove using my Spyhunter 4 'Malware Security Suite'. there are 4 infections from the same threat 'Search.Speedbit.com which is regarded as a browser hijack. I have taken a support ticket with Spyhunter but no success as of yet. Please find below the requested logs.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
    Processor: Intel(R) Pentium(R) 4 CPU 2.26GHz, x86 Family 15 Model 2 Stepping 7
    Processor Count: 1
    RAM: 2047 Mb
    Graphics Card: RAGE 128, 16 Mb
    Hard Drives: C: Total - 76285 MB, Free - 28023 MB;
    Motherboard: Dell Computer Corp., 02Y832
    Antivirus: None

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:34:24, on 15/02/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\atiptaxx.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
    C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    C:\PROGRA~1\Uniblue\DRIVER~1\driverscanner.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\xampp\apache\bin\httpd.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\xampp\mysql\bin\mysqld.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    C:\xampp\apache\bin\httpd.exe
    C:\Documents and Settings\Home\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.eircom.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10016&barid={C8961652-0BBA-11E2-AE0D-0007E9671F01}
    R3 - Default URLSearchHook is missing
    O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll (file missing)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (file missing)
    O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DriverScanner] "C:\PROGRA~1\Uniblue\DRIVER~1\launcher.exe" delay 20000
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OneNote 2010 - Capture d’écran et lancement.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229628516906
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Downloads\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
    O23 - Service: Google Update Service (gupdate1c9acb62447fda9) (gupdate1c9acb62447fda9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe
    O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
    O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
    O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe (file missing)

    --
    End of file - 12670 bytes




    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_39
    Run by Home at 11:37:55 on 2013-02-15
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1393 [GMT 0:00]
    .
    .
    ============== Running Processes ================
    .
    C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\atiptaxx.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
    C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    C:\PROGRA~1\Uniblue\DRIVER~1\driverscanner.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\xampp\apache\bin\httpd.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\xampp\mysql\bin\mysqld.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
    C:\xampp\apache\bin\httpd.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Documents and Settings\Home\Desktop\HijackThis.exe
    C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://home.eircom.net/
    mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10016&barid={C8961652-0BBA-11E2-AE0D-0007E9671F01}
    BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} -
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll
    TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} -
    TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} -
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [DriverScanner] "c:\progra~1\uniblue\driver~1\launcher.exe" delay 20000
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
    mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
    mRun: [UserFaultCheck] c:\windows\system32\dumprep 0 -u
    mRun: [AtiPTA] atiptaxx.exe
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\home\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
    StartupFolder: c:\docume~1\home\startm~1\programs\startup\onenot~2.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    LSP: c:\progra~1\speedb~1\sblsp.dll
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229628516906
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
    DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    TCP: NameServer = 89.101.160.5 89.101.160.4
    TCP: Interfaces\{CB22B366-933B-40D3-B8AC-1B65CF731018} : DHCPNameServer = 89.101.160.5 89.101.160.4
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Notify: !SASWinLogon - c:\downloads\superantispyware\SASWINLO.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\downloads\superantispyware\SASSEH.DLL
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\home\application data\mozilla\firefox\profiles\66bpx8cl.default-1360671014578\
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - plugin: c:\windows\system32\npwmsdrm.dll
    FF - ExtSQL: 2013-02-11 12:21; {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    FF - ExtSQL: 2013-02-11 12:21; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    FF - ExtSQL: 2013-02-11 12:21; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 SASDIFSV;SASDIFSV;c:\downloads\superantispyware\SASDIFSV.SYS [2007-11-9 12872]
    R1 SASKUTIL;SASKUTIL;c:\downloads\superantispyware\SASKUTIL.SYS [2007-11-9 68168]
    R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-10-18 20549]
    R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2013-1-14 769920]
    R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
    R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
    S2 gupdate1c9acb62447fda9;Google Update Service (gupdate1c9acb62447fda9);c:\program files\google\update\GoogleUpdate.exe [2009-3-24 133104]
    S2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\extensionupdaterservice.exe --> c:\program files\web assistant\ExtensionUpdaterService.exe [?]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
    S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2012-6-22 19984]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
    S3 SASENUM;SASENUM;c:\downloads\superantispyware\SASENUM.SYS [2007-11-9 12872]
    .
    =============== Created Last 30 ================
    .
    2013-02-14 16:18:06 14232 ----a-w- c:\windows\system32\sh4native.exe
    2013-02-04 16:26:59 -------- d-----w- c:\program files\C++
    2013-02-04 15:57:59 -------- d-----w- C:\wamp
    2013-01-29 13:53:37 -------- d-----w- C:\Joomla Hillwalks
    2013-01-28 14:00:53 110080 ----a-r- c:\documents and settings\home\application data\microsoft\installer\{230db04d-4116-4bb3-acae-7983edcc0448}\IconF7A21AF7.exe
    2013-01-28 14:00:53 110080 ----a-r- c:\documents and settings\home\application data\microsoft\installer\{230db04d-4116-4bb3-acae-7983edcc0448}\IconD7F16134.exe
    2013-01-28 14:00:53 110080 ----a-r- c:\documents and settings\home\application data\microsoft\installer\{230db04d-4116-4bb3-acae-7983edcc0448}\IconCAE74F08.exe
    2013-01-28 13:54:20 -------- d-----w- c:\windows\230DB04D41164BB3ACAE7983EDCC0448.TMP
    .
    ==================== Find3M ====================
    .
    2013-02-14 15:01:02 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-14 15:00:58 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-10 09:48:25 16365936 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-15 16:56:10 477616 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-01-15 16:56:07 473520 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-15 15:14:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
    2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll
    2012-12-26 20:16:28 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-12-26 20:16:28 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-12-24 06:40:59 385024 ------w- c:\windows\system32\html.iec
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600
    .
    CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
    device: opened successfully
    user: error reading MBR
    .
    Disk trace:
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
    1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A5B5AB8]
    3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\Ide\IdeDeviceP0T0L0-3[0x8A587D98]
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    user != kernel MBR !!!
    .
    ============= FINISH: 11:39:48.59 ===============




    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 09/07/2007 00:32:27
    System Uptime: 15/02/2013 10:43:45 (1 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 02Y832
    Processor: Intel(R) Pentium(R) 4 CPU 2.26GHz | Microprocessor | 2261/533mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 74 GiB total, 27.366 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1196: 18/11/2012 21:55:15 - System Checkpoint
    RP1197: 20/11/2012 12:43:50 - System Checkpoint
    RP1198: 21/11/2012 12:55:45 - System Checkpoint
    RP1199: 22/11/2012 13:27:46 - System Checkpoint
    RP1200: 23/11/2012 20:57:39 - System Checkpoint
    RP1201: 25/11/2012 19:22:30 - System Checkpoint
    RP1202: 26/11/2012 20:10:03 - System Checkpoint
    RP1203: 27/11/2012 20:31:19 - System Checkpoint
    RP1204: 30/11/2012 08:25:01 - System Checkpoint
    RP1205: 02/12/2012 10:55:38 - System Checkpoint
    RP1206: 04/12/2012 11:02:11 - System Checkpoint
    RP1207: 05/12/2012 18:55:57 - System Checkpoint
    RP1208: 07/12/2012 08:53:38 - System Checkpoint
    RP1209: 09/12/2012 14:57:00 - System Checkpoint
    RP1210: 10/12/2012 17:15:20 - System Checkpoint
    RP1211: 12/12/2012 13:07:31 - System Checkpoint
    RP1212: 13/12/2012 12:56:44 - Software Distribution Service 3.0
    RP1213: 14/12/2012 13:04:56 - System Checkpoint
    RP1214: 15/12/2012 20:20:30 - System Checkpoint
    RP1215: 16/12/2012 20:49:40 - System Checkpoint
    RP1216: 18/12/2012 20:21:47 - System Checkpoint
    RP1217: 20/12/2012 13:14:10 - System Checkpoint
    RP1218: 21/12/2012 12:34:57 - Software Distribution Service 3.0
    RP1219: 23/12/2012 20:51:49 - System Checkpoint
    RP1220: 25/12/2012 12:40:36 - System Checkpoint
    RP1221: 26/12/2012 12:47:49 - System Checkpoint
    RP1222: 27/12/2012 20:04:59 - System Checkpoint
    RP1223: 29/12/2012 07:31:39 - System Checkpoint
    RP1224: 30/12/2012 07:52:15 - System Checkpoint
    RP1225: 31/12/2012 16:38:47 - System Checkpoint
    RP1226: 01/01/2013 17:35:04 - System Checkpoint
    RP1227: 02/01/2013 20:13:40 - System Checkpoint
    RP1228: 04/01/2013 11:06:25 - System Checkpoint
    RP1229: 05/01/2013 03:00:19 - Software Distribution Service 3.0
    RP1230: 06/01/2013 12:53:15 - System Checkpoint
    RP1231: 07/01/2013 13:05:23 - System Checkpoint
    RP1232: 08/01/2013 13:36:50 - System Checkpoint
    RP1233: 09/01/2013 17:20:49 - Software Distribution Service 3.0
    RP1234: 11/01/2013 12:48:19 - System Checkpoint
    RP1235: 12/01/2013 13:12:56 - System Checkpoint
    RP1236: 13/01/2013 13:43:27 - System Checkpoint
    RP1237: 14/01/2013 14:26:04 - System Checkpoint
    RP1238: 15/01/2013 08:42:13 - Software Distribution Service 3.0
    RP1239: 16/01/2013 10:16:58 - System Checkpoint
    RP1240: 17/01/2013 12:49:16 - System Checkpoint
    RP1241: 18/01/2013 13:34:31 - System Checkpoint
    RP1242: 19/01/2013 14:49:08 - System Checkpoint
    RP1243: 21/01/2013 10:59:09 - System Checkpoint
    RP1244: 22/01/2013 12:57:02 - System Checkpoint
    RP1245: 23/01/2013 13:04:29 - System Checkpoint
    RP1246: 24/01/2013 13:06:13 - System Checkpoint
    RP1247: 25/01/2013 17:25:14 - System Checkpoint
    RP1248: 27/01/2013 11:45:56 - System Checkpoint
    RP1249: 28/01/2013 13:22:15 - System Checkpoint
    RP1250: 28/01/2013 13:58:10 - Removed SpyHunter
    RP1251: 28/01/2013 13:59:57 - Installed SpyHunter
    RP1252: 30/01/2013 13:09:27 - System Checkpoint
    RP1253: 31/01/2013 13:10:02 - System Checkpoint
    RP1254: 01/02/2013 16:34:11 - System Checkpoint
    RP1255: 03/02/2013 10:35:00 - System Checkpoint
    RP1256: 04/02/2013 13:12:24 - System Checkpoint
    RP1257: 05/02/2013 16:17:00 - System Checkpoint
    RP1258: 05/02/2013 20:39:21 - Software Distribution Service 3.0
    RP1259: 05/02/2013 23:03:56 - Installed Java(TM) 6 Update 39
    RP1260: 07/02/2013 13:05:51 - System Checkpoint
    RP1261: 08/02/2013 13:25:11 - System Checkpoint
    RP1262: 10/02/2013 10:34:27 - System Checkpoint
    RP1263: 11/02/2013 11:08:50 - System Checkpoint
    RP1264: 12/02/2013 13:11:46 - System Checkpoint
    RP1265: 13/02/2013 09:14:55 - Software Distribution Service 3.0
    RP1266: 14/02/2013 09:33:01 - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader XI (11.0.01)
    Adobe Stock Photos 1.0
    Adobe® Photoshop® Album Starter Edition 3.2
    Akeeba eXtract Wizard 3.2
    Apple Application Support
    Apple Software Update
    ArcSoft Software Suite
    Artisteer 4
    ATI Display Driver
    AVS Media Player 4.1.9.95
    AVS Screen Capture version 2.0.1
    AVS Update Manager 1.0
    AVS Video Converter 8
    AVS Video Editor 6
    AVS Video Recorder 2.5
    AVS4YOU Software Navigator 1.4
    Before You Know It 3.6
    BulletProof FTP Client 2010 (remove only)
    Canon Utilities Easy-PhotoPrint
    Critical Update for Windows Media Player 11 (KB959772)
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell Touchpad
    Digimax Viewer 1.0
    Disketch Disc Label Software
    Easy-WebPrint
    Express Burn
    FileZilla Client 3.6.0.2
    Garmin BaseCamp
    Garmin MapSource
    Garmin USB Drivers
    Gartrip 208d
    GIMP 2.8.2
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    HijackThis 1.99.1
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Incredibar Toolbar on IE
    Intel(R) Network Connections 13.0.42.0
    Internet Explorer Toolbar 4.6 by SweetPacks
    IrfanView (remove only)
    Java Auto Updater
    Java(TM) 6 Update 39
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Lotus SmartSuite Release 9.5
    Macromedia Dreamweaver 8
    Macromedia Extension Manager
    Macromedia Fireworks 8
    Macromedia Flash 8
    Macromedia Flash 8 Video Encoder
    McAfee Security Scan Plus
    MGI PhotoSuite III SE (Remove Only)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Easy Assist v2
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access MUI (French) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Excel MUI (French) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office Groove MUI (French) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office InfoPath MUI (French) 2010
    Microsoft Office Language Pack 2010 - French/Français
    Microsoft Office O MUI (French) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office OneNote MUI (French) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office Outlook MUI (French) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint MUI (French) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (Arabic) 2010
    Microsoft Office Proof (Dutch) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (German) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing (French) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Publisher MUI (French) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared MUI (French) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office SharePoint Designer MUI (French) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Office Word MUI (French) 2010
    Microsoft Office X MUI (French) 2010
    Microsoft Office XP Professional with FrontPage
    Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 14
    Microsoft Software Update for Web Folders (French) 14
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Web Platform Installer 4.0
    Mozilla Firefox 18.0.2 (x86 en-GB)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    Netscape Browser (remove only)
    Norton 360
    OGA Notifier 2.0.0048.0
    OrCAD 10.0 Demo
    PC TuneUp Maestro
    PHOTOfunSTUDIO
    PowerDVD
    PrimoPDF
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    RegCure 1.5.2.7
    Safari
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2559049)
    Security Update for Windows Internet Explorer 7 (KB2586448)
    Security Update for Windows Internet Explorer 7 (KB2618444)
    Security Update for Windows Internet Explorer 7 (KB2647516)
    Security Update for Windows Internet Explorer 7 (KB2675157)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2778344)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2799494)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    SpyHunter
    SweetIM for Messenger 3.7
    TRUST EASY WEBSCAN 19200
    Uniblue DriverScanner
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Manager for SweetPacks 1.1
    Video Downloader
    WampServer 2.2
    WebFldrs XP
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    Windows XP Service Pack 3
    World Leaders
    XAMPP 1.7.4
    .
    ==== Event Viewer Messages From Past Week ========
    .
    13/02/2013 19:32:51, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
    13/02/2013 09:24:32, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
    13/02/2013 09:24:32, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    13/02/2013 09:24:32, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/02/2013 13:29:58, error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error 1 (0x1).
    .
    ==== End Of File ===========================



    GMER 2.1.18952 - http://www.gmer.net
    Rootkit scan 2013-02-15 11:55:36
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 rev. 0.00MB
    Running: 157u4uo2.exe; Driver: C:\DOCUME~1\Home\LOCALS~1\Temp\pxtdapob.sys


    ---- System - GMER 2.1 ----

    SSDT \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ZwCreateSection [0xF79A1700]

    ---- Kernel code sections - GMER 2.1 ----

    ? C:\DOCUME~1\Home\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !

    ---- User code sections - GMER 2.1 ----

    .text C:\program files\real\realplayer\update\realsched.exe[1980] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\WINDOWS\system32\SearchIndexer.exe[2492] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

    ---- Disk sectors - GMER 2.1 ----

    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- EOF - GMER 2.1 ----
     
  2. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    You have several items of Adware on your system and there could be a Rootkit.

    You appear to have Norton 360 on your system but only its update service shows as running. Spyhunter is an Anti Virus program and you should not have more than one Anti Virus installed, even if you only have one Anti Virus program enabled conflicts can still occur. Personally I would remove both Spyhunter and Norton and install Microsoft Security Essentials. Please let me know what you would like to do so I can instruct on safe removal.

    Please run the following scans and post the logs.


    SCAN 1
    Click on this link to download : ADWCleaner and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and click on this icon on your desktop: [​IMG]

    You will then see the screen below, click on the Delete button (as indicated), accept any prompts that appear and allow it to reboot the PC. When the PC has rebooted you will be presented with the report, copy & paste it into your next post.

    [​IMG]



    SCAN 2
    Download RogueKiller (by tigzy) and save direct to your Desktop.
    On the web page click on this: [​IMG]

    • Quit all running programs
    • Start RogueKiller.exe
    • Wait until Prescan has finished.
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
    • NOTE: DO NOT attempt to remove anything that the scan detects.

    [​IMG]



    SCAN 3
    Please follow the instructions exactly as written, deviating from the instructions and trying to fix anything before I have seen the logs may make your PC unbootable. If TDSSKiller does not offer the Cure option DO NOT select delete as you may remove files needed for the system to operate.

    Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!
    -- The tool is frequently updated...if you used TDSSKiller before, delete that version and download the most current one before using again.

    Be sure to print out and follow the instructions for performing a scan.

    • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
    • Alternatively, you can download TDSSKiller.exe and use that instead.
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.


    • When the program opens, click the Change parameters.

      [​IMG]
    • Under "Additional options", check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.

      [​IMG]
    • Click the Start Scan button.

      [​IMG]
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
    • If Malicious objects are detected, they will show in the Scan results - Select action for found objects: and offer three options.

      [​IMG]
    • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.

      [​IMG]
    • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed. If you choose Delete you may remove critical system files and make your PC unstable or possibly unbootable.
    • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C: ).
    • Copy and paste the contents of that file in your next reply.

    -- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".
     
  3. johnbcnone

    johnbcnone Thread Starter

    Joined:
    Oct 8, 2006
    Messages:
    16
    Thank you for your advice. I do not use Norton anymore so it should not be a conflict.
    Please find the scan reports below. I did a scan on Spyhunter after the 3 scans and I still have the same registry errors.


    # AdwCleaner v2.112 - Logfile created 02/15/2013 at 13:30:32
    # Updated 10/02/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Home - D5
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Home\Desktop\adwcleaner0.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : Web Assistant Updater

    ***** [Files / Folders] *****

    File Deleted : C:\Documents and Settings\Home\Desktop\Search The Web.url
    File Deleted : C:\user.js
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
    Folder Deleted : C:\Documents and Settings\Home\Application Data\Babylon
    Folder Deleted : C:\Documents and Settings\Home\Local Settings\Application Data\APN
    Folder Deleted : C:\Documents and Settings\Home\Start Menu\Programs\Browser Manager
    Folder Deleted : C:\WINDOWS\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
    Folder Deleted : C:\WINDOWS\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

    ***** [Registry] *****

    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\Web Assistant
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\BrowserMngr
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\b
    Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
    Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
    Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
    Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
    Key Deleted : HKLM\SOFTWARE\Classes\I
    Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
    Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
    Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
    Key Deleted : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
    Key Deleted : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
    Key Deleted : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
    Key Deleted : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
    Key Deleted : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
    Key Deleted : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
    Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
    Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
    Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
    Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
    Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
    Key Deleted : HKLM\Software\incredibar.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FilesFrog Update Checker
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
    Key Deleted : HKLM\Software\Web Assistant
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10016&barid={C8961652-0BBA-11E2-AE0D-0007E9671F01} --> hxxp://www.google.com

    -\\ Mozilla Firefox v18.0.2 (en-GB)

    File : C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\66bpx8cl.default-1360671014578\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v24.0.1312.57

    File : C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [25165 octets] - [15/02/2013 13:30:32]

    ########## EOF - C:\AdwCleaner[S1].txt - [25226 octets] ##########





    RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Home [Admin rights]
    Mode : Scan -- Date : 02/15/2013 14:07:19
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
    [HJ] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    SSDT[50] : NtCreateSection @ 0x805653B3 -> HOOKED (\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys @ 0xB0701700)

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost
    127.0.0.1 localhost
    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: IC35L090AVV207-0 +++++
    --- User ---
    [MBR] 1522866a6520d844a402c65c4ed8b097
    [BSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_02152013_02d1407.txt >>
    RKreport[1]_S_02152013_02d1407.txt

    14:19:48.0859 0784 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    14:19:49.0203 0784 ============================================================
    14:19:49.0203 0784 Current date / time: 2013/02/15 14:19:49.0203
    14:19:49.0203 0784 SystemInfo:
    14:19:49.0203 0784
    14:19:49.0203 0784 OS Version: 5.1.2600 ServicePack: 3.0
    14:19:49.0203 0784 Product type: Workstation
    14:19:49.0203 0784 ComputerName: D5
    14:19:49.0203 0784 UserName: Home
    14:19:49.0203 0784 Windows directory: C:\WINDOWS
    14:19:49.0203 0784 System windows directory: C:\WINDOWS
    14:19:49.0203 0784 Processor architecture: Intel x86
    14:19:49.0203 0784 Number of processors: 1
    14:19:49.0203 0784 Page size: 0x1000
    14:19:49.0203 0784 Boot type: Normal boot
    14:19:49.0203 0784 ============================================================
    14:19:50.0906 0784 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    14:19:50.0921 0784 ============================================================
    14:19:50.0921 0784 \Device\Harddisk0\DR0:
    14:19:50.0921 0784 MBR partitions:
    14:19:50.0921 0784 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
    14:19:50.0921 0784 ============================================================
    14:19:50.0953 0784 C: <-> \Device\Harddisk0\DR0\Partition1
    14:19:50.0953 0784 ============================================================
    14:19:50.0953 0784 Initialize success
    14:19:50.0953 0784 ============================================================
    14:21:47.0281 2848 ============================================================
    14:21:47.0281 2848 Scan started
    14:21:47.0281 2848 Mode: Manual; SigCheck; TDLFS;
    14:21:47.0281 2848 ============================================================
    14:21:47.0640 2848 ================ Scan system memory ========================
    14:21:47.0640 2848 System memory - ok
    14:21:47.0640 2848 ================ Scan services =============================
    14:21:48.0078 2848 Abiosdsk - ok
    14:21:48.0093 2848 abp480n5 - ok
    14:21:48.0234 2848 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    14:21:53.0281 2848 ACPI - ok
    14:21:53.0312 2848 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    14:21:53.0531 2848 ACPIEC - ok
    14:21:53.0656 2848 [ C1EB9968EC89FBA5F3A264E2E57923AB ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    14:21:53.0671 2848 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
    14:21:53.0671 2848 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
    14:21:53.0843 2848 [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    14:21:53.0890 2848 AdobeFlashPlayerUpdateSvc - ok
    14:21:53.0906 2848 adpu160m - ok
    14:21:53.0968 2848 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
    14:21:54.0031 2848 aeaudio - ok
    14:21:54.0140 2848 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    14:21:54.0421 2848 aec - ok
    14:21:54.0484 2848 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\WINDOWS\system32\drivers\Afc.sys
    14:21:54.0515 2848 Afc ( UnsignedFile.Multi.Generic ) - warning
    14:21:54.0515 2848 Afc - detected UnsignedFile.Multi.Generic (1)
    14:21:54.0625 2848 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    14:21:54.0718 2848 AFD - ok
    14:21:54.0781 2848 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
    14:21:55.0015 2848 agp440 - ok
    14:21:55.0031 2848 Aha154x - ok
    14:21:55.0062 2848 aic78u2 - ok
    14:21:55.0078 2848 aic78xx - ok
    14:21:55.0140 2848 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    14:21:55.0390 2848 Alerter - ok
    14:21:55.0437 2848 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    14:21:55.0671 2848 ALG - ok
    14:21:55.0671 2848 AliIde - ok
    14:21:55.0687 2848 amsint - ok
    14:21:55.0828 2848 [ 53EA061ECC67223A430F153C3682AD54 ] Apache2.2 C:\xampp\apache\bin\httpd.exe
    14:21:55.0859 2848 Apache2.2 ( UnsignedFile.Multi.Generic ) - warning
    14:21:55.0859 2848 Apache2.2 - detected UnsignedFile.Multi.Generic (1)
    14:21:56.0000 2848 [ 3ADDE2DE22D3C3F6D7FBDB450C6287D2 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    14:21:56.0078 2848 ApfiltrService - ok
    14:21:56.0187 2848 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    14:21:56.0468 2848 AppMgmt - ok
    14:21:56.0484 2848 asc - ok
    14:21:56.0500 2848 asc3350p - ok
    14:21:56.0515 2848 asc3550 - ok
    14:21:56.0609 2848 [ 20D04091EBA710F6988F710507D85868 ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys
    14:21:56.0640 2848 Aspi32 ( UnsignedFile.Multi.Generic ) - warning
    14:21:56.0640 2848 Aspi32 - detected UnsignedFile.Multi.Generic (1)
    14:21:56.0796 2848 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    14:21:56.0859 2848 aspnet_state - ok
    14:21:56.0937 2848 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    14:21:57.0156 2848 AsyncMac - ok
    14:21:57.0203 2848 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    14:21:57.0468 2848 atapi - ok
    14:21:57.0484 2848 Atdisk - ok
    14:21:57.0562 2848 [ 5BFB89A40C843708E94A871BA292AC96 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
    14:21:57.0625 2848 Ati HotKey Poller - ok
    14:21:57.0750 2848 [ 27BAB72EAE141D0CE39EC65C0FDEB2D6 ] ati2mtaa C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
    14:21:57.0796 2848 ati2mtaa - ok
    14:21:57.0843 2848 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    14:21:58.0046 2848 Atmarpc - ok
    14:21:58.0125 2848 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    14:21:58.0375 2848 AudioSrv - ok
    14:21:58.0406 2848 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    14:21:58.0625 2848 audstub - ok
    14:21:58.0671 2848 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    14:21:58.0906 2848 Beep - ok
    14:21:59.0093 2848 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    14:21:59.0546 2848 BITS - ok
    14:21:59.0625 2848 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    14:21:59.0687 2848 Browser - ok
    14:21:59.0734 2848 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    14:21:59.0953 2848 cbidf2k - ok
    14:21:59.0953 2848 cd20xrnt - ok
    14:22:00.0046 2848 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    14:22:00.0296 2848 Cdaudio - ok
    14:22:00.0375 2848 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    14:22:00.0609 2848 Cdfs - ok
    14:22:00.0656 2848 [ BF79E659C506674C0497CC9C61F1A165 ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
    14:22:00.0671 2848 Cdr4_xp ( UnsignedFile.Multi.Generic ) - warning
    14:22:00.0671 2848 Cdr4_xp - detected UnsignedFile.Multi.Generic (1)
    14:22:00.0718 2848 [ 2C41CD49D82D5FD85C72D57B6CA25471 ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
    14:22:00.0734 2848 Cdralw2k ( UnsignedFile.Multi.Generic ) - warning
    14:22:00.0734 2848 Cdralw2k - detected UnsignedFile.Multi.Generic (1)
    14:22:00.0781 2848 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    14:22:01.0000 2848 Cdrom - ok
    14:22:01.0000 2848 Changer - ok
    14:22:01.0078 2848 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    14:22:01.0312 2848 CiSvc - ok
    14:22:01.0375 2848 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    14:22:01.0562 2848 ClipSrv - ok
    14:22:01.0625 2848 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    14:22:01.0781 2848 clr_optimization_v2.0.50727_32 - ok
    14:22:01.0843 2848 CLTNetCnService - ok
    14:22:01.0859 2848 CmdIde - ok
    14:22:01.0875 2848 COMSysApp - ok
    14:22:01.0921 2848 Cpqarray - ok
    14:22:02.0000 2848 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    14:22:02.0218 2848 CryptSvc - ok
    14:22:02.0234 2848 dac2w2k - ok
    14:22:02.0250 2848 dac960nt - ok
    14:22:02.0453 2848 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    14:22:02.0625 2848 DcomLaunch - ok
    14:22:02.0734 2848 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    14:22:02.0937 2848 Dhcp - ok
    14:22:02.0968 2848 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    14:22:03.0187 2848 Disk - ok
    14:22:03.0218 2848 dmadmin - ok
    14:22:03.0531 2848 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    14:22:03.0921 2848 dmboot - ok
    14:22:04.0062 2848 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    14:22:04.0312 2848 dmio - ok
    14:22:04.0375 2848 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    14:22:04.0593 2848 dmload - ok
    14:22:04.0656 2848 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    14:22:04.0875 2848 dmserver - ok
    14:22:04.0921 2848 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    14:22:05.0140 2848 DMusic - ok
    14:22:05.0203 2848 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    14:22:05.0390 2848 Dnscache - ok
    14:22:05.0515 2848 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    14:22:05.0718 2848 Dot3svc - ok
    14:22:05.0734 2848 dpti2o - ok
    14:22:05.0781 2848 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    14:22:06.0000 2848 drmkaud - ok
    14:22:06.0109 2848 [ AC9CF17EE2AE003C98EB4F5336C38058 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
    14:22:06.0125 2848 E100B - ok
    14:22:06.0187 2848 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    14:22:06.0406 2848 EapHost - ok
    14:22:06.0421 2848 eeCtrl - ok
    14:22:06.0437 2848 EraserUtilRebootDrv - ok
    14:22:06.0515 2848 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    14:22:06.0734 2848 ERSvc - ok
    14:22:07.0046 2848 [ 2407B8164E966755BC6A4242FC9DE31E ] esgiguard C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
    14:22:07.0062 2848 esgiguard - ok
    14:22:07.0093 2848 [ 01CE484FF6D70A39479BC6D619DE7ED6 ] EsgScanner C:\WINDOWS\system32\DRIVERS\EsgScanner.sys
    14:22:07.0109 2848 EsgScanner - ok
    14:22:07.0203 2848 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    14:22:07.0281 2848 Eventlog - ok
    14:22:07.0406 2848 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    14:22:07.0484 2848 EventSystem - ok
    14:22:07.0593 2848 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    14:22:07.0828 2848 Fastfat - ok
    14:22:07.0921 2848 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    14:22:07.0984 2848 FastUserSwitchingCompatibility - ok
    14:22:08.0015 2848 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    14:22:08.0265 2848 Fdc - ok
    14:22:08.0578 2848 [ E3A0CC636F313CB34867123539691DD5 ] FileZilla Server c:\xampp\FileZillaFTP\FileZillaServer.exe
    14:22:08.0796 2848 FileZilla Server ( UnsignedFile.Multi.Generic ) - warning
    14:22:08.0796 2848 FileZilla Server - detected UnsignedFile.Multi.Generic (1)
    14:22:08.0843 2848 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    14:22:09.0062 2848 Fips - ok
    14:22:09.0140 2848 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    14:22:09.0359 2848 Flpydisk - ok
    14:22:09.0468 2848 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    14:22:09.0687 2848 FltMgr - ok
    14:22:09.0781 2848 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    14:22:09.0812 2848 FontCache3.0.0.0 - ok
    14:22:09.0828 2848 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    14:22:10.0062 2848 Fs_Rec - ok
    14:22:10.0125 2848 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    14:22:10.0375 2848 Ftdisk - ok
    14:22:10.0453 2848 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    14:22:10.0656 2848 Gpc - ok
    14:22:10.0703 2848 [ CEC45180029F1012054A41CEEEA9CEAB ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
    14:22:10.0718 2848 grmnusb - ok
    14:22:10.0859 2848 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9acb62447fda9 C:\Program Files\Google\Update\GoogleUpdate.exe
    14:22:10.0875 2848 gupdate1c9acb62447fda9 - ok
    14:22:10.0937 2848 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    14:22:10.0953 2848 gupdatem - ok
    14:22:11.0062 2848 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    14:22:11.0093 2848 gusvc - ok
    14:22:11.0218 2848 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    14:22:11.0484 2848 helpsvc - ok
    14:22:11.0500 2848 HidServ - ok
    14:22:11.0609 2848 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    14:22:11.0843 2848 hkmsvc - ok
    14:22:11.0859 2848 hpn - ok
    14:22:12.0046 2848 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    14:22:12.0093 2848 HTTP - ok
    14:22:12.0171 2848 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    14:22:12.0375 2848 HTTPFilter - ok
    14:22:12.0375 2848 i2omgmt - ok
    14:22:12.0406 2848 i2omp - ok
    14:22:12.0484 2848 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    14:22:12.0671 2848 i8042prt - ok
    14:22:12.0750 2848 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    14:22:12.0765 2848 IDriverT ( UnsignedFile.Multi.Generic ) - warning
    14:22:12.0765 2848 IDriverT - detected UnsignedFile.Multi.Generic (1)
    14:22:13.0171 2848 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    14:22:13.0453 2848 idsvc - ok
    14:22:13.0546 2848 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    14:22:13.0765 2848 Imapi - ok
    14:22:13.0875 2848 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\Imapi.exe
    14:22:14.0125 2848 ImapiService - ok
    14:22:14.0140 2848 ini910u - ok
    14:22:14.0171 2848 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
    14:22:14.0390 2848 IntelIde - ok
    14:22:14.0468 2848 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    14:22:14.0656 2848 intelppm - ok
    14:22:14.0687 2848 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    14:22:14.0890 2848 Ip6Fw - ok
    14:22:14.0953 2848 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    14:22:15.0171 2848 IpFilterDriver - ok
    14:22:15.0187 2848 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    14:22:15.0390 2848 IpInIp - ok
    14:22:15.0468 2848 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    14:22:15.0687 2848 IpNat - ok
    14:22:15.0781 2848 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    14:22:16.0031 2848 IPSec - ok
    14:22:16.0062 2848 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    14:22:16.0281 2848 IRENUM - ok
    14:22:16.0328 2848 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    14:22:16.0531 2848 isapnp - ok
    14:22:16.0703 2848 [ A0D14B7538FA3AE9CB771B9E99CECF43 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
    14:22:16.0750 2848 JavaQuickStarterService - ok
    14:22:16.0765 2848 k750bus - ok
    14:22:16.0781 2848 k750mdfl - ok
    14:22:16.0796 2848 k750mdm - ok
    14:22:16.0812 2848 k750mgmt - ok
    14:22:16.0859 2848 k750obex - ok
    14:22:16.0906 2848 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    14:22:17.0171 2848 Kbdclass - ok
    14:22:17.0265 2848 [ 0934F11DBDD49234C772E0DC72CFF756 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    14:22:17.0296 2848 kmixer ( UnsignedFile.Multi.Generic ) - warning
    14:22:17.0296 2848 kmixer - detected UnsignedFile.Multi.Generic (1)
    14:22:17.0390 2848 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    14:22:17.0500 2848 KSecDD - ok
    14:22:17.0546 2848 [ 79D1DBFEC599EC47244AF7B06AE2A04E ] L8042Kbd C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
    14:22:17.0562 2848 L8042Kbd - ok
    14:22:17.0656 2848 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    14:22:17.0703 2848 lanmanserver - ok
    14:22:17.0812 2848 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    14:22:17.0859 2848 lanmanworkstation - ok
    14:22:17.0890 2848 lbrtfdc - ok
    14:22:19.0000 2848 [ A97EEB81F05BCE3D7AA6C81F04EF39A4 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    14:22:20.0000 2848 LiveUpdate - ok
    14:22:20.0000 2848 LiveUpdate Notice Ex - ok
    14:22:20.0234 2848 [ C837D17DE0B349539AA527EE750EBE2A ] LiveUpdate Notice Service C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    14:22:20.0359 2848 LiveUpdate Notice Service - ok
    14:22:20.0437 2848 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    14:22:20.0640 2848 LmHosts - ok
    14:22:20.0859 2848 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
    14:22:20.0921 2848 McComponentHostService - ok
    14:22:21.0000 2848 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    14:22:21.0203 2848 Messenger - ok
    14:22:21.0343 2848 Microsoft SharePoint Workspace Audit Service - ok
    14:22:21.0421 2848 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    14:22:21.0640 2848 mnmdd - ok
    14:22:21.0718 2848 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    14:22:21.0953 2848 mnmsrvc - ok
    14:22:22.0031 2848 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    14:22:22.0234 2848 Modem - ok
    14:22:22.0281 2848 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    14:22:22.0500 2848 Mouclass - ok
    14:22:22.0531 2848 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    14:22:22.0750 2848 MountMgr - ok
    14:22:22.0843 2848 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    14:22:22.0859 2848 MozillaMaintenance - ok
    14:22:22.0875 2848 mraid35x - ok
    14:22:22.0953 2848 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    14:22:23.0187 2848 MRxDAV - ok
    14:22:23.0406 2848 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    14:22:23.0578 2848 MRxSmb - ok
    14:22:23.0656 2848 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    14:22:23.0843 2848 MSDTC - ok
    14:22:23.0906 2848 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    14:22:24.0125 2848 Msfs - ok
    14:22:24.0156 2848 MSIServer - ok
    14:22:24.0203 2848 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    14:22:24.0406 2848 MSKSSRV - ok
    14:22:24.0468 2848 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    14:22:24.0671 2848 MSPCLOCK - ok
    14:22:24.0703 2848 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    14:22:24.0906 2848 MSPQM - ok
    14:22:24.0968 2848 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    14:22:25.0156 2848 mssmbios - ok
    14:22:25.0234 2848 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    14:22:25.0281 2848 Mup - ok
    14:22:25.0390 2848 mysql - ok
    14:22:25.0546 2848 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    14:22:25.0828 2848 napagent - ok
    14:22:25.0921 2848 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    14:22:26.0125 2848 NDIS - ok
    14:22:26.0171 2848 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    14:22:26.0250 2848 NdisTapi - ok
    14:22:26.0328 2848 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    14:22:26.0531 2848 Ndisuio - ok
    14:22:26.0578 2848 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    14:22:26.0796 2848 NdisWan - ok
    14:22:26.0890 2848 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    14:22:27.0031 2848 NDProxy - ok
    14:22:27.0093 2848 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    14:22:27.0296 2848 NetBIOS - ok
    14:22:27.0390 2848 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    14:22:27.0593 2848 NetBT - ok
    14:22:27.0703 2848 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    14:22:27.0906 2848 NetDDE - ok
    14:22:27.0968 2848 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    14:22:28.0156 2848 NetDDEdsdm - ok
    14:22:28.0234 2848 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    14:22:28.0453 2848 Netlogon - ok
    14:22:28.0578 2848 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    14:22:28.0781 2848 Netman - ok
    14:22:28.0875 2848 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    14:22:28.0890 2848 NetTcpPortSharing - ok
    14:22:29.0015 2848 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    14:22:29.0062 2848 Nla - ok
    14:22:29.0109 2848 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    14:22:29.0328 2848 Npfs - ok
    14:22:29.0531 2848 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    14:22:29.0843 2848 Ntfs - ok
    14:22:29.0875 2848 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    14:22:30.0078 2848 NtLmSsp - ok
    14:22:30.0281 2848 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    14:22:30.0703 2848 NtmsSvc - ok
    14:22:30.0718 2848 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    14:22:31.0000 2848 Null - ok
    14:22:31.0046 2848 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    14:22:31.0265 2848 NwlnkFlt - ok
    14:22:31.0312 2848 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    14:22:31.0531 2848 NwlnkFwd - ok
    14:22:31.0687 2848 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    14:22:31.0718 2848 ose - ok
    14:22:33.0328 2848 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    14:22:34.0843 2848 osppsvc - ok
    14:22:34.0937 2848 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    14:22:35.0171 2848 Parport - ok
    14:22:35.0187 2848 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    14:22:35.0406 2848 PartMgr - ok
    14:22:35.0453 2848 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    14:22:35.0687 2848 ParVdm - ok
    14:22:35.0734 2848 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    14:22:35.0968 2848 PCI - ok
    14:22:35.0984 2848 PCIDump - ok
    14:22:36.0015 2848 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
    14:22:36.0250 2848 PCIIde - ok
    14:22:36.0359 2848 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    14:22:36.0562 2848 Pcmcia - ok
    14:22:36.0578 2848 PDCOMP - ok
    14:22:36.0609 2848 PDFRAME - ok
    14:22:36.0625 2848 PDRELI - ok
    14:22:36.0640 2848 PDRFRAME - ok
    14:22:36.0656 2848 perc2 - ok
    14:22:36.0671 2848 perc2hib - ok
    14:22:36.0765 2848 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    14:22:36.0781 2848 PlugPlay - ok
    14:22:36.0812 2848 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    14:22:37.0046 2848 PolicyAgent - ok
    14:22:37.0140 2848 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    14:22:37.0343 2848 PptpMiniport - ok
    14:22:37.0375 2848 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    14:22:37.0578 2848 ProtectedStorage - ok
    14:22:37.0609 2848 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    14:22:37.0828 2848 PSched - ok
    14:22:37.0875 2848 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    14:22:38.0125 2848 Ptilink - ok
    14:22:38.0187 2848 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    14:22:38.0203 2848 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
    14:22:38.0203 2848 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
    14:22:38.0234 2848 ql1080 - ok
    14:22:38.0250 2848 Ql10wnt - ok
    14:22:38.0265 2848 ql12160 - ok
    14:22:38.0296 2848 ql1240 - ok
    14:22:38.0312 2848 ql1280 - ok
    14:22:38.0343 2848 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    14:22:38.0531 2848 RasAcd - ok
    14:22:38.0609 2848 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    14:22:38.0828 2848 RasAuto - ok
    14:22:38.0875 2848 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    14:22:39.0109 2848 Rasl2tp - ok
    14:22:39.0234 2848 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    14:22:39.0437 2848 RasMan - ok
    14:22:39.0484 2848 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    14:22:39.0687 2848 RasPppoe - ok
    14:22:39.0734 2848 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    14:22:40.0109 2848 Raspti - ok
    14:22:40.0187 2848 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    14:22:40.0421 2848 Rdbss - ok
    14:22:40.0453 2848 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    14:22:40.0656 2848 RDPCDD - ok
    14:22:40.0781 2848 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    14:22:41.0015 2848 rdpdr - ok
    14:22:41.0125 2848 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    14:22:41.0218 2848 RDPWD - ok
    14:22:41.0328 2848 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    14:22:41.0515 2848 RDSessMgr - ok
    14:22:41.0562 2848 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    14:22:41.0765 2848 redbook - ok
    14:22:41.0843 2848 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    14:22:42.0078 2848 RemoteAccess - ok
    14:22:42.0156 2848 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    14:22:42.0375 2848 RemoteRegistry - ok
    14:22:42.0468 2848 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    14:22:42.0656 2848 RpcLocator - ok
    14:22:42.0812 2848 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
    14:22:42.0968 2848 RpcSs - ok
    14:22:43.0078 2848 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    14:22:43.0296 2848 RSVP - ok
    14:22:43.0343 2848 SABProcEnum - ok
    14:22:43.0375 2848 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    14:22:43.0578 2848 SamSs - ok
    14:22:43.0687 2848 [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV C:\Downloads\SUPERAntiSpyware\SASDIFSV.SYS
    14:22:43.0718 2848 SASDIFSV - ok
    14:22:43.0734 2848 [ 7CE61C25C159F50F9EAF6D77FC83FA35 ] SASENUM C:\Downloads\SUPERAntiSpyware\SASENUM.SYS
    14:22:43.0750 2848 SASENUM - ok
    14:22:43.0828 2848 [ 4FD72291A89793049104CA0A7E353CD4 ] SASKUTIL C:\Downloads\SUPERAntiSpyware\SASKUTIL.sys
    14:22:43.0843 2848 SASKUTIL - ok
    14:22:44.0015 2848 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    14:22:44.0234 2848 SCardSvr - ok
    14:22:44.0359 2848 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    14:22:44.0578 2848 Schedule - ok
    14:22:44.0640 2848 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    14:22:44.0843 2848 Secdrv - ok
    14:22:44.0906 2848 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    14:22:45.0140 2848 seclogon - ok
    14:22:45.0218 2848 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    14:22:45.0437 2848 SENS - ok
    14:22:45.0500 2848 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    14:22:45.0703 2848 serenum - ok
    14:22:45.0765 2848 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    14:22:46.0000 2848 Serial - ok
    14:22:46.0093 2848 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    14:22:46.0296 2848 Sfloppy - ok
    14:22:46.0453 2848 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    14:22:46.0750 2848 SharedAccess - ok
    14:22:46.0812 2848 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    14:22:46.0843 2848 ShellHWDetection - ok
    14:22:46.0859 2848 Simbad - ok
    14:22:46.0921 2848 [ 9ACBC471D86ED01A6F6BF30394C8ACEF ] smbusp C:\WINDOWS\system32\DRIVERS\intelsmb.sys
    14:22:47.0031 2848 smbusp - ok
    14:22:47.0171 2848 [ C80B84E4843B33DA56A806E1A1275BA0 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
    14:22:47.0218 2848 smwdm ( UnsignedFile.Multi.Generic ) - warning
    14:22:47.0218 2848 smwdm - detected UnsignedFile.Multi.Generic (1)
    14:22:47.0234 2848 Sparrow - ok
    14:22:47.0312 2848 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    14:22:47.0515 2848 splitter - ok
    14:22:47.0593 2848 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    14:22:47.0625 2848 Spooler - ok
    14:22:47.0921 2848 [ 48AAE4C5E13611ED49C68F06857FF930 ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
    14:22:48.0125 2848 SpyHunter 4 Service - ok
    14:22:48.0203 2848 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    14:22:48.0406 2848 sr - ok
    14:22:48.0531 2848 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    14:22:48.0703 2848 srservice - ok
    14:22:48.0890 2848 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    14:22:49.0046 2848 Srv - ok
    14:22:49.0125 2848 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    14:22:49.0343 2848 SSDPSRV - ok
    14:22:49.0515 2848 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    14:22:49.0812 2848 stisvc - ok
    14:22:49.0875 2848 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    14:22:50.0109 2848 swenum - ok
    14:22:50.0156 2848 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    14:22:50.0375 2848 swmidi - ok
    14:22:50.0390 2848 SwPrv - ok
    14:22:50.0421 2848 symc810 - ok
    14:22:50.0437 2848 symc8xx - ok
    14:22:50.0453 2848 sym_hi - ok
    14:22:50.0484 2848 sym_u3 - ok
    14:22:50.0546 2848 [ 7D76CCE8BA914FC46D31A3FF6A25FC58 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    14:22:50.0562 2848 sysaudio ( UnsignedFile.Multi.Generic ) - warning
    14:22:50.0562 2848 sysaudio - detected UnsignedFile.Multi.Generic (1)
    14:22:50.0671 2848 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    14:22:50.0875 2848 SysmonLog - ok
    14:22:51.0015 2848 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    14:22:51.0218 2848 TapiSrv - ok
    14:22:51.0406 2848 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    14:22:51.0546 2848 Tcpip - ok
    14:22:51.0609 2848 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    14:22:51.0828 2848 TDPIPE - ok
    14:22:51.0859 2848 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    14:22:52.0109 2848 TDTCP - ok
    14:22:52.0171 2848 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    14:22:52.0390 2848 TermDD - ok
    14:22:52.0546 2848 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    14:22:52.0765 2848 TermService - ok
    14:22:52.0843 2848 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    14:22:52.0875 2848 Themes - ok
    14:22:52.0968 2848 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    14:22:53.0171 2848 TlntSvr - ok
    14:22:53.0203 2848 TosIde - ok
    14:22:53.0281 2848 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    14:22:53.0484 2848 TrkWks - ok
    14:22:53.0578 2848 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    14:22:53.0781 2848 Udfs - ok
    14:22:53.0812 2848 ultra - ok
    14:22:54.0000 2848 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    14:22:54.0328 2848 Update - ok
    14:22:54.0468 2848 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    14:22:54.0703 2848 upnphost - ok
    14:22:54.0750 2848 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    14:22:54.0953 2848 UPS - ok
    14:22:55.0015 2848 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    14:22:55.0218 2848 usbehci - ok
    14:22:55.0296 2848 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    14:22:55.0515 2848 usbhub - ok
    14:22:55.0578 2848 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
    14:22:55.0781 2848 usbscan - ok
    14:22:55.0843 2848 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    14:22:56.0078 2848 USBSTOR - ok
    14:22:56.0156 2848 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    14:22:56.0359 2848 usbuhci - ok
    14:22:56.0375 2848 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    14:22:56.0593 2848 VgaSave - ok
    14:22:56.0609 2848 ViaIde - ok
    14:22:56.0656 2848 VideoAcceleratorService - ok
    14:22:56.0734 2848 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    14:22:56.0937 2848 VolSnap - ok
    14:22:57.0140 2848 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    14:22:57.0343 2848 VSS - ok
    14:22:57.0421 2848 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    14:22:57.0625 2848 W32Time - ok
    14:22:57.0687 2848 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    14:22:57.0875 2848 Wanarp - ok
    14:22:58.0078 2848 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
    14:22:58.0203 2848 Wdf01000 - ok
    14:22:58.0218 2848 WDICA - ok
    14:22:58.0296 2848 [ 49A2EB878EFD25BD483CAE60D6165A2B ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    14:22:58.0312 2848 wdmaud ( UnsignedFile.Multi.Generic ) - warning
    14:22:58.0312 2848 wdmaud - detected UnsignedFile.Multi.Generic (1)
    14:22:58.0406 2848 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    14:22:58.0609 2848 WebClient - ok
    14:22:58.0781 2848 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    14:22:59.0015 2848 winmgmt - ok
    14:22:59.0093 2848 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    14:22:59.0187 2848 WmdmPmSN - ok
    14:22:59.0437 2848 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    14:22:59.0656 2848 Wmi - ok
    14:22:59.0765 2848 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    14:22:59.0953 2848 WmiApSrv - ok
    14:23:00.0359 2848 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    14:23:00.0656 2848 WMPNetworkSvc - ok
    14:23:00.0718 2848 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    14:23:00.0750 2848 WpdUsb - ok
    14:23:00.0796 2848 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    14:23:01.0062 2848 WS2IFSL - ok
    14:23:01.0156 2848 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    14:23:01.0359 2848 wscsvc - ok
    14:23:01.0375 2848 WSearch - ok
    14:23:01.0406 2848 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    14:23:01.0640 2848 wuauserv - ok
    14:23:01.0703 2848 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    14:23:01.0781 2848 WudfPf - ok
    14:23:01.0843 2848 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    14:23:01.0890 2848 WudfRd - ok
    14:23:01.0953 2848 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    14:23:02.0078 2848 WudfSvc - ok
    14:23:02.0296 2848 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    14:23:02.0609 2848 WZCSVC - ok
    14:23:02.0718 2848 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    14:23:02.0937 2848 xmlprov - ok
    14:23:02.0953 2848 ================ Scan global ===============================
    14:23:03.0046 2848 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    14:23:03.0218 2848 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    14:23:03.0328 2848 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    14:23:03.0375 2848 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    14:23:03.0375 2848 [Global] - ok
    14:23:03.0390 2848 ================ Scan MBR ==================================
    14:23:03.0437 2848 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    14:23:03.0875 2848 \Device\Harddisk0\DR0 - ok
    14:23:03.0890 2848 ================ Scan VBR ==================================
    14:23:03.0890 2848 [ 9AE52AF2D28AF375CAAEBD38AE7DCC68 ] \Device\Harddisk0\DR0\Partition1
    14:23:03.0890 2848 \Device\Harddisk0\DR0\Partition1 - ok
    14:23:03.0906 2848 ============================================================
    14:23:03.0906 2848 Scan finished
    14:23:03.0906 2848 ============================================================
    14:23:04.0031 1920 Detected object count: 13
    14:23:04.0031 1920 Actual detected object count: 13
    14:24:10.0937 1920 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
    14:24:10.0937 1920 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    14:24:10.0937 1920 Afc ( UnsignedFile.Multi.Generic ) - skipped by user
    14:24:10.0937 1920 Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip
    14:24:10.0937 1920 Apache2.2 ( UnsignedFile.Multi.Generic ) - skipped by user
    14:24:10.0937 1920 Apache2.2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    14:24:10.0937 1920 Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user
    14:24:10.0953 1920 Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    14:24:10.0953 1920 Cdr4_xp ( UnsignedFile.Multi.Generic ) - skipped by user
    14:24:10.0953 1920 Cdr4_xp ( UnsignedFile.Multi.Generic ) - User select action: Skip
    14:24:10.0953 1920 Cdralw2k ( UnsignedFile.Multi.Generic ) - skipped by user
    14:24:10.0953 1920 Cdralw2k ( UnsignedFile.Multi.Generic ) - User select action: Skip
    14:24:10.0953 1920 FileZilla Server ( UnsignedFile.Multi.Generic ) - skipped by user
    14:24:10.0953 1920 FileZilla Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
    14:24:10.0953 1920 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
    14:24:10.0953 1920 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
    14:24:10.0953 1920 kmixer ( UnsignedFile.Multi.Generic ) - skipped by user
    14:24:10.0953 1920 kmixer ( UnsignedFile.Multi.Generic ) - User select action: Skip
    14:24:10.0968 1920 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
    14:24:10.0968 1920 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    14:24:10.0968 1920 smwdm ( UnsignedFile.Multi.Generic ) - skipped by user
    14:24:10.0968 1920 smwdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
    14:24:10.0968 1920 sysaudio ( UnsignedFile.Multi.Generic ) - skipped by user
    14:24:10.0968 1920 sysaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
    14:24:10.0968 1920 wdmaud ( UnsignedFile.Multi.Generic ) - skipped by user
    14:24:10.0968 1920 wdmaud ( UnsignedFile.Multi.Generic ) - User select action: Skip
     
  4. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    As I explained earlier, even though you are not using Norton it can still cause conflicts and should be uninstalled, when the uninstall is complete run the clean up tool to remove remnants.
    Norton Uninstall Tool

    ADWCleaner has removed a lot of junk, but neither RogueKiller or TDSSKiller have found any issues.

    Please could you post a copy of the report from Spyhunter so I can see exactly what it is detecting.
     
  5. johnbcnone

    johnbcnone Thread Starter

    Joined:
    Oct 8, 2006
    Messages:
    16
    I have uninstalled Norton with the uninstall tool. I am uploading the following.

    (1) A screen print of the Spyhunter registry threats

    (2) The Spyhunter support report. I am not sure that you need this detail, it was 900KB unzipped.
     

    Attached Files:

  6. johnbcnone

    johnbcnone Thread Starter

    Joined:
    Oct 8, 2006
    Messages:
    16
    Two screenshots showing more detail on the registry errors
     

    Attached Files:

  7. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    This is only a minimal Adware threat that can cause no harm to your system, it is only considered as Malware as it can get installed by mistake, the program probably got installed with another item of software without you noticing a check box to exclude it, it is related to Video Downloader

    First uninstall Video Downloader from Programs and Features via the Control Panel.

    Then run this tool below to remove the service and remnant files, then run Spyhunter and delete the entries if it still finds them. Reboot and then run Spyhunter again to make sure the detections have not returned.

    Please download OTM by OldTimer. Save it to your desktop.

    Double click OTM.exe to start the tool.

    • Copy the text in the code box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Processes
    explorer.exe
    :Services
    VideoAcceleratorService
    :Files
    c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm
    c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm
    :Commands
    [createrestorepoint]
    [emptyflash]
    [emptytemp]
    [resethosts]
    [reboot]
    
    • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • All your desktop icons will disappear as the scan begins. It should complete within a few minutes.
    • Once complete you may see a box appear asking you to Restart the system to complete the file removal, accept it and it will reboot.
    • Even if that box does not appear the system should reboot as the command is included in the script.
    • When the system has come back to the desktop a Notepad document will open, please copy and paste that into your next post.

    -- Note: The logs are saved here: C:\_OTM\MovedFiles
     
  8. johnbcnone

    johnbcnone Thread Starter

    Joined:
    Oct 8, 2006
    Messages:
    16
    Thank you very much for your help. I operated the OTM programme as instructed and now I have no registry errors on my Spyhunter scan. I am letting Spyhunter run for a full scan but everything seems to be fine. Please find below the OTM report log. Thanks again.



    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    ========== SERVICES/DRIVERS ==========
    Service VideoAcceleratorService stopped successfully!
    Service VideoAcceleratorService deleted successfully!
    ========== FILES ==========
    File/Folder c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm not found.
    File/Folder c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm not found.
    ========== COMMANDS ==========
    Restore point Set: OTM Restore Point

    [EMPTYFLASH]

    User: All Users

    User: Default User
    ->Flash cache emptied: 41 bytes

    User: Home
    ->Flash cache emptied: 43809 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYTEMP]
     
  9. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    You're welcome and the scan results from Spyhunter sounds encouraging.

    I can see in your logs that Java is out of date which is a security risk, please run this quick scan to check for any other items and post the logs.

    Download Security Check by screen317 from Here or Here.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please Copy & Paste the contents of that document into your next reply.
     
  10. johnbcnone

    johnbcnone Thread Starter

    Joined:
    Oct 8, 2006
    Messages:
    16
    My Spyhunter scan is still running and clean, about 80% finished. Scan results given below.

    Results of screen317's Security Check version 0.99.57
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Out of date HijackThis installed!
    SpyHunter
    HijackThis 1.99.1
    PC TuneUp Maestro
    Java(TM) 6 Update 39
    Java version out of Date!
    Adobe Flash Player 11.6.602.168
    Adobe Reader XI
    Mozilla Firefox (18.0.2)
    Google Chrome 24.0.1312.56
    Google Chrome 24.0.1312.57
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
     
  11. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Please run OTM and click on the Cleanup button, this will remove the tools used including itself. Any tools or logs remaining on the desktop can be deleted.

    Uninstall HijackThis, if you need to use it again download the latest version which I think is 2.0.4.

    PC TueUp Meastro is a PC optimizer which can cause more problems than it will fix, optimizer programs are a waste of time and money.

    Your hard drive needs a defrag: How to defragment the hard drive

    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
    Please follow these steps to remove older version of Java and update.

    How to update Java:
    Be aware that the act of downloading any Java installer means that you have read and agree to abide by the end users license agreement.
    End user licence agreement

    First uninstall all existing versions of Java.

    • Go to Start > Control Panel double-click on Add/Remove programs (or Programs and Features) and click on any item with Java, Java(TM), JRE or J2SE in the name.
    • Click the Uninstall, Remove or Change/Remove button and allow it to uninstall.
    • If a User Account Control warning appears click on Allow.
    • Repeat as many times as necessary to remove each and every item.
    • Reboot your computer once all Java components are removed.

    NOTE: If you have a 64bit version of Windows and are using the 64bit version of Internet Explorer the Java site will automatically give you the correct Java version using the instructions below,
    but it is recommended that you use only 32bit browsers and versions of Java. Please read this for further information: Which Java download should I choose for my 64bit operating system?.
    If you install Java for the 64bit version of Internet Explorer and you use any other browser you will also need to repeat the installation while using your other browser which will most likely be 32bit. If in doubt please ask.


    How to install the latest version.

    • Open the browser that you normally use and click on this link: Java Download
    • Click on the big red button Free Java Download
    • On the next page click on the big red button Agree and Start Free Download
    • Select Run whenever the option appears. If no Run option appears click on Save and then when the download completes click on Run. If a User Account Control warning appears click on Continue.
    • When the Welcome to Java window appears click on Install.
    • It may takes several minutes to download the installer depending on the speed of your connection, allow it to complete.
    • If any error messages appear click on OK and then click on the Agree and start free download button again.
    • Please wait for the Java Setup window to appear. Uncheck the box to install the Ask Toolbar and then click on Next.
    • NOTE: The Ask Toolbar option may change without notice to something different, please make sure you uncheck the box for anything else that is offered. On some systems this offer may not appear, in which case, continue with the next instruction.
    • You will then see the Java Setup Progress window and another will appear for JavaFX (on some systems the JavaFX will not appear or be installed). Finally the Java Setup Complete window will appear, click on Close.
    • If a Java page then appears with a button to Verify Java Version click on it and it will verify the installation.
    • The Installation is now complete, please reboot the system.
    • NOTE: The JavaFX component is not required unless you are developing Java applications. It is perfectly safe to keep on your system, but if you wish to uninstall it please do so.
     
  12. johnbcnone

    johnbcnone Thread Starter

    Joined:
    Oct 8, 2006
    Messages:
    16
    Thank you for your advice. For your information I did download the latest version of Hijack This, the scan must have picked up an earlier version which I had. I will delete both versions and follow up on your security advice.
     
  13. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    You're welcome. I shall now mark this thread as Solved and leave you with some additional security advice, but please feel free to post back if you have any remaining issues or concerns.

    There are many places where you will find security advice, but most are biased towards a particular item of software that they are trying to promote. I have given some unbiased advice below that should help keep you better protected. Unfortunately there is no "best protection", new Malware is being produced every minute of the day so it is a cat & mouse game for all security software vendors to keep up with the latest infections.

    It has always been the case that what one Anti Virus program will detect another one will miss and vice versa. That being said, never be tempted to install more than one Anti Virus program thinking that will give you better protection as in fact the reverse is true. Two or more AV programs will (in most cases) conflict with each other, slow your system down and actually reduce your security level. Don't assume that your present Anti Virus is no good on the grounds that you got infected, if I have seen you are using a poor Anti Virus I will have advised you earlier in the thread. There are a lot of nasty infections out there waiting to jump onto a PC and with some of the newest infections there is very little that will block them. Fortunately there are those who dedicate their spare time, for little reward, in making the tools we use here to remove these infections. It is those people that we have to thank as without them a reinstall would often be the only way out.

    Some additional security measures.
    If your present security software does not include a third party Firewall or AntiSpyware.

    Go Here for a selection of third party Firewalls.

    Go Here or Here for Anti Spyware.

    Malwarebytes free version (which you may have used during this thread) is worth having for regular scans of your system, always check for updates before using it. If you can afford the Malwarebytes Pro version it will provide even better protection with a full time active scanner. Never have more than one active anti virus, anti spyware or firewall running on your system as it can cause conflicts and slow down the PC. You can safely run the Pro version of Malwarebytes with any Anti Virus software.

    WOT (Web OF Trust) Will warn you (in most cases) about dangerous web sites. (This is only available for use with Internet Explorer).

    Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly "popular"among criminals.

    WinPatrol is a useful facility to have. WinPatrol takes snapshots of your critical system resources and alerts you to any changes that may occur without your knowledge. It can also be used to control all your start up programs.

    Finally, make sure that Windows Update is turned on as many updates are to fix newly discovered security holes in the Windows Operating System. You should also make sure that any Java or Adobe products are kept up to date and any old versions are uninstalled. Never use Registry Cleaners as they can and do damage the systems registry and stay well clear of P2P file sharing sites as these are one of the best places to get your PC infected.
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1089626

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice