Help to remove Clicksor

View previous topic View next topic Go down

Help to remove Clicksor

Post by anole3000 on Sun Nov 28, 2010 4:42 am

I have the clicksor malware on my PC. Random ads appear in my broswer (I've tried multiple) and I frequently get redirected to other web pages.

OTL logfile created on: 11/27/2010 11:26:15 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Benny\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.96 Gb Total Space | 10.44 Gb Free Space | 3.64% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.85 Gb Free Space | 16.61% Space Free | Partition Type: NTFS

Computer Name: BENNY | User Name: Benny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/27 23:23:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Benny\Downloads\OTL.com
PRC - [2010/11/27 20:08:30 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/11/27 20:08:29 | 001,375,992 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/11/01 16:36:03 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Users\Benny\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/01 04:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/10/21 09:16:32 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/10/21 09:16:30 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/10/21 09:16:26 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/10/21 09:16:26 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2009/01/08 08:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Benny\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe


========== Modules (SafeList) ==========

MOD - [2010/11/27 23:23:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Benny\Downloads\OTL.com
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/02/26 20:34:42 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/11/27 20:08:29 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 09:37:09 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/10/21 09:16:32 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/10/21 09:16:32 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/10/21 09:16:28 | 003,197,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/10/21 09:16:28 | 000,411,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2009/10/21 09:16:26 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/23 02:46:09 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/04/08 07:01:49 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/02/26 20:34:48 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/02/26 20:34:30 | 000,041,272 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/01/13 15:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/12/21 16:52:14 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/10/21 09:16:32 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2009/10/21 09:16:32 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/10/21 09:16:32 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/10/22 17:42:06 | 000,128,352 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/03/13 02:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV - [2010/11/27 20:08:53 | 000,017,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2010/11/17 11:34:58 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101127.002\EX64.SYS -- (NAVEX15)
DRV - [2010/11/17 11:34:58 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101127.002\ENG64.SYS -- (NAVENG)
DRV - [2010/05/26 03:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/05/26 03:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/10/21 09:16:32 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2009/10/21 09:16:32 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2009/10/21 09:16:32 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 DF 18 4A C4 58 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 184.73.77.253:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Dictionary"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="
FF - prefs.js..network.proxy.http: "174.142.24.201"
FF - prefs.js..network.proxy.http_port: 3128


FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/30 10:43:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/27 23:24:08 | 000,000,000 | ---D | M]

[2009/12/21 09:19:03 | 000,000,000 | ---D | M] -- C:\Users\Benny\AppData\Roaming\Mozilla\Extensions
[2010/11/27 21:31:35 | 000,000,000 | ---D | M] -- C:\Users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\0vaniza4.default\extensions
[2009/12/21 14:25:12 | 000,004,554 | ---- | M] () -- C:\Users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\0vaniza4.default\searchplugins\aim-search.xml
[2010/10/17 13:54:10 | 000,002,059 | ---- | M] () -- C:\Users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\0vaniza4.default\searchplugins\daemon-search.xml
[2009/12/24 01:34:49 | 000,000,939 | ---- | M] () -- C:\Users\Benny\AppData\Roaming\Mozilla\Firefox\Profiles\0vaniza4.default\searchplugins\dictionary.xml
[2010/11/01 15:42:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/08 21:54:28 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/13 18:37:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 15:42:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/10 10:33:13 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Benny\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.67.74 213.109.77.113
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ae2c3e5b-4306-11df-804b-001e68999eb1}\Shell - "" = AutoRun
O33 - MountPoints2\{ae2c3e5b-4306-11df-804b-001e68999eb1}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)


SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: Symantec Antvirus - Service
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: Symantec Antivirus - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: Symantec Antvirus - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: Symantec Antvirus - Service
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmcService - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootNet: Symantec Antvirus - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll ([You must be registered and logged in to see this link.]

anole3000
Novice
Novice

Status :
Online
Offline

Posts Posts : 7
Joined Joined : 2010-11-28
OS OS : Windows 7

View user profile

Back to top Go down

Re: Help to remove Clicksor

Post by anole3000 on Sun Nov 28, 2010 4:43 am

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/27 23:24:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/11/27 23:13:36 | 000,000,000 | ---D | C] -- C:\MGtools
[2010/11/27 23:05:53 | 000,000,000 | ---D | C] -- C:\Users\Benny\AppData\Roaming\Malwarebytes
[2010/11/27 23:05:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/27 23:05:40 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/27 23:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/27 23:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/27 22:42:56 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/11/27 21:35:24 | 000,000,000 | ---D | C] -- C:\Users\Benny\AppData\Roaming\SUPERAntiSpyware.com
[2010/11/27 21:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/11/27 21:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/11/27 21:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/27 20:04:49 | 000,000,000 | ---D | C] -- C:\Users\Benny\AppData\Local\Sunbelt Software
[2010/11/27 20:03:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/11/27 20:02:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/11/27 18:41:59 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.46.exe
[2010/11/27 18:41:47 | 009,852,776 | ---- | C] (SUPERAntiSpyware.com) -- C:\SUPERAntiSpyware.exe
[2010/11/26 22:26:11 | 000,000,000 | ---D | C] -- C:\Users\Benny\Documents\Calibre Library
[2010/11/26 22:25:42 | 000,000,000 | ---D | C] -- C:\Users\Benny\Calibre Library
[2010/11/26 22:25:35 | 000,000,000 | ---D | C] -- C:\Users\Benny\AppData\Roaming\calibre
[2010/11/26 22:23:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2010/11/25 10:22:55 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/11/25 10:22:55 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/11/25 10:22:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/11/25 10:22:54 | 001,502,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/11/23 18:34:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2010/11/23 00:15:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010/11/21 10:49:37 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2010/11/21 10:49:37 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010/11/21 10:49:28 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2010/11/21 10:49:28 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2010/11/21 10:42:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2010/11/21 09:18:44 | 000,000,000 | ---D | C] -- C:\Users\Benny\Documents\Games for Windows - LIVE Demos
[2010/11/21 09:15:17 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/11/21 09:15:14 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010/11/21 09:15:13 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010/11/21 09:13:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010/11/21 09:13:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010/11/20 09:32:35 | 000,000,000 | ---D | C] -- C:\Windows\JMCR_DIR
[2010/11/20 09:32:25 | 000,109,568 | ---- | C] (JMicron Technology Corporation) -- C:\Windows\SysWow64\JmCrIcon.dll
[2010/11/20 09:32:25 | 000,109,568 | ---- | C] (JMicron Technology Corporation) -- C:\Windows\SysNative\JmCrIcon.dll
[2010/11/15 22:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GOG.com
[2010/11/15 22:03:21 | 000,000,000 | ---D | C] -- C:\Users\Benny\AppData\Roaming\com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1
[2010/11/15 22:03:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GOG.com Downloader
[2010/11/09 20:56:49 | 000,000,000 | ---D | C] -- C:\Users\Benny\Documents\Outlook Files
[2010/11/02 13:25:38 | 000,000,000 | ---D | C] -- C:\Users\Benny\Desktop\Bio Articles
[2010/11/02 10:43:45 | 000,000,000 | ---D | C] -- C:\Users\Benny\AppData\Local\Octoshape
[2010/11/01 15:42:09 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/11/01 15:42:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/11/01 15:42:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/10/29 19:51:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/10/29 19:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/10/29 19:51:26 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/10/29 19:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/10/29 19:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/10/29 19:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/10/29 19:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/10/29 19:47:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/10/29 19:46:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/27 23:29:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-387477379-1227865314-4205257625-1000UA.job
[2010/11/27 20:18:43 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/27 20:18:43 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/27 20:11:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/27 20:10:46 | 3219,025,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/27 20:08:53 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010/11/27 20:03:45 | 000,001,126 | ---- | M] () -- C:\Users\Benny\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/27 18:43:19 | 002,402,178 | ---- | M] () -- C:\MGtools.exe
[2010/11/27 18:42:09 | 009,852,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\SUPERAntiSpyware.exe
[2010/11/27 18:42:05 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.46.exe
[2010/11/27 11:35:19 | 000,784,360 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/27 11:35:19 | 000,664,144 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/27 11:35:19 | 000,122,842 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/26 18:57:57 | 000,013,700 | ---- | M] () -- C:\Users\Benny\Desktop\quiz 2.docx
[2010/11/26 15:28:02 | 000,008,705 | ---- | M] () -- C:\Users\Benny\Desktop\Book1.xlsx
[2010/11/21 20:34:19 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/11/15 22:39:08 | 006,633,416 | ---- | M] () -- C:\Users\Benny\Desktop\Baldurs_Gate_II_Throne_of_Bhaal_Manual.pdf
[2010/11/15 22:39:05 | 011,643,056 | ---- | M] () -- C:\Users\Benny\Desktop\Baldurs_Gate_II_Manual.pdf
[2010/11/15 17:42:37 | 000,021,987 | ---- | M] () -- C:\Users\Benny\Desktop\pop bio.xlsx
[2010/11/09 20:56:52 | 000,001,091 | ---- | M] () -- C:\Users\Benny\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/11/08 22:55:57 | 001,502,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/11/08 22:50:17 | 000,242,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/11/01 18:03:02 | 001,448,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/11/01 17:57:37 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/30 07:16:31 | 000,416,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/27 20:03:45 | 000,001,126 | ---- | C] () -- C:\Users\Benny\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/27 18:42:42 | 002,402,178 | ---- | C] () -- C:\MGtools.exe
[2010/11/26 18:39:47 | 000,013,700 | ---- | C] () -- C:\Users\Benny\Desktop\quiz 2.docx
[2010/11/23 21:56:53 | 000,008,705 | ---- | C] () -- C:\Users\Benny\Desktop\Book1.xlsx
[2010/11/15 17:07:26 | 000,021,987 | ---- | C] () -- C:\Users\Benny\Desktop\pop bio.xlsx
[2010/11/12 14:25:24 | 006,633,416 | ---- | C] () -- C:\Users\Benny\Desktop\Baldurs_Gate_II_Throne_of_Bhaal_Manual.pdf
[2010/11/09 20:56:52 | 000,001,091 | ---- | C] () -- C:\Users\Benny\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/10/26 20:11:07 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/10/04 23:12:03 | 000,778,624 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/08 21:55:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/21 07:43:58 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/06/09 16:19:19 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/06/09 16:19:19 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/06/09 16:19:18 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/06/09 16:19:18 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/06/09 16:19:18 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/20 08:02:22 | 000,000,221 | -HS- | M] () -- C:\Users\Benny\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/03/11 16:54:53 | 000,120,792 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
[2010/03/11 16:54:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[2010/03/11 16:54:55 | 000,243,160 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/03 20:11:37 | 000,000,402 | -HS- | M] () -- C:\Users\Benny\Favorites\desktop.ini
[2010/09/20 08:04:05 | 000,000,302 | ---- | M] () -- C:\Users\Benny\Favorites\NCH Software Download.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/11/21 20:34:19 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %SYSTEMDRIVE%\*.* >
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/12/21 05:05:47 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/05/14 15:39:58 | 000,006,903 | ---- | M] () -- C:\Bug.txt
[2009/06/07 20:36:55 | 000,020,710 | ---- | M] () -- C:\Cucu_Video_log.txt
[2010/11/27 20:10:46 | 3219,025,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/01 20:45:33 | 000,001,061 | -H-- | M] () -- C:\IPH.PH
[2010/11/27 18:42:05 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.46.exe
[2010/11/27 18:43:19 | 002,402,178 | ---- | M] () -- C:\MGtools.exe
[2006/12/02 01:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/11/27 20:10:56 | 4292,038,656 | -HS- | M] () -- C:\pagefile.sys
[2010/11/27 18:42:09 | 009,852,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\SUPERAntiSpyware.exe

< %PROGRAMFILES%\*. >
[2010/04/25 17:13:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AC3Filter
[2010/11/27 23:24:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/06/01 20:45:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AIM
[2009/12/21 11:41:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010/11/23 18:34:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Audacity
[2010/07/14 08:33:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2010/11/26 22:25:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Calibre2
[2010/08/10 21:54:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CCleaner
[2010/11/27 23:24:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/10/17 13:54:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010/10/17 13:54:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Toolbar
[2010/01/08 12:56:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DVD Decrypter
[2010/01/08 13:26:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DVD Shrink
[2010/09/20 07:43:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Feedback Tool
[2010/03/15 11:18:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Folding@home
[2010/02/28 19:41:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Foxit Software
[2010/11/15 22:35:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GOG.com
[2010/11/15 22:03:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GOG.com Downloader
[2010/03/01 15:22:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Guitar Pro 5
[2009/12/21 17:27:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Haali
[2010/09/04 11:00:57 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/09/20 07:54:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/07/26 10:20:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2010/11/01 15:42:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010/06/09 16:19:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\K-Lite Codec Pack
[2010/03/21 22:41:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lavasoft
[2010/11/27 23:05:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/29 19:47:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/11/21 10:42:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games
[2010/11/21 09:13:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010/10/29 19:51:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010/09/29 11:54:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/10/29 19:51:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/10/29 19:51:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/10/29 19:51:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/10/29 19:48:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/10/29 19:51:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2010/03/11 16:54:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2010/10/29 19:52:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/11/23 00:15:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010/05/09 20:59:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NBC Direct
[2010/04/23 13:44:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NCH Software
[2010/10/17 12:12:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OnLive
[2010/04/10 10:33:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pando Networks
[2010/10/14 17:55:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pandora
[2010/10/05 22:31:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PC SleepTimer
[2010/07/13 20:19:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerStars
[2010/03/18 18:44:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Power Tab Software
[2010/08/30 10:43:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/08/30 10:42:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Safari
[2010/10/17 16:25:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sid Meier's Civilization V
[2010/08/08 21:54:27 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2010/04/15 18:37:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SopCast
[2010/03/20 19:52:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/07/13 19:20:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Starcraft
[2010/11/10 16:55:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StarCraft II
[2010/07/05 14:36:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2009/12/21 16:50:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Symantec
[2010/10/17 12:34:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SystemRequirementsLab
[2009/07/13 23:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/08/28 00:26:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrent
[2010/04/26 19:20:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Veetle
[2009/12/22 12:41:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2009/07/14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010/05/12 02:02:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/10/13 16:40:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/14 00:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009/07/14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010/04/28 20:30:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Wizards of the Coast

< %appdata%\*.* >


< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009/07/13 19:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\SysWow64\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\USBSTOR.SYS
[2009/07/13 19:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >



OTL Extras logfile created on: 11/27/2010 11:26:15 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Benny\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.96 Gb Total Space | 10.44 Gb Free Space | 3.64% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.85 Gb Free Space | 16.61% Space Free | Partition Type: NTFS

Computer Name: BENNY | User Name: Benny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- C:\Users\Benny\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{530992D4-DDBA-4F68-8B0D-FF50AC57531B}" = Symantec Endpoint Protection
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin 64" = Adobe Flash Player 10 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}" = Safari
"{3C6B103A-1CDD-B3F2-5E8C-A2E5AAA6B555}" = GOG.com Downloader
"{4541091F-1F3D-4BA3-A5A3-F71000000100}" = Age of Empires III: Complete Collection
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86
"{6C8E8FB6-1EB2-4E03-B66D-1C7FE26F3D5C}" = calibre
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3E3C2C5-B78F-560D-01C0-A9F11945D17B}" = Pandora
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"AC3Filter" = AC3Filter (remove only)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Audacity_is1" = Audacity 1.2.6
"Baldur's Gate II_is1" = Baldur's Gate II
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.gog.downloader.87F90EC6C28C7E479115BE2E026DB87A08BC420D.1" = GOG.com Downloader
"com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1" = Pandora
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Debut" = Debut Video Capture Software
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"GFWL_{4541091F-1F3D-4BA3-A5A3-F71000000100}" = Age of Empires III: Complete Collection
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HaaliMkx" = Haali Media Splitter
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Full)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OnLive" = OnLive
"PC SleepTimer_is1" = PC SleepTimer 1.0.0
"PokerStars" = PokerStars
"Populus" = Populus
"Skype™ for Windows Mobile_is1" = Skype™ for Windows Mobile 3.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SopCast" = SopCast 3.0.3
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Steam App 3830" = Psychonauts
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.0.3
"Windows Mobile Device Handbook" = HTC Touch Pro2 User Manual

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/22/2010 2:29:44 PM | Computer Name = Benny | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 11/23/2010 10:23:50 AM | Computer Name = Benny | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 11/24/2010 11:53:25 AM | Computer Name = Benny | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x80072745) failure (see data for failure code).

Error - 11/25/2010 3:25:29 PM | Computer Name = Benny | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 11/26/2010 6:12:54 PM | Computer Name = Benny | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x80072745) failure (see data for failure code).

Error - 11/26/2010 10:15:19 PM | Computer Name = Benny | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x80072745) failure (see data for failure code).

Error - 11/27/2010 1:35:38 PM | Computer Name = Benny | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 11/27/2010 6:28:17 PM | Computer Name = Benny | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 11/27/2010 7:27:44 PM | Computer Name = Benny | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Manual
scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
file was deleted successfully.

Error - 11/27/2010 10:35:28 PM | Computer Name = Benny | Source = Application Error | ID = 1000
Description = Faulting application name: SUPERAntiSpyware.exe, version: 4.46.0.1000,
time stamp: 0x4ca390d3 Faulting module name: SUPERAntiSpyware.exe, version: 4.46.0.1000,
time stamp: 0x4ca390d3 Exception code: 0xc0000005 Fault offset: 0x0006de68 Faulting
process id: 0x17c Faulting application start time: 0x01cb8ea4d9e92748 Faulting application
path: C:\SUPERAntiSpyware.exe Faulting module path: C:\SUPERAntiSpyware.exe Report
Id: 29212225-fa98-11df-a1bf-9bb9a873946b

[ Media Center Events ]
Error - 10/6/2010 5:58:41 PM | Computer Name = Benny | Source = MCUpdate | ID = 0
Description = 5:58:33 PM - Error connecting to the internet. 5:58:34 PM - Unable
to contact server..

Error - 11/7/2010 9:58:59 AM | Computer Name = Benny | Source = MCUpdate | ID = 0
Description = 8:58:58 AM - Error connecting to the internet. 8:58:59 AM - Unable
to contact server..

Error - 11/14/2010 10:20:39 AM | Computer Name = Benny | Source = MCUpdate | ID = 0
Description = 9:20:39 AM - Error connecting to the internet. 9:20:39 AM - Unable
to contact server..

Error - 11/14/2010 10:20:53 AM | Computer Name = Benny | Source = MCUpdate | ID = 0
Description = 9:20:44 AM - Error connecting to the internet. 9:20:44 AM - Unable
to contact server..

[ System Events ]
Error - 11/25/2010 11:17:18 AM | Computer Name = Benny | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Task Scheduler service failed to load tasks at service startup. Additional
Data: Error Value: 2147549183.

Error - 11/25/2010 1:15:21 PM | Computer Name = Benny | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Task Scheduler service failed to load tasks at service startup. Additional
Data: Error Value: 2147549183.

Error - 11/25/2010 10:12:48 PM | Computer Name = Benny | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\DR0.

Error - 11/25/2010 10:17:44 PM | Computer Name = Benny | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\DR0.

Error - 11/26/2010 10:28:19 AM | Computer Name = Benny | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Task Scheduler service failed to load tasks at service startup. Additional
Data: Error Value: 2147549183.

Error - 11/27/2010 10:18:27 AM | Computer Name = Benny | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Task Scheduler service failed to load tasks at service startup. Additional
Data: Error Value: 2147549183.

Error - 11/27/2010 12:12:07 PM | Computer Name = Benny | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Task Scheduler service failed to load tasks at service startup. Additional
Data: Error Value: 2147549183.

Error - 11/27/2010 9:04:40 PM | Computer Name = Benny | Source = Service Control Manager | ID = 7030
Description = The Lavasoft Ad-Aware Service service is marked as an interactive
service. However, the system is configured to not allow interactive services.
This service may not function properly.

Error - 11/27/2010 9:08:57 PM | Computer Name = Benny | Source = Service Control Manager | ID = 7000
Description = The Lbd service failed to start due to the following error: %%2

Error - 11/27/2010 9:11:28 PM | Computer Name = Benny | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Task Scheduler service failed to load tasks at service startup. Additional
Data: Error Value: 2147549183.


< End of report >

anole3000
Novice
Novice

Status :
Online
Offline

Posts Posts : 7
Joined Joined : 2010-11-28
OS OS : Windows 7

View user profile

Back to top Go down

Re: Help to remove Clicksor

Post by Belahzur on Mon Nov 29, 2010 12:30 am

Hello.

Download [You must be registered and logged in to see this link.] to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Help to remove Clicksor

Post by anole3000 on Mon Nov 29, 2010 3:25 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv5 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 212):
0x02C51000 \SystemRoot\system32\ntoskrnl.exe
0x02C08000 \SystemRoot\system32\hal.dll
0x00BBE000 \SystemRoot\system32\kdcom.dll
0x00C31000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C75000 \SystemRoot\system32\PSHED.dll
0x00C89000 \SystemRoot\system32\CLFS.SYS
0x00CE7000 \SystemRoot\system32\CI.dll
0x00E84000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F28000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x01008000 \SystemRoot\System32\Drivers\spdm.sys
0x0112E000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01137000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01166000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x011BD000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x011C7000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F37000 \SystemRoot\system32\DRIVERS\pci.sys
0x011D4000 \SystemRoot\System32\drivers\partmgr.sys
0x011E9000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x011F2000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F6A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F7F000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FDB000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FF5000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00E00000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00E2A000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00E35000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00E45000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00DA7000 \SystemRoot\system32\drivers\fltmgr.sys
0x00E50000 \SystemRoot\system32\drivers\fileinfo.sys
0x00E64000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x01231000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01431000 \SystemRoot\System32\Drivers\msrpc.sys
0x0148F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014A9000 \SystemRoot\System32\Drivers\cng.sys
0x0151C000 \SystemRoot\System32\drivers\pcw.sys
0x0152D000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01653000 \SystemRoot\system32\drivers\ndis.sys
0x01745000 \SystemRoot\system32\drivers\NETIO.SYS
0x017A5000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01801000 \SystemRoot\System32\drivers\tcpip.sys
0x01600000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x017D0000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01537000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017E0000 \SystemRoot\System32\Drivers\spldr.sys
0x01583000 \SystemRoot\System32\drivers\rdyboost.sys
0x017E8000 \SystemRoot\System32\Drivers\mup.sys
0x0164A000 \SystemRoot\System32\drivers\hwpolicy.sys
0x015BD000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x01A16000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01A50000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A66000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01ACE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01AF8000 \SystemRoot\System32\Drivers\SRTSP64.SYS
0x02E3D000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20101128.002\EX64.SYS
0x02E00000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x01B6C000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20101128.002\ENG64.SYS
0x01B8C000 \SystemRoot\System32\Drivers\SRTSPX64.SYS
0x01BA0000 \SystemRoot\System32\Drivers\Null.SYS
0x02E36000 \SystemRoot\System32\Drivers\Beep.SYS
0x01BA9000 \SystemRoot\System32\drivers\vga.sys
0x01BB7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01BDC000 \SystemRoot\System32\drivers\watchdog.sys
0x01BEC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01BF5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01A00000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01A09000 \SystemRoot\System32\Drivers\Msfs.SYS
0x015C7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x015D8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01400000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03C10000 \SystemRoot\system32\drivers\afd.sys
0x03C9A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03CDF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03CE8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03D0E000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03D24000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03D33000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03D4E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03D62000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x03D6C000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x03D76000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03DC7000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03DD3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03E1E000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x03E94000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x03EB9000 \SystemRoot\System32\drivers\discache.sys
0x03EC8000 \SystemRoot\system32\drivers\csc.sys
0x03F4B000 \SystemRoot\System32\Drivers\dfsc.sys
0x03F69000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03F7A000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03FA0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03FB6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04A1A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x05519000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04059000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0414D000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04193000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x041A0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04000000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04011000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x05832000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x05F91000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05F9E000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x05FDC000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x05800000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0581E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04035000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04044000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0551B000 \SystemRoot\System32\Drivers\a454jgfc.SYS
0x041F6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x05560000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x0556C000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x0557C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05592000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x055B6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x055C2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03FBB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03FD6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04A00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x055F1000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x0582D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04611000 \SystemRoot\system32\DRIVERS\ks.sys
0x04654000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04666000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x046C0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x046D5000 \SystemRoot\system32\drivers\HdAudio.sys
0x04731000 \SystemRoot\system32\drivers\portcls.sys
0x0476E000 \SystemRoot\system32\drivers\drmk.sys
0x04790000 \SystemRoot\system32\drivers\ksthunk.sys
0x08268000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x0838A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0838C000 \SystemRoot\system32\drivers\modem.sys
0x0839B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x083A9000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x083B5000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x083C0000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000C0000 \SystemRoot\System32\win32k.sys
0x083D3000 \SystemRoot\System32\drivers\Dxapi.sys
0x083DF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x08200000 \SystemRoot\System32\Drivers\usbvideo.sys
0x0822E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004E0000 \SystemRoot\System32\TSDDD.dll
0x007A0000 \SystemRoot\System32\cdd.dll
0x0823C000 \SystemRoot\system32\drivers\luafv.sys
0x04796000 \SystemRoot\system32\drivers\WudfPf.sys
0x047B7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x09694000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x096E7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x096FA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x09712000 \SystemRoot\system32\drivers\HTTP.sys
0x097DA000 \SystemRoot\system32\DRIVERS\bowser.sys
0x09600000 \SystemRoot\System32\drivers\mpsdrv.sys
0x09618000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x09645000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x047CC000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x09EC3000 \SystemRoot\system32\drivers\peauth.sys
0x09F69000 \SystemRoot\system32\drivers\qwavedrv.sys
0x09F79000 \SystemRoot\System32\Drivers\secdrv.SYS
0x09F84000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x09FB1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x09E00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0A292000 \SystemRoot\System32\DRIVERS\srv.sys
0x0A328000 \SystemRoot\System32\drivers\rdpdr.sys
0x0A356000 \SystemRoot\system32\drivers\tdtcp.sys
0x0A361000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x0A370000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x0A3A8000 \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
0x0A271000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x0A27C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0A3AF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0A3C8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0A3D1000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x77940000 \Windows\System32\ntdll.dll
0x48310000 \Windows\System32\smss.exe
0xFFC60000 \Windows\System32\apisetschema.dll
0xFF8C0000 \Windows\System32\autochk.exe
0xFFC40000 \Windows\System32\lpk.dll
0xFFC10000 \Windows\System32\imm32.dll
0x77B10000 \Windows\System32\normaliz.dll
0xFFBC0000 \Windows\System32\Wldap32.dll
0xFFB20000 \Windows\System32\comdlg32.dll
0x776E0000 \Windows\System32\iertutil.dll
0xFFA40000 \Windows\System32\oleaut32.dll
0xFF970000 \Windows\System32\usp10.dll
0x77580000 \Windows\System32\wininet.dll
0x77480000 \Windows\System32\user32.dll
0xFF900000 \Windows\System32\gdi32.dll
0xFF8B0000 \Windows\System32\ws2_32.dll
0xFF830000 \Windows\System32\shlwapi.dll
0xFF650000 \Windows\System32\setupapi.dll
0xFF630000 \Windows\System32\imagehlp.dll
0x77B00000 \Windows\System32\psapi.dll
0xFE8A0000 \Windows\System32\shell32.dll
0xFE770000 \Windows\System32\rpcrt4.dll
0xFE750000 \Windows\System32\sechost.dll
0x77340000 \Windows\System32\urlmon.dll
0xFE6B0000 \Windows\System32\clbcatq.dll
0xFE610000 \Windows\System32\msvcrt.dll
0xFE600000 \Windows\System32\nsi.dll
0x77220000 \Windows\System32\kernel32.dll
0xFE580000 \Windows\System32\difxapi.dll
0xFE4A0000 \Windows\System32\advapi32.dll
0xFE390000 \Windows\System32\msctf.dll
0xFE180000 \Windows\System32\ole32.dll
0xFE140000 \Windows\System32\xmllite.dll
0xFE0A0000 \Windows\System32\comctl32.dll
0xFE080000 \Windows\System32\devobj.dll
0xFE010000 \Windows\System32\KernelBase.dll
0xFDFD0000 \Windows\System32\cfgmgr32.dll
0xFDF90000 \Windows\System32\wintrust.dll
0xFDE20000 \Windows\System32\crypt32.dll
0xFDE10000 \Windows\System32\msasn1.dll
0x76730000 \Windows\SysWOW64\normaliz.dll

Processes (total 70):
0 System Idle Process
4 System
296 C:\Windows\System32\smss.exe
424 csrss.exe
488 csrss.exe
496 C:\Windows\System32\wininit.exe
548 C:\Windows\System32\services.exe
556 C:\Windows\System32\lsass.exe
584 C:\Windows\System32\winlogon.exe
632 C:\Windows\System32\lsm.exe
704 C:\Windows\System32\svchost.exe
768 C:\Windows\System32\nvvsvc.exe
808 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
692 C:\Windows\System32\svchost.exe
396 C:\Windows\System32\hpservice.exe
1120 C:\Windows\System32\nvvsvc.exe
1168 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
1204 C:\Windows\System32\svchost.exe
1288 C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
1436 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
1568 C:\Windows\System32\spoolsv.exe
1604 C:\Windows\System32\svchost.exe
1776 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1804 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1844 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1892 C:\Windows\System32\svchost.exe
1968 C:\Windows\System32\svchost.exe
1756 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
2072 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2404 C:\Windows\System32\SearchIndexer.exe
2624 C:\Windows\System32\svchost.exe
2776 C:\Windows\System32\svchost.exe
2812 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2836 unsecapp.exe
3000 WmiPrvSE.exe
2828 C:\Windows\System32\taskhost.exe
2056 C:\Windows\System32\dwm.exe
2504 C:\Windows\explorer.exe
2016 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
2708 C:\Windows\WindowsMobile\wmdc.exe
3156 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
3192 C:\Windows\System32\svchost.exe
3204 C:\Users\Benny\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
3224 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
3368 C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
3380 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3392 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3528 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
3840 C:\Program Files\iPod\bin\iPodService.exe
4048 C:\Windows\System32\svchost.exe
3324 C:\Program Files\Windows Media Player\wmpnetwk.exe
4224 dllhost.exe
2428 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
348 C:\Windows\System32\audiodg.exe
4772 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
3252 C:\Users\Benny\AppData\Local\Google\Chrome\Application\chrome.exe
3128 C:\Users\Benny\AppData\Local\Google\Chrome\Application\chrome.exe
5028 C:\Users\Benny\AppData\Local\Google\Chrome\Application\chrome.exe
4984 C:\Users\Benny\AppData\Local\Google\Chrome\Application\chrome.exe
3580 C:\Users\Benny\AppData\Local\Google\Chrome\Application\chrome.exe
3636 C:\Windows\System32\SearchProtocolHost.exe
944 C:\Windows\System32\SearchFilterHost.exe
4144 C:\Users\Benny\Downloads\MBRCheck.exe
4484 C:\Program Files (x86)\Pandora\Pandora.exe
5036 C:\Windows\System32\conhost.exe
4848 C:\Windows\System32\dllhost.exe
1864 C:\Windows\System32\SndVol.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`bd400000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-60ZCT0, Rev: 12.01A12

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

anole3000
Novice
Novice

Status :
Online
Offline

Posts Posts : 7
Joined Joined : 2010-11-28
OS OS : Windows 7

View user profile

Back to top Go down

Re: Help to remove Clicksor

Post by Belahzur on Mon Nov 29, 2010 10:07 pm

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Help to remove Clicksor

Post by anole3000 on Mon Nov 29, 2010 11:07 pm

2010/11/29 18:05:11.0798 TDSS rootkit removing tool 2.4.10.0 Nov 28 2010 18:35:56
2010/11/29 18:05:11.0799 ================================================================================
2010/11/29 18:05:11.0799 SystemInfo:
2010/11/29 18:05:11.0799
2010/11/29 18:05:11.0799 OS Version: 6.1.7600 ServicePack: 0.0
2010/11/29 18:05:11.0799 Product type: Workstation
2010/11/29 18:05:11.0799 ComputerName: BENNY
2010/11/29 18:05:11.0801 UserName: Benny
2010/11/29 18:05:11.0801 Windows directory: C:\Windows
2010/11/29 18:05:11.0801 System windows directory: C:\Windows
2010/11/29 18:05:11.0801 Running under WOW64
2010/11/29 18:05:11.0801 Processor architecture: Intel x64
2010/11/29 18:05:11.0801 Number of processors: 2
2010/11/29 18:05:11.0801 Page size: 0x1000
2010/11/29 18:05:11.0801 Boot type: Normal boot
2010/11/29 18:05:11.0801 ================================================================================
2010/11/29 18:05:11.0802 Utility is running under WOW64
2010/11/29 18:05:20.0106 Initialize success
2010/11/29 18:05:28.0578 ================================================================================
2010/11/29 18:05:28.0578 Scan started
2010/11/29 18:05:28.0578 Mode: Manual;
2010/11/29 18:05:28.0578 ================================================================================
2010/11/29 18:05:31.0283 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/11/29 18:05:31.0349 Accelerometer (a768c6f605bc395d3b57fa0dc3ac3457) C:\Windows\system32\DRIVERS\Accelerometer.sys
2010/11/29 18:05:31.0414 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/11/29 18:05:31.0468 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/11/29 18:05:31.0582 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/11/29 18:05:31.0920 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/11/29 18:05:32.0162 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/11/29 18:05:32.0336 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/11/29 18:05:32.0512 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
2010/11/29 18:05:32.0648 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/11/29 18:05:32.0772 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/11/29 18:05:32.0866 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/11/29 18:05:33.0054 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/11/29 18:05:33.0186 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/11/29 18:05:33.0306 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/11/29 18:05:33.0564 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/11/29 18:05:34.0730 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/11/29 18:05:34.0942 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/11/29 18:05:35.0641 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/11/29 18:05:35.0802 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/11/29 18:05:36.0171 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/29 18:05:36.0211 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/11/29 18:05:36.0393 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/11/29 18:05:36.0750 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/11/29 18:05:36.0948 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/11/29 18:05:37.0050 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/11/29 18:05:37.0148 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/29 18:05:37.0228 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/11/29 18:05:37.0331 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/11/29 18:05:37.0436 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/11/29 18:05:37.0613 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/11/29 18:05:37.0734 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/11/29 18:05:37.0888 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/11/29 18:05:38.0005 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/11/29 18:05:38.0260 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/29 18:05:38.0539 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/29 18:05:38.0738 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/11/29 18:05:38.0920 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/11/29 18:05:39.0298 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/29 18:05:39.0385 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/11/29 18:05:39.0735 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/11/29 18:05:40.0518 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/29 18:05:40.0627 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/11/29 18:05:40.0706 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/11/29 18:05:40.0921 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2010/11/29 18:05:41.0289 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/11/29 18:05:41.0381 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/11/29 18:05:41.0440 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/11/29 18:05:41.0667 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/11/29 18:05:41.0825 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/29 18:05:42.0502 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/11/29 18:05:42.0869 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2010/11/29 18:05:43.0050 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/11/29 18:05:43.0178 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/11/29 18:05:43.0298 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/11/29 18:05:43.0464 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/11/29 18:05:43.0562 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/11/29 18:05:43.0742 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/29 18:05:43.0858 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/11/29 18:05:43.0981 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/11/29 18:05:44.0404 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/29 18:05:44.0580 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/11/29 18:05:44.0680 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/11/29 18:05:44.0797 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/29 18:05:44.0939 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/11/29 18:05:45.0018 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/11/29 18:05:45.0144 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/11/29 18:05:45.0209 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/11/29 18:05:45.0440 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2010/11/29 18:05:45.0548 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/29 18:05:45.0589 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/11/29 18:05:45.0771 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/11/29 18:05:46.0105 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/11/29 18:05:46.0345 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/29 18:05:46.0530 hpdskflt (4bebf72764caa516119a9c1287eda930) C:\Windows\system32\DRIVERS\hpdskflt.sys
2010/11/29 18:05:46.0660 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/11/29 18:05:46.0960 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/11/29 18:05:47.0258 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/11/29 18:05:47.0677 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/29 18:05:48.0143 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/11/29 18:05:48.0480 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/11/29 18:05:48.0658 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/11/29 18:05:48.0805 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/29 18:05:48.0885 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/29 18:05:49.0088 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/11/29 18:05:49.0368 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/11/29 18:05:49.0648 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/11/29 18:05:50.0153 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/11/29 18:05:50.0684 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/29 18:05:51.0193 JMCR (54df9eafb54a98e1a2ac3db69c16cf05) C:\Windows\system32\DRIVERS\jmcr.sys
2010/11/29 18:05:51.0510 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/29 18:05:51.0723 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/29 18:05:52.0187 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/29 18:05:52.0410 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/11/29 18:05:52.0602 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/11/29 18:05:52.0991 Lavasoft Kernexplorer (ad134c8802355be1b24606fca8a4a50d) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
2010/11/29 18:05:53.0139 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
2010/11/29 18:05:53.0429 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/29 18:05:53.0613 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/11/29 18:05:53.0882 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/11/29 18:05:54.0172 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/11/29 18:05:54.0465 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/11/29 18:05:55.0018 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/11/29 18:05:55.0409 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
2010/11/29 18:05:55.0887 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/11/29 18:05:56.0571 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/11/29 18:05:57.0010 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/11/29 18:05:57.0164 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/29 18:05:57.0224 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/29 18:05:57.0293 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/29 18:05:57.0372 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/11/29 18:05:57.0440 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/11/29 18:05:57.0626 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/29 18:05:57.0738 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/11/29 18:05:58.0106 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/29 18:05:58.0198 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/29 18:05:58.0370 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/29 18:05:58.0469 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/11/29 18:05:58.0609 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/11/29 18:05:58.0980 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/11/29 18:05:59.0064 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/11/29 18:05:59.0197 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/11/29 18:05:59.0388 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/29 18:05:59.0565 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/29 18:05:59.0672 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/11/29 18:05:59.0781 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/11/29 18:05:59.0979 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/29 18:06:00.0130 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/11/29 18:06:00.0425 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/11/29 18:06:00.0719 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/11/29 18:06:00.0871 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/29 18:06:01.0051 NAVENG (956f589c6a7dde71dc6b03be633ebf23) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20101129.002\ENG64.SYS
2010/11/29 18:06:01.0817 NAVEX15 (ee7a0e2478e7cd1a199d1b82e3a69b3e) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20101129.002\EX64.SYS
2010/11/29 18:06:02.0544 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/11/29 18:06:03.0019 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/11/29 18:06:03.0513 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/29 18:06:03.0967 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/29 18:06:04.0323 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/29 18:06:04.0405 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/11/29 18:06:04.0747 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/29 18:06:05.0078 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/29 18:06:06.0239 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
2010/11/29 18:06:07.0535 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2010/11/29 18:06:07.0926 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/11/29 18:06:08.0034 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/11/29 18:06:08.0155 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/29 18:06:08.0374 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/11/29 18:06:08.0567 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/11/29 18:06:09.0481 nvlddmkm (e63279a205da5c225369770e400904a8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/11/29 18:06:10.0050 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/11/29 18:06:10.0201 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/11/29 18:06:10.0378 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/11/29 18:06:10.0534 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/29 18:06:10.0921 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/11/29 18:06:11.0051 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/11/29 18:06:11.0202 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/11/29 18:06:11.0366 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/11/29 18:06:11.0606 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/11/29 18:06:11.0848 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/11/29 18:06:12.0100 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/11/29 18:06:12.0702 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/29 18:06:12.0898 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/11/29 18:06:13.0116 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/29 18:06:13.0255 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/11/29 18:06:13.0446 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/11/29 18:06:13.0553 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/29 18:06:13.0638 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/29 18:06:13.0811 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/11/29 18:06:13.0878 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/29 18:06:13.0953 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/29 18:06:14.0021 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/29 18:06:14.0075 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/29 18:06:14.0264 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/11/29 18:06:14.0669 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/29 18:06:14.0896 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2010/11/29 18:06:14.0955 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/29 18:06:15.0024 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/11/29 18:06:15.0084 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/11/29 18:06:15.0162 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/11/29 18:06:15.0385 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/29 18:06:15.0472 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
2010/11/29 18:06:15.0590 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/11/29 18:06:15.0742 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2010/11/29 18:06:15.0783 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2010/11/29 18:06:15.0846 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/11/29 18:06:16.0128 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/11/29 18:06:16.0352 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2010/11/29 18:06:16.0461 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/11/29 18:06:16.0558 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/29 18:06:16.0651 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/11/29 18:06:16.0751 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/11/29 18:06:16.0909 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/11/29 18:06:16.0997 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/11/29 18:06:17.0093 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/11/29 18:06:17.0181 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/11/29 18:06:17.0328 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/11/29 18:06:17.0420 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/11/29 18:06:17.0573 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/11/29 18:06:17.0756 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/11/29 18:06:17.0979 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2010/11/29 18:06:17.0979 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2010/11/29 18:06:17.0994 sptd - detected Locked file (1)
2010/11/29 18:06:18.0095 SRTSP (32900ac9cfdc578531279886ca16a4df) C:\Windows\system32\Drivers\SRTSP64.SYS
2010/11/29 18:06:18.0277 SRTSPL (8929566d1f14685fd78eaf25bee3ecc7) C:\Windows\system32\Drivers\SRTSPL64.SYS
2010/11/29 18:06:18.0448 SRTSPX (cb2fdf47ee67f8cca5362ed9b94fe955) C:\Windows\system32\Drivers\SRTSPX64.SYS
2010/11/29 18:06:18.0574 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2010/11/29 18:06:18.0684 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/29 18:06:18.0773 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/29 18:06:19.0004 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/11/29 18:06:19.0191 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/11/29 18:06:19.0301 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2010/11/29 18:06:19.0439 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/29 18:06:19.0566 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2010/11/29 18:06:19.0807 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/11/29 18:06:20.0353 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/29 18:06:20.0655 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/29 18:06:20.0785 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/11/29 18:06:20.0898 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/11/29 18:06:21.0033 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/29 18:06:21.0104 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/29 18:06:21.0588 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/29 18:06:22.0012 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/29 18:06:22.0324 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/11/29 18:06:22.0494 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/29 18:06:22.0677 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/11/29 18:06:22.0845 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/29 18:06:23.0046 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/11/29 18:06:23.0224 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
2010/11/29 18:06:23.0407 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/29 18:06:23.0542 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/11/29 18:06:23.0680 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/29 18:06:23.0742 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/29 18:06:23.0812 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/11/29 18:06:23.0902 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/29 18:06:23.0993 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/29 18:06:24.0088 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/29 18:06:24.0173 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2010/11/29 18:06:24.0265 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
2010/11/29 18:06:24.0409 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/11/29 18:06:24.0574 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/29 18:06:24.0683 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/11/29 18:06:24.0759 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/11/29 18:06:24.0890 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/11/29 18:06:25.0030 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2010/11/29 18:06:25.0141 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/11/29 18:06:25.0243 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/11/29 18:06:25.0379 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/11/29 18:06:25.0474 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/11/29 18:06:25.0625 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/11/29 18:06:25.0772 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/11/29 18:06:25.0808 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/11/29 18:06:25.0892 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/11/29 18:06:26.0012 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/29 18:06:26.0085 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/29 18:06:26.0402 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/11/29 18:06:26.0511 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/29 18:06:26.0803 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/11/29 18:06:26.0844 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/11/29 18:06:27.0359 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/11/29 18:06:27.0570 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/29 18:06:27.0744 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/29 18:06:28.0022 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/11/29 18:06:28.0131 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/29 18:06:28.0349 ================================================================================
2010/11/29 18:06:28.0349 Scan finished
2010/11/29 18:06:28.0349 ================================================================================
2010/11/29 18:06:28.0472 Detected object count: 1
2010/11/29 18:06:50.0280 Locked file(sptd) - User select action: Skip

anole3000
Novice
Novice

Status :
Online
Offline

Posts Posts : 7
Joined Joined : 2010-11-28
OS OS : Windows 7

View user profile

Back to top Go down

Re: Help to remove Clicksor

Post by Belahzur on Wed Dec 01, 2010 12:27 am

Hello.

Do you know what this IP address is here. 184.73.77.253


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Help to remove Clicksor

Post by anole3000 on Wed Dec 01, 2010 2:13 am

No, I have no clue what it is.

anole3000
Novice
Novice

Status :
Online
Offline

Posts Posts : 7
Joined Joined : 2010-11-28
OS OS : Windows 7

View user profile

Back to top Go down

Re: Help to remove Clicksor

Post by Belahzur on Thu Dec 02, 2010 12:50 am

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Still having problems now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Help to remove Clicksor

Post by anole3000 on Thu Dec 02, 2010 2:49 am

No it didn't.

Also, I seem to only have this problem when I'm connection to the internet from home. When I'm the library of our university, I don't recall ever having the problem.

I don't know if this information is relevant or not.

Edit:

So due to this evidence, I was suspecting that the problem had to do with our network. I asked my roommate, and he said that he's been having the same problem.

anole3000
Novice
Novice

Status :
Online
Offline

Posts Posts : 7
Joined Joined : 2010-11-28
OS OS : Windows 7

View user profile

Back to top Go down

Re: Help to remove Clicksor

Post by Belahzur on Fri Dec 03, 2010 12:29 am

Hello.
Yes something strange is happening.

IE has a proxy set to 184.73.77.253
Firefox has a proxy set to 174.142.24.201
and the machine has a DNS set to 213.109.67.74

Do you recognize any of these IP's?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Help to remove Clicksor

Post by anole3000 on Sat Dec 04, 2010 1:56 am

Actually, I reset my router to default and the problem is gone.

Thanks for all your help.

anole3000
Novice
Novice

Status :
Online
Offline

Posts Posts : 7
Joined Joined : 2010-11-28
OS OS : Windows 7

View user profile

Back to top Go down

Re: Help to remove Clicksor

Post by Belahzur on Sat Dec 04, 2010 7:06 pm

Figured as much, nice one.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum