Computer Hope

Software => Computer viruses and spyware => Topic started by: zulubanshee on December 21, 2012, 03:40:43 PM

Title: Connection problems - here to see if I have a virus
Post by: zulubanshee on December 21, 2012, 03:40:43 PM
My problem can be found here:
http://www.computerhope.com/forum/index.php/topic,134893.msg868106.html#msg868106 (http://www.computerhope.com/forum/index.php/topic,134893.msg868106.html#msg868106)

Essentially I have been having intermittent connection problems. Some pages load ok, others do not load, others load but without the styles sheets, usually if I refresh a bunch of times the page will load eventually, but not always. I have tried everything else and somebody on the Networking forum sent me over here. So here I am. And here are my logs.

# AdwCleaner v2.101 - Logfile created 12/21/2012 at 12:46:31
# Updated 16/12/2012 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : doug - DOUG-PC
# Boot Mode : Normal
# Running from : C:\Users\doug\Desktop\zips\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Found : C:\Program Files (x86)\ICQ6Toolbar
Folder Found : C:\ProgramData\ICQ\ICQToolbar
Folder Found : C:\Users\doug\AppData\Local\APN
Folder Found : C:\Users\doug\AppData\Local\Conduit
Folder Found : C:\Users\doug\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\doug\AppData\LocalLow\Conduit

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB9}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKU\S-1-5-21-1499011048-2565338764-885293594-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKU\S-1-5-21-1499011048-2565338764-885293594-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB9}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default-1355447943910 [Profil par défaut]
File : C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.12.1707.0

File : C:\Users\doug\AppData\Roaming\Opera\Opera\operaprefs.ini

Found : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera

*************************

AdwCleaner[R1].txt - [4095 octets] - [21/12/2012 12:46:31]

########## EOF - C:\AdwCleaner[R1].txt - [4155 octets] ##########
---------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.21.15

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
doug :: DOUG-PC [administrator]

Protection: Disabled

12/21/2012 12:50:10 PM
mbam-log-2012-12-21 (12-50-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224470
Time elapsed: 8 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
-------------------------------------------------------------------------------------------------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 1.6.0_37
Run by doug at 17:09:58 on 2012-12-21
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.7934.5953 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\cygwin\bin\cygrunsrv.exe
C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
C:\cygwin\usr\sbin\cygserver.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\System32\WUDFHost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\MHotKey.exe
C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ehome\ehtray.exe
C:\Windows\ChiFuncExt.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\splwow64.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Page = hxxp://www.bing.com/?pc=AVBR
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1008&m=lx6200-01
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
mURLSearchHooks: {855F3B16-6D32-4fe6-8A56-BBB695989046} - <orphaned>
mURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
dURLSearchHooks: {855F3B16-6D32-4fe6-8A56-BBB695989046} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
dURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
uRun: [Pidgin] C:\Program Files (x86)\Pidgin\pidgin.exe
uRun: [AdobeBridge] <no file>
mRun: [LchDrvKey] LchDrvKey.exe
mRun: [LedKey] CNYHKey.exe
mRun: [eRecoveryService] <no file>
mRunOnce: [New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} - hxxp://www.ivienterprise.com:8080/qcbin/ALM-Platform-Loader.11.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{69DE6067-93A0-4FFF-AD69-C6EE7006F35F} : DHCPNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
x64-mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1008&m=lx6200-01
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\doug\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\doug\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\doug\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\doug\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-10-24 12:14; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-13 20:24; {dc572301-7619-498c-a57d-39143191b318}; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF - ExtSQL: 2012-12-13 20:33; {64161300-e22b-11db-8314-0800200c9a66}; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF - ExtSQL: 2012-12-13 20:46; {6AC85730-7D0F-4de0-B3FA-21142DD85326}; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - ExtSQL: 2012-12-13 20:51; {c45c406e-ab73-11d8-be73-000a95be3b12}; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF - ExtSQL: 2012-12-13 20:55; [email protected]; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
FF - ExtSQL: 2012-12-13 21:00; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2012-12-13 21:16; [email protected]; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
FF - ExtSQL: 2012-12-13 21:29; [email protected]; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
FF - ExtSQL: 2012-12-13 21:57; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-12-13 22:49; {af79f858-4b25-4ca4-822b-b5db1be628fc}; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi
FF - ExtSQL: 2012-12-14 14:48; [email protected]; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
FF - ExtSQL: 2012-12-14 14:55; [email protected]; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
FF - ExtSQL: 2012-12-14 19:45; [email protected]; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-10-29 69152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2008-8-21 55856]
R1 VBoxDrv;VirtualBox Service;C:\Windows\System32\drivers\VBoxDrv.sys [2012-1-22 224048]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\System32\drivers\VBoxUSBMon.sys [2012-1-22 130864]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-5-4 21992]
R2 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-10-16 24576]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2008-12-11 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-21 399432]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R2 vmci;VMware vmci;C:\Windows\System32\drivers\vmci.sys [2008-12-7 64560]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-7-4 46136]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;C:\Windows\System32\drivers\AVer88xHD64.sys [2008-8-21 432256]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2008-8-21 403968]
R3 LVUVC64;Logitech QuickCam S5500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\System32\drivers\VBoxNetAdp.sys [2011-12-19 146736]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2008-8-5 392192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9619c54e0d3d;Google Update Service (gupdate1c9619c54e0d3d);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2008-12-19 133104]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-21 676936]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 BrlAPI;BrlAPI;C:\cygwin\bin\cygrunsrv.exe [2012-1-10 68096]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-21 25928]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-1-28 19544]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\System32\drivers\point64k.sys [2009-5-8 33160]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\Windows\System32\drivers\VBoxNetFlt.sys [2011-12-19 165680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-7-10 369688]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .js: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2012-12-16 23:25:25   73656   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 23:25:25   697272   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-13 12:24:00   67413224   ----a-w-   C:\Windows\System32\mrt.exe
2012-11-14 07:06:18   17811968   ----a-w-   C:\Windows\System32\mshtml.dll
2012-11-14 06:32:33   10925568   ----a-w-   C:\Windows\System32\ieframe.dll
2012-11-14 06:11:44   2312704   ----a-w-   C:\Windows\System32\jscript9.dll
2012-11-14 06:04:44   1346048   ----a-w-   C:\Windows\System32\urlmon.dll
2012-11-14 06:04:11   1392128   ----a-w-   C:\Windows\System32\wininet.dll
2012-11-14 06:02:49   1494528   ----a-w-   C:\Windows\System32\inetcpl.cpl
2012-11-14 06:02:04   237056   ----a-w-   C:\Windows\System32\url.dll
2012-11-14 05:59:52   85504   ----a-w-   C:\Windows\System32\jsproxy.dll
2012-11-14 05:58:36   816640   ----a-w-   C:\Windows\System32\jscript.dll
2012-11-14 05:57:46   599040   ----a-w-   C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35   173056   ----a-w-   C:\Windows\System32\ieUnatt.exe
2012-11-14 05:55:45   2144768   ----a-w-   C:\Windows\System32\iertutil.dll
2012-11-14 05:55:26   729088   ----a-w-   C:\Windows\System32\msfeeds.dll
2012-11-14 05:53:22   96768   ----a-w-   C:\Windows\System32\mshtmled.dll
2012-11-14 05:52:40   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2012-11-14 05:46:25   248320   ----a-w-   C:\Windows\System32\ieui.dll
2012-11-14 02:48:26   12320256   ----a-w-   C:\Windows\SysWow64\mshtml.dll
2012-11-14 02:14:59   9738240   ----a-w-   C:\Windows\SysWow64\ieframe.dll
2012-11-14 02:09:22   1800704   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15   1427968   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:44   1103872   ----a-w-   C:\Windows\SysWow64\urlmon.dll
2012-11-14 01:57:37   1129472   ----a-w-   C:\Windows\SysWow64\wininet.dll
2012-11-14 01:55:46   231936   ----a-w-   C:\Windows\SysWow64\url.dll
2012-11-14 01:51:44   65024   ----a-w-   C:\Windows\SysWow64\jsproxy.dll
2012-11-14 01:49:25   142848   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:49:19   717824   ----a-w-   C:\Windows\SysWow64\jscript.dll
2012-11-14 01:48:27   420864   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:47:20   607744   ----a-w-   C:\Windows\SysWow64\msfeeds.dll
2012-11-14 01:46:38   1793024   ----a-w-   C:\Windows\SysWow64\iertutil.dll
2012-11-14 01:45:01   73216   ----a-w-   C:\Windows\SysWow64\mshtmled.dll
2012-11-14 01:44:42   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2012-11-14 01:41:30   176640   ----a-w-   C:\Windows\SysWow64\ieui.dll
2012-11-13 01:55:22   2770432   ----a-w-   C:\Windows\System32\win32k.sys
2012-11-13 01:45:48   2048   ----a-w-   C:\Windows\System32\tzres.dll
2012-11-13 01:29:51   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2012-11-08 04:24:01   48128   ----a-w-   C:\Windows\System32\atmlib.dll
2012-11-08 03:46:35   34304   ----a-w-   C:\Windows\SysWow64\atmlib.dll
2012-11-08 02:00:56   368128   ----a-w-   C:\Windows\System32\atmfd.dll
2012-11-08 01:36:08   293376   ----a-w-   C:\Windows\SysWow64\atmfd.dll
2012-11-02 10:45:52   477696   ----a-w-   C:\Windows\System32\dpnet.dll
2012-11-02 10:45:51   68096   ----a-w-   C:\Windows\System32\dpnathlp.dll
2012-11-02 10:18:17   376320   ----a-w-   C:\Windows\SysWow64\dpnet.dll
2012-11-02 08:59:56   26112   ----a-w-   C:\Windows\System32\dpnsvr.exe
2012-11-02 08:26:06   23040   ----a-w-   C:\Windows\SysWow64\dpnsvr.exe
2012-10-29 19:10:15   60304   ----a-w-   C:\Users\doug\g2mdlhlpx.exe
2012-10-25 08:12:26   94208   ----a-w-   C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12:26   69632   ----a-w-   C:\Windows\SysWow64\QuickTime.qts
2012-09-30 00:54:26   25928   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2012-09-28 16:34:50   1210368   ----a-w-   C:\Windows\System32\kernel32.dll
2012-09-28 16:13:29   860160   ----a-w-   C:\Windows\SysWow64\kernel32.dll
2012-09-25 16:31:19   91648   ----a-w-   C:\Windows\System32\synceng.dll
2012-09-25 16:19:41   75776   ----a-w-   C:\Windows\SysWow64\synceng.dll
2012-09-24 20:34:14   108008   ----a-w-   C:\Windows\System32\WindowsAccessBridge-64.dll
2012-09-24 20:34:13   916456   ----a-w-   C:\Windows\System32\deployJava1.dll
2012-09-24 20:34:13   289768   ----a-w-   C:\Windows\System32\javaws.exe
2012-09-24 20:34:13   189416   ----a-w-   C:\Windows\System32\javaw.exe
2012-09-24 20:34:13   188904   ----a-w-   C:\Windows\System32\java.exe
2012-09-24 20:34:13   1034216   ----a-w-   C:\Windows\System32\npDeployJava1.dll
2012-09-24 19:32:24   477168   ----a-w-   C:\Windows\SysWow64\npdeployJava1.dll
2012-09-24 19:32:20   473072   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2012-09-24 19:23:41   157680   ----a-w-   C:\Windows\SysWow64\javaws.exe
2012-09-24 19:23:37   149488   ----a-w-   C:\Windows\SysWow64\javaw.exe
2012-09-24 19:23:26   149488   ----a-w-   C:\Windows\SysWow64\java.exe
.
============= FINISH: 17:10:43.17 ===============
------------------------------------------------------------------------------------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/16/2008 2:22:15 AM
System Uptime: 12/21/2012 4:16:21 PM (1 hours ago)
.
Motherboard: Gateway |  | RS780
Processor: AMD Phenom(tm) 9500 Quad-Core Processor | AM2 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 689 GiB total, 360.351 GiB free.
D: is FIXED (NTFS) - 112 GiB total, 22.587 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
J: is CDROM ()
K: is CDROM ()
L: is FIXED (NTFS) - 233 GiB total, 165.374 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
µTorrent
7-Zip 4.62
Activation Assistant for the 2007 Microsoft Office suites
ActivePerl 5.12.2 Build 1202 (64-bit)
ActiveState Komodo Edit 6.1.1
Adobe AIR
Adobe Community Help
Adobe Dreamweaver CS5
Adobe Fireworks CS5
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Photoshop Elements 7.0
Adobe Photoshop.com Inspiration Browser
Adobe Reader X (10.1.4)
Amazon Kindle
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD VISION Engine Control Center
Apex PDF Watermarking Software 2.3.8.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Artisteer 2
AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.64.5
AVI Movie Player
BigFix
Bing Bar
Bing Maps 3D
BlueVoda Website Builder 11.71
Bonjour
calibre
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Compatibility Pack for the 2007 Office system
Cool Timer 3.7
CPUID HWMonitor 1.19
Craigs List Editor
Craigslist Crawler
Crimson Editor (remove only)
CutePDF Writer 2.8
CyberLink LabelPrint
CyberLink Power2Go
DHTML Editing Component
DivX Setup
DivX Version Checker
Dolby Control Center
EasyBCD 1.7.2
Facebook Video Calling 1.2.0.159
Facebook Video Calling 1.2.0.287
FeedDemon
FileZilla Client 3.6.0.2
FlashPeak SlimBrowser
Forté Agent
Free PDF to Word Doc Converter v1.1
Free SMTP Server
Freecorder
FTPRush v1 Unicode
Gadwin PrintScreen
Gateway Recovery Management
GIMP 2.6.11
Google AdWords Editor
Google Chrome
Google Drive
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoogleSpider
GoToMeeting 5.2.0.952
GreenBrowser
GTK+ Runtime 2.14.7 rev a (remove only)
HeidiSQL 4.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
HP ALM Microsoft Excel Addin
HP ALM Microsoft Word Addin
HP Application Lifecycle Management
HydraVision
iCloud
Inkscape 0.48.1
iPhone Configuration Utility
IrfanView (remove only)
iTunes
Java 7 Update 7 (64-bit)
Java Auto Updater
Java SE Development Kit 7 Update 7 (64-bit)
Java(TM) 6 Update 37
Java(TM) 6 Update 5
Java(TM) 6 Update 7
KB0817 Keyboard Driver
Magic ISO Maker v5.5 (build 0272)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.65.1.1000
Marvell(R) Wireless Card Software Package
MassMailer
Matroska Pack - Lazy Man's MKV 0.9.9
Media Player Classic
Meracl ImageMap Generator v3.5.3
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 7.0
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
MixPad
MobileMe Control Panel
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 16.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL-Front 3.2
NetBeans IDE 6.9.1
Netflix Movie Viewer
Notepad++
Octoshape add-in for Adobe Flash Player
oDesk Team
OpenOffice.org 3.0
Opera 12.12
Opera Mobile
Oracle VM VirtualBox 4.1.8
PDF Generator 2.03
PDF Settings CS5
PeerBlock 1.0.0 (r181)
PhotoshopdotcomInspirationBrowser
PhotoStage Slideshow Producer
Pidgin
POSInvoicePDFLite 1.0.5
QuickPar 0.9
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Rosetta Stone Version 3
SABnzbd 0.6.15
Safari
SeaMonkey (2.0.12)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SequoiaView
Skype™ 6.0
SmartFTP Client Setup Files 4.0 (x64) (remove only)
Snap (remove only)
Soft Data Fax Modem with SmartCP
Software Informer 1.1
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Sublime Text 2.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
VideoPad Video Editor
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VLC media player 1.0.0
VMware Workstation
WampServer 2.0
WavePad Sound Editor
Winamp
Winamp Detector Plug-in
WinDirStat 1.1.2
Windows Media Player Firefox Plugin
WinRAR archiver
.
==== End Of File ===========================


Title: Re: Connection problems - here to see if I have a virus
Post by: SuperDave on December 22, 2012, 12:24:40 PM
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Remove the Adware:
*****************************************************
Please download ComboFix (http://img7.imageshack.us/img7/4930/combofix.gif) from BleepingComputer.com (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

Alternate link: GeeksToGo.com (http://www.geekstogo.com/forum/downloads.html&req=download&code=confirm_download&id=197)

Alternate link: Forospyware.com (http://www.forospyware.com/sUBs/ComboFix.exe)
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Rename ComboFix.exe to commy.exe before you save it to your Desktop

(http://img.photobucket.com/albums/v666/sUBs/Query_RC.gif)
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif)

Title: Re: Connection problems - here to see if I have a virus
Post by: zulubanshee on December 24, 2012, 01:09:19 PM
# AdwCleaner v2.102 - Logfile created 12/24/2012 at 15:08:49
# Updated 23/12/2012 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : doug - DOUG-PC
# Boot Mode : Normal
# Running from : C:\Users\doug\Desktop\zips\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\DAEMON Tools Toolbar
Deleted on reboot : C:\Program Files (x86)\ICQ6Toolbar
Deleted on reboot : C:\ProgramData\ICQ\ICQToolbar
Deleted on reboot : C:\Users\doug\AppData\Local\APN
Deleted on reboot : C:\Users\doug\AppData\Local\Conduit
Deleted on reboot : C:\Users\doug\AppData\LocalLow\AVG Secure Search
Deleted on reboot : C:\Users\doug\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB9}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.12.1707.0

File : C:\Users\doug\AppData\Roaming\Opera\Opera\operaprefs.ini

Deleted : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera

*************************

AdwCleaner[R1].txt - [4212 octets] - [21/12/2012 12:46:31]
AdwCleaner[S1].txt - [3726 octets] - [24/12/2012 15:08:49]

########## EOF - C:\AdwCleaner[S1].txt - [3786 octets] ##########
Title: Re: Connection problems - here to see if I have a virus
Post by: zulubanshee on December 24, 2012, 01:22:29 PM
I don't think the Microsoft Recovery Console was installed. I disabled the antivirus and antispyware, then copy and pasted the line of text into the Run box. I clicked a confirmation message but it was not the ones that are displayed above (I didn't catch what it said). Those popup confirmation messages in your post above were not displayed at all. Furthermore, ComboFix appears to have simply ended without running a scan. I renamed the file to commy.exe as instructed, FTR.
Title: Re: Connection problems - here to see if I have a virus
Post by: zulubanshee on December 24, 2012, 01:25:13 PM
I don't think the Microsoft Recovery Console was installed. I disabled the antivirus and antispyware, then copy and pasted the line of text into the Run box. I clicked a confirmation message but it was not the ones that are displayed above (I didn't catch what it said). Those popup confirmation messages in your post above were not displayed at all. Furthermore, ComboFix appears to have simply ended without running a scan. I renamed the file to commy.exe as instructed, FTR.

Never mind. I ran it again and it seems to be working.
Title: Re: Connection problems - here to see if I have a virus
Post by: zulubanshee on December 24, 2012, 02:35:13 PM
ComboFix 12-12-23.01 - doug 12/24/2012  15:46:45.1.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.7934.5651 [GMT -5:00]
Running from: c:\users\doug\Desktop\commy.exe
Command switches used :: /stepdel
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\doug\AppData\Local\assembly\tmp
c:\users\doug\AppData\Roaming\013d5c525f3c127a61d11aadff2409b6-i686.cache-2
c:\users\doug\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2
c:\users\doug\AppData\Roaming\mIRC\logs\status.log
c:\users\doug\g2mdlhlpx.exe
c:\users\Public\sdelevURL.tmp
c:\windows\iun6002.exe
c:\windows\SysWow64\ccrpTmr6.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2012-11-24 to 2012-12-24  )))))))))))))))))))))))))))))))
.
.
2012-12-24 21:22 . 2012-12-24 21:25   --------   d-----w-   c:\users\doug\AppData\Local\temp
2012-12-24 21:22 . 2012-12-24 21:22   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-12-24 20:34 . 2012-12-24 20:34   --------   d-----w-   C:\commy
2012-12-24 20:10 . 2012-12-24 20:10   76232   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D8076F9-8863-4C9F-94E9-09FED020D356}\offreg.dll
2012-12-24 10:36 . 2012-11-19 06:01   9125352   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D8076F9-8863-4C9F-94E9-09FED020D356}\mpengine.dll
2012-12-23 08:30 . 2012-11-19 06:01   9125352   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-22 08:00 . 2012-12-16 13:31   48128   ----a-w-   c:\windows\system32\atmlib.dll
2012-12-22 08:00 . 2012-12-16 13:12   34304   ----a-w-   c:\windows\SysWow64\atmlib.dll
2012-12-22 08:00 . 2012-12-16 11:08   368128   ----a-w-   c:\windows\system32\atmfd.dll
2012-12-22 08:00 . 2012-12-16 10:50   293376   ----a-w-   c:\windows\SysWow64\atmfd.dll
2012-12-21 17:49 . 2012-09-30 00:54   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-12-21 17:49 . 2012-12-21 17:49   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-19 17:32 . 2012-12-19 17:33   --------   d-----w-   c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-18 01:07 . 2012-12-18 01:07   --------   d-----w-   c:\users\doug\{863fee93-2b95-491c-bc50-eed8f2212d4f}
2012-12-17 23:01 . 2012-10-23 11:04   972264   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71793424-D1EA-44B8-8DC5-0FA70A3EBFBC}\gapaengine.dll
2012-12-17 22:44 . 2012-12-17 22:44   --------   d-----w-   c:\program files (x86)\Microsoft Security Client
2012-12-17 22:44 . 2012-12-17 22:45   --------   d-----w-   c:\program files\Microsoft Security Client
2012-12-17 22:43 . 2010-04-06 08:34   345984   ----a-w-   c:\windows\system32\drivers\netio.sys
2012-12-16 21:32 . 2012-12-16 21:32   --------   d-----w-   c:\users\doug\AppData\Roaming\Malwarebytes
2012-12-16 21:32 . 2012-12-16 21:32   --------   d-----w-   c:\programdata\Malwarebytes
2012-12-13 12:21 . 2012-07-26 04:55   54376   ----a-w-   c:\windows\system32\drivers\WdfLdr.sys
2012-12-13 12:21 . 2012-07-26 02:36   9728   ----a-w-   c:\windows\system32\Wdfres.dll
2012-12-13 12:21 . 2009-07-14 12:19   20480   ----a-w-   c:\windows\system32\winusb.dll
2012-12-13 12:21 . 2012-07-26 03:08   84992   ----a-w-   c:\windows\system32\WUDFSvc.dll
2012-12-13 12:21 . 2012-07-26 03:08   194048   ----a-w-   c:\windows\system32\WUDFPlatform.dll
2012-12-13 12:21 . 2012-07-26 02:26   87040   ----a-w-   c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 12:21 . 2012-07-26 02:26   198656   ----a-w-   c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 12:21 . 2009-07-14 12:12   16896   ----a-w-   c:\windows\SysWow64\winusb.dll
2012-12-13 12:21 . 2012-07-26 04:55   785512   ----a-w-   c:\windows\system32\drivers\Wdf01000.sys
2012-12-13 12:21 . 2012-07-26 04:47   2560   ----a-w-   c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-12-13 12:21 . 2012-07-26 03:08   229888   ----a-w-   c:\windows\system32\WUDFHost.exe
2012-12-13 12:21 . 2012-07-26 03:08   744448   ----a-w-   c:\windows\system32\WUDFx.dll
2012-12-13 12:21 . 2012-07-26 03:08   45056   ----a-w-   c:\windows\system32\WUDFCoinstaller.dll
2012-12-12 14:20 . 2012-09-28 16:34   1210368   ----a-w-   c:\windows\system32\kernel32.dll
2012-12-12 14:20 . 2012-08-21 11:50   267648   ----a-w-   c:\windows\system32\drivers\volsnap.sys
2012-12-12 14:20 . 2012-11-13 01:55   2770432   ----a-w-   c:\windows\system32\win32k.sys
2012-12-12 14:20 . 2012-11-13 01:45   2048   ----a-w-   c:\windows\system32\tzres.dll
2012-12-12 14:20 . 2012-11-13 01:29   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2012-12-12 14:20 . 2012-11-02 10:45   477696   ----a-w-   c:\windows\system32\dpnet.dll
2012-12-12 14:20 . 2012-11-02 10:45   68096   ----a-w-   c:\windows\system32\dpnathlp.dll
2012-12-12 14:20 . 2012-11-02 10:18   376320   ----a-w-   c:\windows\SysWow64\dpnet.dll
2012-12-12 14:20 . 2012-11-02 08:59   26112   ----a-w-   c:\windows\system32\dpnsvr.exe
2012-12-12 14:20 . 2012-11-02 08:26   23040   ----a-w-   c:\windows\SysWow64\dpnsvr.exe
2012-12-05 18:07 . 2012-12-10 15:18   --------   d-----w-   c:\users\doug\AppData\Local\Mozilla Firefox
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 23:25 . 2012-04-13 14:55   697272   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-16 23:25 . 2011-05-22 15:00   73656   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 12:24 . 2006-11-02 12:35   67413224   ----a-w-   c:\windows\system32\mrt.exe
2012-10-28 20:19 . 2012-10-28 20:19   4948   ----a-w-   c:\users\doug\AppData\Local\VWL2C36.tmp
2012-10-25 08:12 . 2012-10-25 08:12   94208   ----a-w-   c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12   69632   ----a-w-   c:\windows\SysWow64\QuickTime.qts
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"Pidgin"="c:\program files (x86)\Pidgin\pidgin.exe" [2010-10-20 48618]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-22 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-07-17 8192]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe" [2008-07-17 200704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 23:25]
.
2012-12-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1499011048-2565338764-885293594-1000Core.job
- c:\users\doug\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25 04:19]
.
2012-12-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1499011048-2565338764-885293594-1000UA.job
- c:\users\doug\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25 04:19]
.
2012-12-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-22 20:29]
.
2012-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2008-12-19 15:58]
.
2012-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2008-12-19 15:58]
.
2012-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1499011048-2565338764-885293594-1000Core.job
- c:\users\doug\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-02 22:13]
.
2012-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1499011048-2565338764-885293594-1000UA.job
- c:\users\doug\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-02 22:13]
.
2012-02-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1499011048-2565338764-885293594-1000.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
2012-02-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1499011048-2565338764-885293594-1000.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 21:58   755224   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 21:58   755224   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 21:58   755224   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 21:58   755224   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1008&m=lx6200-01
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: google.com\mail
TCP: DhcpNameServer = 192.168.2.1
DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} - hxxp://www.ivienterprise.com:8080/qcbin/ALM-Platform-Loader.11.cab
FF - ProfilePath - c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-13 20:24; {dc572301-7619-498c-a57d-39143191b318}; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF - ExtSQL: 2012-12-13 20:33; {64161300-e22b-11db-8314-0800200c9a66}; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF - ExtSQL: 2012-12-13 20:46; {6AC85730-7D0F-4de0-B3FA-21142DD85326}; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - ExtSQL: 2012-12-13 20:51; {c45c406e-ab73-11d8-be73-000a95be3b12}; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF - ExtSQL: 2012-12-13 20:55; [email protected]; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\fi[email protected]
FF - ExtSQL: 2012-12-13 21:00; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2012-12-13 21:16; [email protected]; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
FF - ExtSQL: 2012-12-13 21:29; [email protected]; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
FF - ExtSQL: 2012-12-13 21:57; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-12-13 22:49; {af79f858-4b25-4ca4-822b-b5db1be628fc}; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi
FF - ExtSQL: 2012-12-14 14:48; [email protected]; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
FF - ExtSQL: 2012-12-14 14:55; [email protected]; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
FF - ExtSQL: 2012-12-14 19:45; [email protected]; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-fsm - (no file)
Wow6432Node-HKLM-Run-eRecoveryService - (no file)
Wow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
AddRemove-BlueVoda_Website_Builder_1.0 - c:\windows\iun6002.exe
AddRemove-DivX Setup.divx.com - c:\programdata\DivX\Setup\DivXSetup.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-12-24  16:48:37
ComboFix-quarantined-files.txt  2012-12-24 21:48
.
Pre-Run: 384,761,016,320 bytes free
Post-Run: 382,622,347,264 bytes free
.
- - End Of File - - 3C8E4D75C0E069131ACA0C2D5F5DB29E
Title: Re: Connection problems - here to see if I have a virus
Post by: SuperDave on December 24, 2012, 03:38:54 PM
Please download Rooter (http://eric71.geekstogo.com/tools/Rooter.exe) and Save it to your desktop.
******************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
Title: Re: Connection problems - here to see if I have a virus
Post by: zulubanshee on December 24, 2012, 04:40:20 PM
There you are sir. Thanks for your assistance by the way
 Results of screen317's Security Check version 0.99.56 
 Windows Vista Service Pack 2 x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
Microsoft Security Essentials   
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Malwarebytes Anti-Malware version 1.65.1.1000 
 Java(TM) 6 Update 37 
 Java(TM) 6 Update 5 
 Java(TM) 6 Update 7 
 Java version out of Date!
 Adobe Flash Player    11.5.502.135 
 Adobe Reader 10.1.4 Adobe Reader out of Date! 
 Mozilla Firefox (17.0.1)
 Mozilla Thunderbird 16.0.2 Thunderbird out of Date! 
 Google Chrome 23.0.1271.97 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 doug Desktop virus SecurityCheck.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 16 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````[/u]
Title: Re: Connection problems - here to see if I have a virus
Post by: SuperDave on December 24, 2012, 05:59:45 PM
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version (http://www.java.com/en/download/installed.jsp)

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
***********************************************
Update your Adobe Reader. get.adobe.com/reader (http://get.adobe.com/reader/).

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

***********************************************
Quote
Total Fragmentation on Drive C: 16 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
Please run a defrag on your C drive soon. SSD means Solid State Drive.
Title: Re: Connection problems - here to see if I have a virus
Post by: zulubanshee on December 24, 2012, 06:31:33 PM
OK I did all that. I am a little confused about the Adobe update because I have the latest version. I will run a defrag tonight and over the holiday.

Is there anything else I need to do, or just test the connection?
Title: Re: Connection problems - here to see if I have a virus
Post by: zulubanshee on December 24, 2012, 07:36:10 PM
Everything seems to be working so far. I'll give it another day or two. In the meantime, is there somewhere to donate to the site?
Title: Re: Connection problems - here to see if I have a virus
Post by: zulubanshee on December 25, 2012, 07:37:10 AM
I spoke too soon. Still having some problems. Will continue monitoring.
Title: Re: Connection problems - here to see if I have a virus
Post by: SuperDave on December 25, 2012, 12:59:58 PM
Ok. In the meantime, please run this scanner.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
 ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
Title: Re: Connection problems - here to see if I have a virus
Post by: zulubanshee on December 27, 2012, 07:47:26 AM
C:\Users\doug\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4a40e101-6c035a11   multiple threats   deleted - quarantined
C:\Users\doug\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\6b684e5c-7fecd778   a variant of Java/Exploit.Agent.NEA trojan   deleted - quarantined
C:\Users\doug\Desktop\WP stuff\free wordpress themes\Stripey.zip   PHP/Kryptik.AB trojan   deleted - quarantined
C:\Users\doug\Desktop\WP stuff\free wordpress themes\WPFinalFantasy.zip   PHP/Kryptik.AB trojan   deleted - quarantined
Title: Re: Connection problems - here to see if I have a virus
Post by: zulubanshee on December 27, 2012, 09:30:41 AM
Regret to say still having the problem, but it is much reduced, at least 50%
Title: Re: Connection problems - here to see if I have a virus
Post by: SuperDave on December 27, 2012, 11:48:45 AM
Please download MiniToolBox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe) to Desktop and run it.

(http://i424.photobucket.com/albums/pp322/digistar/MiniToolBox.png)

Checkmark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • Lst Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size
  • [/b]
Click Go and copy/paste the log (Result.txt) into your next post.
Title: Re: Connection problems - here to see if I have a virus
Post by: zulubanshee on December 27, 2012, 03:31:49 PM
adMiniToolBox by Farbar  Version: 25-11-2012
Ran by doug (administrator) on 27-12-2012 at 17:46:22
Running from "C:\Users\doug\Desktop\virus"
Windows Vista (TM) Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Connected)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Connected)
VirtualBox Host-Only Ethernet Adapter = Local Area Connection 2 (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : doug-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 08-00-27-00-18-C1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::fdf2:9873:44e2:79ea%26(Preferred)
   Autoconfiguration IPv4 Address. . : 169.254.121.234(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 436731943
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-88-94-B4-00-22-68-07-91-85
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : 00-22-68-07-91-85
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::25c0:5299:b507:443b%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, December 27, 2012 12:14:16 PM
   Lease Expires . . . . . . . . . . : Sunday, December 30, 2012 12:14:14 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 234889832
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-88-94-B4-00-22-68-07-91-85
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet1:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
   Physical Address. . . . . . . . . : 00-50-56-C0-00-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::a5f2:6378:7c63:a62d%12(Preferred)
   Autoconfiguration IPv4 Address. . : 169.254.166.45(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 302010454
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-88-94-B4-00-22-68-07-91-85
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet8:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
   Physical Address. . . . . . . . . : 00-50-56-C0-00-08
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::bc0f:f6fe:c759:ec47%13(Preferred)
   Autoconfiguration IPv4 Address. . : 169.254.236.71(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 335564886
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-88-94-B4-00-22-68-07-91-85
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{E0C456C5-FCC5-4E05-909B-EDC3DD13C4EE}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{B2205165-AD37-42F1-8540-3AD3042F4084}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{6059A36E-DB33-4713-9C8C-27A50B8D6123}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{69DE6067-93A0-4FFF-AD69-C6EE7006F35F}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.2.1

Name:    google.com
Addresses:  2607:f8b0:4008:802::1002
     74.125.229.232
     74.125.229.233
     74.125.229.238
     74.125.229.224
     74.125.229.225
     74.125.229.226
     74.125.229.227
     74.125.229.228
     74.125.229.229
     74.125.229.230
     74.125.229.231



Pinging google.com [74.125.229.238] with 32 bytes of data:

Reply from 74.125.229.238: bytes=32 time=11ms TTL=55

Reply from 74.125.229.238: bytes=32 time=12ms TTL=55



Ping statistics for 74.125.229.238:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 11ms, Maximum = 12ms, Average = 11ms

Server:  UnKnown
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  98.138.253.109
     98.139.183.24
     72.30.38.140



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=784ms TTL=48

Reply from 98.139.183.24: bytes=32 time=779ms TTL=48



Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 779ms, Maximum = 784ms, Average = 781ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
 26 ...08 00 27 00 18 c1 ...... VirtualBox Host-Only Ethernet Adapter
 10 ...00 22 68 07 91 85 ...... Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller
 12 ...00 50 56 c0 00 01 ...... VMware Virtual Ethernet Adapter for VMnet1
 13 ...00 50 56 c0 00 08 ...... VMware Virtual Ethernet Adapter for VMnet8
  1 ........................... Software Loopback Interface 1
 11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 27 ...00 00 00 00 00 00 00 e0  isatap.{E0C456C5-FCC5-4E05-909B-EDC3DD13C4EE}
 15 ...00 00 00 00 00 00 00 e0  Microsoft 6to4 Adapter #2
 16 ...00 00 00 00 00 00 00 e0  isatap.{B2205165-AD37-42F1-8540-3AD3042F4084}
 17 ...00 00 00 00 00 00 00 e0  isatap.{6059A36E-DB33-4713-9C8C-27A50B8D6123}
 28 ...00 00 00 00 00 00 00 e0  isatap.{69DE6067-93A0-4FFF-AD69-C6EE7006F35F}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.2     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link    169.254.236.71    276
      169.254.0.0      255.255.0.0         On-link    169.254.166.45    276
      169.254.0.0      255.255.0.0         On-link   169.254.121.234    276
  169.254.121.234  255.255.255.255         On-link   169.254.121.234    276
   169.254.166.45  255.255.255.255         On-link    169.254.166.45    276
   169.254.236.71  255.255.255.255         On-link    169.254.236.71    276
  169.254.255.255  255.255.255.255         On-link    169.254.236.71    276
  169.254.255.255  255.255.255.255         On-link    169.254.166.45    276
  169.254.255.255  255.255.255.255         On-link   169.254.121.234    276
      192.168.2.0    255.255.255.0         On-link       192.168.2.2    276
      192.168.2.2  255.255.255.255         On-link       192.168.2.2    276
    192.168.2.255  255.255.255.255         On-link       192.168.2.2    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    169.254.166.45    276
        224.0.0.0        240.0.0.0         On-link    169.254.236.71    276
        224.0.0.0        240.0.0.0         On-link   169.254.121.234    276
        224.0.0.0        240.0.0.0         On-link       192.168.2.2    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    169.254.166.45    276
  255.255.255.255  255.255.255.255         On-link    169.254.236.71    276
  255.255.255.255  255.255.255.255         On-link   169.254.121.234    276
  255.255.255.255  255.255.255.255         On-link       192.168.2.2    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 12    276 fe80::/64                On-link
 13    276 fe80::/64                On-link
 26    276 fe80::/64                On-link
 10    276 fe80::/64                On-link
 10    276 fe80::25c0:5299:b507:443b/128
                                    On-link
 12    276 fe80::a5f2:6378:7c63:a62d/128
                                    On-link
 13    276 fe80::bc0f:f6fe:c759:ec47/128
                                    On-link
 26    276 fe80::fdf2:9873:44e2:79ea/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    276 ff00::/8                 On-link
 13    276 ff00::/8                 On-link
 26    276 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/27/2012 00:03:51 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=23.0.1271.97;lang=;id=;is_machine=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\b1ae483f-1876-45fb-9c1f-a10fe92f4d1a.dmp

Error: (12/27/2012 10:08:41 AM) (Source: Perflib) (User: )
Description: PolicyAgent4

Error: (12/27/2012 10:08:41 AM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (12/27/2012 10:08:40 AM) (Source: Perflib) (User: )
Description: EmdCache4

Error: (12/26/2012 07:45:13 PM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe -k netsvcs; Descripton = Windows Update; Hr = 0x81000101).

Error: (12/26/2012 07:42:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (12/26/2012 07:42:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (12/26/2012 07:42:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (12/26/2012 07:42:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

Error: (12/26/2012 07:41:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.


System errors:
=============
Error: (12/27/2012 00:14:15 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 002268079185 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Error: (12/24/2012 08:57:07 PM) (Source: Service Control Manager) (User: )
Description: Windows Modules Installer%%1053

Error: (12/24/2012 08:57:07 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Modules Installer

Error: (12/24/2012 08:57:07 PM) (Source: DCOM) (User: )
Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (12/24/2012 08:51:12 PM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (12/24/2012 08:51:12 PM) (Source: Service Control Manager) (User: )
Description: LogMeIn Kernel Information Provider%%3

Error: (12/24/2012 08:51:12 PM) (Source: Service Control Manager) (User: )
Description: int15%%31

Error: (12/24/2012 08:51:12 PM) (Source: Service Control Manager) (User: )
Description: Intel(R) PRO/1000 NDIS 6 Adapter Driver%%1058

Error: (12/24/2012 08:48:12 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (12/24/2012 04:23:41 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart


Microsoft Office Sessions:
=========================
Error: (02/17/2011 08:26:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7680 seconds with 720 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2012-12-18 17:27:07.621
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-18 17:27:06.190
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-18 17:26:58.125
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-18 17:26:56.799
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-18 17:26:29.499
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-18 17:26:28.220
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-18 10:25:18.018
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-18 10:25:16.457
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-18 10:19:41.643
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-18 10:19:40.052
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


========================= Memory info: ===================================

Percentage of memory in use: 80%
Total physical RAM: 7934.27 MB
Available physical RAM: 1582.62 MB
Total Pagefile: 16081.03 MB
Available Pagefile: 10192.64 MB
Total Virtual: 4095.88 MB
Available Virtual: 3993.61 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:688.87 GB) (Free:363.09 GB) NTFS
2 Drive d: () (Fixed) (Total:111.78 GB) (Free:22.59 GB) NTFS
10 Drive l: (Old C Drive) (Fixed) (Total:232.88 GB) (Free:165.37 GB) NTFS

========================= Users: ========================================

User accounts for \\DOUG-PC

__vmware_user__          Administrator            doug                     
Guest                    ZendUser                 


**** End of log ****
Title: Re: Connection problems - here to see if I have a virus
Post by: SuperDave on December 27, 2012, 04:26:01 PM
The connection looks ok.

Note:It will also create a log in the C:\ directory..
Title: Re: Connection problems - here to see if I have a virus
Post by: zulubanshee on December 27, 2012, 05:15:41 PM
19:29:55.0462 5172  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:29:56.0491 5172  ============================================================
19:29:56.0491 5172  Current date / time: 2012/12/27 19:29:56.0491
19:29:56.0491 5172  SystemInfo:
19:29:56.0491 5172 
19:29:56.0491 5172  OS Version: 6.0.6002 ServicePack: 2.0
19:29:56.0491 5172  Product type: Workstation
19:29:56.0491 5172  ComputerName: DOUG-PC
19:29:56.0492 5172  UserName: doug
19:29:56.0492 5172  Windows directory: C:\Windows
19:29:56.0492 5172  System windows directory: C:\Windows
19:29:56.0492 5172  Running under WOW64
19:29:56.0492 5172  Processor architecture: Intel x64
19:29:56.0492 5172  Number of processors: 4
19:29:56.0492 5172  Page size: 0x1000
19:29:56.0492 5172  Boot type: Normal boot
19:29:56.0492 5172  ============================================================
19:29:58.0703 5172  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:30:03.0797 5172  Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:30:07.0937 5172  Drive \Device\Harddisk2\DR2 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:30:08.0101 5172  ============================================================
19:30:08.0101 5172  \Device\Harddisk0\DR0:
19:30:08.0101 5172  MBR partitions:
19:30:08.0101 5172  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1389000, BlocksNum 0x561BC800
19:30:08.0101 5172  \Device\Harddisk1\DR1:
19:30:08.0103 5172  MBR partitions:
19:30:08.0103 5172  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
19:30:08.0103 5172  \Device\Harddisk2\DR2:
19:30:08.0103 5172  MBR partitions:
19:30:08.0103 5172  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1
19:30:08.0103 5172  ============================================================
19:30:08.0104 5172  C: <-> \Device\Harddisk0\DR0\Partition1
19:30:08.0167 5172  D: <-> \Device\Harddisk2\DR2\Partition1
19:30:08.0221 5172  L: <-> \Device\Harddisk1\DR1\Partition1
19:30:08.0221 5172  ============================================================
19:30:08.0221 5172  Initialize success
19:30:08.0221 5172  ============================================================
19:30:22.0169 0736  ============================================================
19:30:22.0169 0736  Scan started
19:30:22.0169 0736  Mode: Manual;
19:30:22.0169 0736  ============================================================
19:30:22.0543 0736  ================ Scan system memory ========================
19:30:22.0543 0736  System memory - ok
19:30:22.0544 0736  ================ Scan services =============================
19:30:22.0734 0736  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
19:30:22.0740 0736  ACPI - ok
19:30:22.0797 0736  [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs            C:\Windows\system32\drivers\adfs.sys
19:30:22.0799 0736  adfs - ok
19:30:22.0935 0736  [ 3FD8DC2C9735C2AA70155102CFB93EDA ] AdobeActiveFileMonitor7.0 C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
19:30:22.0939 0736  AdobeActiveFileMonitor7.0 - ok
19:30:23.0077 0736  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:30:23.0079 0736  AdobeARMservice - ok
19:30:23.0229 0736  [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:30:23.0234 0736  AdobeFlashPlayerUpdateSvc - ok
19:30:23.0279 0736  [ F14215E37CF124104575073F782111D2 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:30:23.0288 0736  adp94xx - ok
19:30:23.0310 0736  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:30:23.0317 0736  adpahci - ok
19:30:23.0326 0736  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
19:30:23.0329 0736  adpu160m - ok
19:30:23.0344 0736  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:30:23.0348 0736  adpu320 - ok
19:30:23.0405 0736  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:30:23.0406 0736  AeLookupSvc - ok
19:30:23.0471 0736  [ C4F6CE6087760AD70960C9EB130E7943 ] AFD             C:\Windows\system32\drivers\afd.sys
19:30:23.0478 0736  AFD - ok
19:30:23.0525 0736  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:30:23.0527 0736  agp440 - ok
19:30:23.0577 0736  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
19:30:23.0580 0736  aic78xx - ok
19:30:23.0609 0736  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
19:30:23.0612 0736  ALG - ok
19:30:23.0645 0736  [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:30:23.0646 0736  aliide - ok
19:30:23.0702 0736  [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:30:23.0707 0736  AMD External Events Utility - ok
19:30:23.0868 0736  AMD FUEL Service - ok
19:30:23.0896 0736  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
19:30:23.0898 0736  amdide - ok
19:30:23.0948 0736  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
19:30:23.0950 0736  amdiox64 - ok
19:30:23.0960 0736  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:30:23.0963 0736  AmdK8 - ok
19:30:24.0183 0736  [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:30:24.0321 0736  amdkmdag - ok
19:30:24.0347 0736  [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:30:24.0353 0736  amdkmdap - ok
19:30:24.0398 0736  [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:30:24.0400 0736  AODDriver4.1 - ok
19:30:24.0446 0736  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
19:30:24.0448 0736  Appinfo - ok
19:30:24.0525 0736  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:30:24.0527 0736  Apple Mobile Device - ok
19:30:24.0572 0736  [ BA8417D4765F3988FF921F30F630E303 ] arc             C:\Windows\system32\drivers\arc.sys
19:30:24.0574 0736  arc - ok
19:30:24.0602 0736  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:30:24.0604 0736  arcsas - ok
19:30:24.0655 0736  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:30:24.0656 0736  AsyncMac - ok
19:30:24.0692 0736  [ E68D9B3A3905619732F7FE039466A623 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:30:24.0693 0736  atapi - ok
19:30:24.0834 0736  [ 60216B0E704584DE6D5A9F59E9C34C47 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:30:24.0909 0736  atikmdag - ok
19:30:24.0966 0736  [ DB0D3DE15EDC96E7529FC0D3F7760894 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
19:30:24.0967 0736  AtiPcie - ok
19:30:25.0018 0736  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:30:25.0026 0736  AudioEndpointBuilder - ok
19:30:25.0037 0736  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:30:25.0042 0736  AudioSrv - ok
19:30:25.0106 0736  [ 5E76DEBBA4311AC1C44DE83D59A9584E ] AVer88xHD       C:\Windows\system32\drivers\AVer88xHD64.sys
19:30:25.0114 0736  AVer88xHD - ok
19:30:25.0243 0736  [ 2ED050291BC1D7F9E322E328DB3AAECF ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:30:25.0247 0736  BBSvc - ok
19:30:25.0299 0736  [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:30:25.0304 0736  BBUpdate - ok
19:30:25.0328 0736  Beep - ok
19:30:25.0387 0736  [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE             C:\Windows\System32\bfe.dll
19:30:25.0394 0736  BFE - ok
19:30:25.0447 0736  [ 6D316F4859634071CC25C4FD4589AD2C ] BITS            C:\Windows\system32\qmgr.dll
19:30:25.0466 0736  BITS - ok
19:30:25.0495 0736  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
19:30:25.0497 0736  blbdrive - ok
19:30:25.0549 0736  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:30:25.0558 0736  Bonjour Service - ok
19:30:25.0602 0736  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:30:25.0605 0736  bowser - ok
19:30:25.0664 0736  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
19:30:25.0665 0736  BrFiltLo - ok
19:30:25.0712 0736  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
19:30:25.0714 0736  BrFiltUp - ok
19:30:25.0927 0736  [ A61D617F37456D9D32F98BF70EB5D414 ] BrlAPI          C:\cygwin\bin\cygrunsrv.exe
19:30:26.0057 0736  BrlAPI - ok
19:30:26.0097 0736  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
19:30:26.0099 0736  Browser - ok
19:30:26.0144 0736  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
19:30:26.0147 0736  Brserid - ok
19:30:26.0156 0736  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
19:30:26.0159 0736  BrSerWdm - ok
19:30:26.0176 0736  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
19:30:26.0178 0736  BrUsbMdm - ok
19:30:26.0197 0736  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
19:30:26.0199 0736  BrUsbSer - ok
19:30:26.0209 0736  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:30:26.0211 0736  BTHMODEM - ok
19:30:26.0273 0736  [ 551BE1536B27DC056EA4D48275EFB089 ] CAXHWBS2        C:\Windows\system32\DRIVERS\CAXHWBS2.sys
19:30:26.0280 0736  CAXHWBS2 - ok
19:30:26.0299 0736  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:30:26.0301 0736  cdfs - ok
19:30:26.0329 0736  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:30:26.0331 0736  cdrom - ok
19:30:26.0364 0736  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:30:26.0366 0736  CertPropSvc - ok
19:30:26.0397 0736  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:30:26.0399 0736  circlass - ok
19:30:26.0446 0736  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
19:30:26.0454 0736  CLFS - ok
19:30:26.0555 0736  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:30:26.0558 0736  clr_optimization_v2.0.50727_32 - ok
19:30:26.0649 0736  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:30:26.0651 0736  clr_optimization_v2.0.50727_64 - ok
19:30:26.0762 0736  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:30:26.0765 0736  clr_optimization_v4.0.30319_32 - ok
19:30:26.0841 0736  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:30:26.0845 0736  clr_optimization_v4.0.30319_64 - ok
19:30:26.0885 0736  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:30:26.0887 0736  cmdide - ok
19:30:26.0904 0736  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:30:26.0906 0736  Compbatt - ok
19:30:26.0916 0736  COMSysApp - ok
19:30:26.0970 0736  [ C08063F052308B6F5882482615387F30 ] cpuz135         C:\Windows\system32\drivers\cpuz135_x64.sys
19:30:26.0972 0736  cpuz135 - ok
19:30:26.0993 0736  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:30:26.0996 0736  crcdisk - ok
19:30:27.0038 0736  [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:30:27.0042 0736  CryptSvc - ok
19:30:27.0185 0736  [ A61D617F37456D9D32F98BF70EB5D414 ] cygserver       C:\cygwin\bin\cygrunsrv.exe
19:30:27.0187 0736  cygserver - ok
19:30:27.0272 0736  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:30:27.0295 0736  DcomLaunch - ok
19:30:27.0334 0736  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:30:27.0337 0736  DfsC - ok
19:30:27.0596 0736  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
19:30:27.0647 0736  DFSR - ok
19:30:27.0710 0736  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
19:30:27.0713 0736  Dhcp - ok
19:30:27.0764 0736  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
19:30:27.0766 0736  disk - ok
19:30:27.0853 0736  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:30:27.0856 0736  Dnscache - ok
19:30:27.0913 0736  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:30:27.0918 0736  dot3svc - ok
19:30:27.0961 0736  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
19:30:27.0965 0736  DPS - ok
19:30:28.0031 0736  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:30:28.0032 0736  drmkaud - ok
19:30:28.0106 0736  [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:30:28.0119 0736  DXGKrnl - ok
19:30:28.0151 0736  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
19:30:28.0155 0736  E1G60 - ok
19:30:28.0174 0736  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
19:30:28.0176 0736  EapHost - ok
19:30:28.0234 0736  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
19:30:28.0238 0736  Ecache - ok
19:30:28.0384 0736  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:30:28.0397 0736  ehRecvr - ok
19:30:28.0421 0736  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched         C:\Windows\ehome\ehsched.exe
19:30:28.0424 0736  ehSched - ok
19:30:28.0463 0736  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart         C:\Windows\ehome\ehstart.dll
19:30:28.0465 0736  ehstart - ok
19:30:28.0501 0736  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:30:28.0508 0736  elxstor - ok
19:30:28.0620 0736  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
19:30:28.0628 0736  EMDMgmt - ok
19:30:28.0679 0736  [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:30:28.0681 0736  ErrDev - ok
19:30:28.0808 0736  [ 4D06D9A26227AC485305133916888DF1 ] ETService       C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
19:30:28.0809 0736  ETService - ok
19:30:28.0951 0736  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem     C:\Windows\system32\es.dll
19:30:28.0987 0736  EventSystem - ok
19:30:29.0012 0736  [ 486844F47B6636044A42454614ED4523 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:30:29.0016 0736  exfat - ok
19:30:29.0064 0736  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:30:29.0085 0736  fastfat - ok
19:30:29.0132 0736  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:30:29.0133 0736  fdc - ok
19:30:29.0171 0736  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
19:30:29.0173 0736  fdPHost - ok
19:30:29.0187 0736  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
19:30:29.0190 0736  FDResPub - ok
19:30:29.0206 0736  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:30:29.0208 0736  FileInfo - ok
19:30:29.0216 0736  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:30:29.0218 0736  Filetrace - ok
19:30:29.0391 0736  [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:30:29.0402 0736  FLEXnet Licensing Service - ok
19:30:29.0429 0736  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:30:29.0430 0736  flpydisk - ok
19:30:29.0488 0736  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:30:29.0494 0736  FltMgr - ok
19:30:29.0578 0736  [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache       C:\Windows\system32\FntCache.dll
19:30:29.0596 0736  FontCache - ok
19:30:29.0693 0736  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:30:29.0695 0736  FontCache3.0.0.0 - ok
19:30:29.0732 0736  [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:30:29.0734 0736  Fs_Rec - ok
19:30:29.0768 0736  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:30:29.0771 0736  gagp30kx - ok
19:30:29.0843 0736  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:30:29.0845 0736  GEARAspiWDM - ok
19:30:29.0892 0736  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:30:29.0904 0736  gpsvc - ok
19:30:29.0994 0736  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9619c54e0d3d C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:30:29.0996 0736  gupdate1c9619c54e0d3d - ok
19:30:30.0005 0736  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:30:30.0007 0736  gupdatem - ok
19:30:30.0049 0736  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:30:30.0052 0736  gusvc - ok
19:30:30.0100 0736  [ 8895D459BF7A26445ACD8512CBAE1679 ] hcmon           C:\Windows\system32\drivers\hcmon.sys
19:30:30.0102 0736  hcmon - ok
19:30:30.0180 0736  [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:30:30.0186 0736  HdAudAddService - ok
19:30:30.0263 0736  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:30:30.0279 0736  HDAudBus - ok
19:30:30.0315 0736  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:30:30.0340 0736  HidBth - ok
19:30:30.0361 0736  [ 5F47839455D01FF6403B008D481A6F5B ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:30:30.0364 0736  HidIr - ok
19:30:30.0424 0736  [ 59361D38A297755D46A540E450202B2A ] hidserv         C:\Windows\System32\hidserv.dll
19:30:30.0426 0736  hidserv - ok
19:30:30.0467 0736  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:30:30.0468 0736  HidUsb - ok
19:30:30.0494 0736  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:30:30.0497 0736  hkmsvc - ok
19:30:30.0536 0736  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
19:30:30.0538 0736  HpCISSs - ok
19:30:30.0613 0736  [ 9C369CBC5F19DA9968223197B5205F68 ] HSF_DPV         C:\Windows\system32\DRIVERS\CAX_DPV.sys
19:30:30.0636 0736  HSF_DPV - ok
19:30:30.0684 0736  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:30:30.0694 0736  HTTP - ok
19:30:30.0705 0736  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
19:30:30.0707 0736  i2omp - ok
19:30:30.0745 0736  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:30:30.0747 0736  i8042prt - ok
19:30:30.0779 0736  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
19:30:30.0785 0736  iaStorV - ok
19:30:30.0961 0736  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:30:30.0975 0736  idsvc - ok
19:30:30.0984 0736  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:30:30.0987 0736  iirsp - ok
19:30:31.0043 0736  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
19:30:31.0052 0736  IKEEXT - ok
19:30:31.0132 0736  [ 8C7FA71CB1EBCD3EDE8958D27B1BF0B4 ] int15           C:\Windows\SysWOW64\drivers\int15_64.sys
19:30:31.0134 0736  int15 - ok
19:30:31.0142 0736  IntcAzAudAddService - ok
19:30:31.0152 0736  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
19:30:31.0154 0736  intelide - ok
19:30:31.0162 0736  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:30:31.0164 0736  intelppm - ok
19:30:31.0190 0736  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:30:31.0209 0736  IPBusEnum - ok
19:30:31.0258 0736  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:30:31.0284 0736  IpFilterDriver - ok
19:30:31.0334 0736  [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:30:31.0339 0736  iphlpsvc - ok
19:30:31.0347 0736  IpInIp - ok
19:30:31.0403 0736  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
19:30:31.0405 0736  IPMIDRV - ok
19:30:31.0419 0736  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
19:30:31.0421 0736  IPNAT - ok
19:30:31.0590 0736  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:30:31.0601 0736  iPod Service - ok
19:30:31.0609 0736  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:30:31.0610 0736  IRENUM - ok
19:30:31.0633 0736  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:30:31.0635 0736  isapnp - ok
19:30:31.0712 0736  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
19:30:31.0716 0736  iScsiPrt - ok
19:30:31.0725 0736  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
19:30:31.0727 0736  iteatapi - ok
19:30:31.0735 0736  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
19:30:31.0737 0736  iteraid - ok
19:30:31.0761 0736  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:30:31.0763 0736  kbdclass - ok
19:30:31.0803 0736  [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:30:31.0805 0736  kbdhid - ok
19:30:31.0844 0736  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso          C:\Windows\system32\lsass.exe
19:30:31.0846 0736  KeyIso - ok
19:30:31.0922 0736  [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:30:31.0939 0736  KSecDD - ok
19:30:32.0026 0736  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:30:32.0027 0736  ksthunk - ok
19:30:32.0085 0736  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:30:32.0093 0736  KtmRm - ok
19:30:32.0138 0736  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\System32\srvsvc.dll
19:30:32.0143 0736  LanmanServer - ok
19:30:32.0172 0736  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:30:32.0178 0736  LanmanWorkstation - ok
19:30:32.0228 0736  [ 3C46290F7A5D45BA6EF32C248E22AA69 ] Lbd             C:\Windows\system32\DRIVERS\Lbd.sys
19:30:32.0230 0736  Lbd - ok
19:30:32.0252 0736  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:30:32.0254 0736  lltdio - ok
19:30:32.0277 0736  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:30:32.0283 0736  lltdsvc - ok
19:30:32.0297 0736  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:30:32.0299 0736  lmhosts - ok
19:30:32.0305 0736  LMIInfo - ok
19:30:32.0357 0736  [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys
19:30:32.0359 0736  lmimirr - ok
19:30:32.0382 0736  LMIRfsClientNP - ok
19:30:32.0406 0736  [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
19:30:32.0409 0736  LMIRfsDriver - ok
19:30:32.0449 0736  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:30:32.0453 0736  LSI_FC - ok
19:30:32.0466 0736  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:30:32.0469 0736  LSI_SAS - ok
19:30:32.0478 0736  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:30:32.0482 0736  LSI_SCSI - ok
19:30:32.0515 0736  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:30:32.0517 0736  luafv - ok
19:30:32.0678 0736  [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
19:30:32.0772 0736  LVUVC64 - ok
19:30:32.0859 0736  [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
19:30:32.0860 0736  MBAMProtector - ok
19:30:32.0900 0736  [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:30:32.0907 0736  MBAMScheduler - ok
19:30:32.0944 0736  [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:30:32.0956 0736  MBAMService - ok
19:30:33.0016 0736  [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus          C:\Windows\system32\DRIVERS\mcdbus.sys
19:30:33.0070 0736  mcdbus - ok
19:30:33.0113 0736  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:30:33.0116 0736  Mcx2Svc - ok
19:30:33.0141 0736  [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:30:33.0143 0736  mdmxsdk - ok
19:30:33.0167 0736  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas         C:\Windows\system32\drivers\megasas.sys
19:30:33.0169 0736  megasas - ok
19:30:33.0206 0736  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
19:30:33.0214 0736  MegaSR - ok
19:30:33.0295 0736  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
19:30:33.0298 0736  Microsoft Office Groove Audit Service - ok
19:30:33.0315 0736  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
19:30:33.0317 0736  MMCSS - ok
19:30:33.0332 0736  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
19:30:33.0334 0736  Modem - ok
19:30:33.0364 0736  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:30:33.0365 0736  monitor - ok
19:30:33.0381 0736  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:30:33.0384 0736  mouclass - ok
19:30:33.0399 0736  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:30:33.0400 0736  mouhid - ok
19:30:33.0415 0736  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
19:30:33.0418 0736  MountMgr - ok
19:30:33.0462 0736  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:30:33.0465 0736  MozillaMaintenance - ok
19:30:33.0528 0736  [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
19:30:33.0532 0736  MpFilter - ok
19:30:33.0563 0736  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:30:33.0567 0736  mpio - ok
19:30:33.0594 0736  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:30:33.0597 0736  mpsdrv - ok
19:30:33.0643 0736  [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:30:33.0653 0736  MpsSvc - ok
19:30:33.0663 0736  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
19:30:33.0666 0736  Mraid35x - ok
19:30:33.0699 0736  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:30:33.0702 0736  MRxDAV - ok
19:30:33.0757 0736  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:30:33.0760 0736  mrxsmb - ok
19:30:33.0813 0736  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:30:33.0818 0736  mrxsmb10 - ok
19:30:33.0874 0736  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:30:33.0876 0736  mrxsmb20 - ok
19:30:33.0897 0736  [ 1AC860612B85D8E85EE257D372E39F4D ] msahci          C:\Windows\system32\drivers\msahci.sys
19:30:33.0899 0736  msahci - ok
19:30:33.0907 0736  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:30:33.0910 0736  msdsm - ok
19:30:33.0939 0736  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
19:30:33.0943 0736  MSDTC - ok
19:30:33.0964 0736  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:30:33.0965 0736  Msfs - ok
19:30:34.0001 0736  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:30:34.0002 0736  msisadrv - ok
19:30:34.0024 0736  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:30:34.0028 0736  MSiSCSI - ok
19:30:34.0035 0736  msiserver - ok
19:30:34.0075 0736  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:30:34.0076 0736  MSKSSRV - ok
19:30:34.0126 0736  [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:30:34.0128 0736  MsMpSvc - ok
19:30:34.0147 0736  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:30:34.0149 0736  MSPCLOCK - ok
19:30:34.0160 0736  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:30:34.0162 0736  MSPQM - ok
19:30:34.0194 0736  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:30:34.0201 0736  MsRPC - ok
19:30:34.0238 0736  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:30:34.0239 0736  mssmbios - ok
19:30:34.0329 0736  MSSQL$SQLEXPRESS - ok
19:30:34.0447 0736  [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
19:30:34.0449 0736  MSSQLServerADHelper100 - ok
19:30:34.0467 0736  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:30:34.0470 0736  MSTEE - ok
19:30:34.0741 0736  [ CB4A082AF58D1A0969F931816D5CFB05 ] msvsmon90       C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
19:30:34.0815 0736  msvsmon90 - ok
19:30:34.0862 0736  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:30:34.0865 0736  Mup - ok
19:30:34.0923 0736  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
19:30:34.0931 0736  napagent - ok
19:30:34.0982 0736  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:30:34.0986 0736  NativeWifiP - ok
19:30:35.0055 0736  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:30:35.0067 0736  NDIS - ok
19:30:35.0107 0736  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:30:35.0108 0736  NdisTapi - ok
19:30:35.0120 0736  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:30:35.0121 0736  Ndisuio - ok
19:30:35.0171 0736  [ F8158771905260982CE724076419EF19 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:30:35.0175 0736  NdisWan - ok
19:30:35.0210 0736  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:30:35.0212 0736  NDProxy - ok
19:30:35.0230 0736  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:30:35.0232 0736  NetBIOS - ok
19:30:35.0269 0736  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
19:30:35.0274 0736  netbt - ok
19:30:35.0302 0736  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon        C:\Windows\system32\lsass.exe
19:30:35.0303 0736  Netlogon - ok
19:30:35.0342 0736  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
19:30:35.0349 0736  Netman - ok
19:30:35.0365 0736  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
19:30:35.0372 0736  netprofm - ok
19:30:35.0403 0736  [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:30:35.0405 0736  NetTcpPortSharing - ok
19:30:35.0423 0736  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:30:35.0426 0736  nfrd960 - ok
19:30:35.0479 0736  [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:30:35.0482 0736  NisDrv - ok
19:30:35.0539 0736  [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
19:30:35.0546 0736  NisSrv - ok
19:30:35.0569 0736  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:30:35.0574 0736  NlaSvc - ok
19:30:35.0614 0736  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:30:35.0616 0736  Npfs - ok
19:30:35.0647 0736  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
19:30:35.0650 0736  nsi - ok
19:30:35.0660 0736  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:30:35.0662 0736  nsiproxy - ok
19:30:35.0734 0736  [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:30:35.0758 0736  Ntfs - ok
19:30:35.0797 0736  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
19:30:35.0798 0736  Null - ok
19:30:35.0850 0736  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:30:35.0853 0736  nvraid - ok
19:30:35.0861 0736  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:30:35.0864 0736  nvstor - ok
19:30:35.0873 0736  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:30:35.0877 0736  nv_agp - ok
19:30:35.0886 0736  NwlnkFlt - ok
19:30:35.0896 0736  NwlnkFwd - ok
19:30:35.0979 0736  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:30:35.0987 0736  odserv - ok
19:30:36.0034 0736  [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
19:30:36.0036 0736  ohci1394 - ok
19:30:36.0088 0736  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:30:36.0091 0736  ose - ok
19:30:36.0150 0736  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
19:30:36.0163 0736  p2pimsvc - ok
19:30:36.0180 0736  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
19:30:36.0187 0736  p2psvc - ok
19:30:36.0234 0736  [ 4C6A7FD04DDF4DB88791048382E3EDB1 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:30:36.0237 0736  Parport - ok
19:30:36.0276 0736  [ B43751085E2ABE389DA466BC62A4B987 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:30:36.0279 0736  partmgr - ok
19:30:36.0353 0736  [ 55223EEFABFDB84A926515FEBAB50D9A ] pbfilter        C:\Program Files\PeerBlock\pbfilter.sys
19:30:36.0355 0736  pbfilter - ok
19:30:36.0388 0736  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:30:36.0391 0736  PcaSvc - ok
19:30:36.0426 0736  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci             C:\Windows\system32\drivers\pci.sys
19:30:36.0430 0736  pci - ok
19:30:36.0483 0736  [ 2657F6C0B78C36D95034BE109336E382 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:30:36.0484 0736  pciide - ok
19:30:36.0511 0736  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:30:36.0516 0736  pcmcia - ok
19:30:36.0554 0736  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:30:36.0566 0736  PEAUTH - ok
19:30:36.0599 0736  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:30:36.0602 0736  PerfHost - ok
19:30:36.0670 0736  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
19:30:36.0692 0736  pla - ok
19:30:36.0743 0736  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:30:36.0750 0736  PlugPlay - ok
19:30:36.0769 0736  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
19:30:36.0777 0736  PNRPAutoReg - ok
19:30:36.0796 0736  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc         C:\Windows\system32\p2psvc.dll
19:30:36.0805 0736  PNRPsvc - ok
19:30:36.0858 0736  [ A6D06378F37BDBA0C0019294C2AABBD0 ] Point64         C:\Windows\system32\DRIVERS\point64k.sys
19:30:36.0860 0736  Point64 - ok
19:30:36.0914 0736  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:30:36.0924 0736  PolicyAgent - ok
19:30:36.0978 0736  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:30:36.0981 0736  PptpMiniport - ok
19:30:37.0013 0736  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:30:37.0014 0736  Processor - ok
19:30:37.0047 0736  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc         C:\Windows\system32\profsvc.dll
19:30:37.0052 0736  ProfSvc - ok
19:30:37.0076 0736  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
19:30:37.0078 0736  ProtectedStorage - ok
19:30:37.0114 0736  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
19:30:37.0117 0736  PSched - ok
19:30:37.0145 0736  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
19:30:37.0147 0736  PxHlpa64 - ok
19:30:37.0197 0736  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:30:37.0216 0736  ql2300 - ok
19:30:37.0227 0736  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:30:37.0230 0736  ql40xx - ok
19:30:37.0272 0736  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
19:30:37.0279 0736  QWAVE - ok
19:30:37.0303 0736  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:30:37.0304 0736  QWAVEdrv - ok
19:30:37.0322 0736  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:30:37.0323 0736  RasAcd - ok
19:30:37.0359 0736  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
19:30:37.0362 0736  RasAuto - ok
19:30:37.0395 0736  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:30:37.0399 0736  Rasl2tp - ok
19:30:37.0424 0736  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
19:30:37.0431 0736  RasMan - ok
19:30:37.0480 0736  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:30:37.0482 0736  RasPppoe - ok
19:30:37.0526 0736  [ C6A593B51F34C33E5474539544072527 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:30:37.0529 0736  RasSstp - ok
19:30:37.0568 0736  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:30:37.0574 0736  rdbss - ok
19:30:37.0605 0736  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:30:37.0606 0736  RDPCDD - ok
19:30:37.0643 0736  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
19:30:37.0649 0736  rdpdr - ok
19:30:37.0656 0736  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:30:37.0657 0736  RDPENCDD - ok
19:30:37.0709 0736  [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:30:37.0714 0736  RDPWD - ok
19:30:37.0733 0736  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:30:37.0737 0736  RemoteAccess - ok
19:30:37.0765 0736  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:30:37.0770 0736  RemoteRegistry - ok
19:30:37.0827 0736  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
19:30:37.0829 0736  RpcLocator - ok
19:30:37.0877 0736  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs           C:\Windows\system32\rpcss.dll
19:30:37.0886 0736  RpcSs - ok
19:30:37.0908 0736  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:30:37.0911 0736  rspndr - ok
19:30:37.0943 0736  RSUSBSTOR - ok
19:30:37.0989 0736  [ F8DA8FC39CE5859C0D8C0FE6524CE465 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
19:30:37.0993 0736  RTHDMIAzAudService - ok
19:30:38.0002 0736  Rts516xIR - ok
19:30:38.0026 0736  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs           C:\Windows\system32\lsass.exe
19:30:38.0028 0736  SamSs - ok
19:30:38.0060 0736  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:30:38.0063 0736  sbp2port - ok
19:30:38.0107 0736  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:30:38.0112 0736  SCardSvr - ok
19:30:38.0173 0736  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
19:30:38.0187 0736  Schedule - ok
19:30:38.0228 0736  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:30:38.0229 0736  SCPolicySvc - ok
19:30:38.0256 0736  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:30:38.0260 0736  SDRSVC - ok
19:30:38.0275 0736  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:30:38.0277 0736  secdrv - ok
19:30:38.0288 0736  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
19:30:38.0291 0736  seclogon - ok
19:30:38.0303 0736  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\system32\sens.dll
19:30:38.0306 0736  SENS - ok
19:30:38.0321 0736  [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:30:38.0322 0736  Serenum - ok
19:30:38.0336 0736  [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:30:38.0339 0736  Serial - ok
19:30:38.0371 0736  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:30:38.0373 0736  sermouse - ok
19:30:38.0415 0736  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:30:38.0418 0736  SessionEnv - ok
19:30:38.0427 0736  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:30:38.0429 0736  sffdisk - ok
19:30:38.0438 0736  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:30:38.0440 0736  sffp_mmc - ok
19:30:38.0449 0736  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:30:38.0450 0736  sffp_sd - ok
19:30:38.0458 0736  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:30:38.0460 0736  sfloppy - ok
19:30:38.0497 0736  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:30:38.0504 0736  SharedAccess - ok
19:30:38.0561 0736  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:30:38.0568 0736  ShellHWDetection - ok
19:30:38.0576 0736  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
19:30:38.0579 0736  SiSRaid2 - ok
19:30:38.0604 0736  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:30:38.0607 0736  SiSRaid4 - ok
19:30:38.0660 0736  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:30:38.0663 0736  SkypeUpdate - ok
19:30:38.0769 0736  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc           C:\Windows\system32\SLsvc.exe
19:30:38.0808 0736  slsvc - ok
19:30:38.0857 0736  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
19:30:38.0861 0736  SLUINotify - ok
19:30:38.0910 0736  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:30:38.0913 0736  Smb - ok
19:30:38.0947 0736  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:30:38.0950 0736  SNMPTRAP - ok
19:30:38.0997 0736  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr           C:\Windows\system32\drivers\spldr.sys
19:30:38.0999 0736  spldr - ok
19:30:39.0051 0736  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler         C:\Windows\System32\spoolsv.exe
19:30:39.0058 0736  Spooler - ok
19:30:39.0150 0736  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\system32\Drivers\sptd.sys
19:30:39.0150 0736  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
19:30:39.0154 0736  sptd ( LockedFile.Multi.Generic ) - warning
19:30:39.0154 0736  sptd - detected LockedFile.Multi.Generic (1)
19:30:39.0192 0736  [ EB2FD937449B7ACEB39372F875EB8E78 ] SQLAgent$SQLEXPRESS c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
19:30:39.0199 0736  SQLAgent$SQLEXPRESS - ok
19:30:39.0279 0736  [ 99DE6ACFA5CA83FAD6A765C81C6F129F ] SQLBrowser      c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:30:39.0284 0736  SQLBrowser - ok
19:30:39.0355 0736  [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:30:39.0358 0736  SQLWriter - ok
19:30:39.0407 0736  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:30:39.0416 0736  srv - ok
19:30:39.0461 0736  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:30:39.0465 0736  srv2 - ok
19:30:39.0490 0736  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:30:39.0493 0736  srvnet - ok
19:30:39.0543 0736  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:30:39.0548 0736  SSDPSRV - ok
19:30:39.0564 0736  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:30:39.0569 0736  SstpSvc - ok
19:30:39.0617 0736  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
19:30:39.0628 0736  stisvc - ok
19:30:39.0657 0736  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:30:39.0659 0736  swenum - ok
19:30:39.0754 0736  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:30:39.0763 0736  SwitchBoard - ok
19:30:39.0856 0736  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv           C:\Windows\System32\swprv.dll
19:30:39.0865 0736  swprv - ok
19:30:39.0884 0736  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
19:30:39.0886 0736  Symc8xx - ok
19:30:39.0894 0736  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
19:30:39.0896 0736  Sym_hi - ok
19:30:39.0905 0736  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
19:30:39.0907 0736  Sym_u3 - ok
19:30:39.0960 0736  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain         C:\Windows\system32\sysmain.dll
19:30:39.0975 0736  SysMain - ok
19:30:39.0997 0736  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:30:40.0001 0736  TabletInputService - ok
19:30:40.0054 0736  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:30:40.0061 0736  TapiSrv - ok
19:30:40.0088 0736  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
19:30:40.0091 0736  TBS - ok
19:30:40.0166 0736  [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:30:40.0189 0736  Tcpip - ok
19:30:40.0217 0736  [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
19:30:40.0229 0736  Tcpip6 - ok
19:30:40.0260 0736  [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:30:40.0262 0736  tcpipreg - ok
19:30:40.0291 0736  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:30:40.0292 0736  TDPIPE - ok
19:30:40.0301 0736  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:30:40.0303 0736  TDTCP - ok
19:30:40.0333 0736  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:30:40.0336 0736  tdx - ok
19:30:40.0367 0736  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:30:40.0369 0736  TermDD - ok
19:30:40.0419 0736  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService     C:\Windows\System32\termsrv.dll
19:30:40.0429 0736  TermService - ok
19:30:40.0461 0736  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
19:30:40.0465 0736  Themes - ok
19:30:40.0505 0736  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
19:30:40.0507 0736  THREADORDER - ok
19:30:
Title: Re: Connection problems - here to see if I have a virus
Post by: SuperDave on December 28, 2012, 11:44:45 AM
That does not appear to be the complete TDSSKiller log. Could you please run it again and just post the bottom 10 lines of the log?
Title: Re: Connection problems - here to see if I have a virus
Post by: zulubanshee on December 28, 2012, 11:50:37 AM
14:04:57.0761 4580  ================ Scan global ===============================
14:04:57.0793 4580  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
14:04:57.0834 4580  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
14:04:57.0851 4580  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
14:04:57.0897 4580  [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
14:04:57.0902 4580  [Global] - ok
14:04:57.0903 4580  ================ Scan MBR ==================================
14:04:57.0921 4580  [ B751AF1ACDDD7A1A71313731839F4ECB ] \Device\Harddisk0\DR0
14:05:00.0571 4580  \Device\Harddisk0\DR0 - ok
14:05:00.0586 4580  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
14:05:00.0590 4580  \Device\Harddisk1\DR1 - ok
14:05:00.0596 4580  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
14:05:00.0895 4580  \Device\Harddisk2\DR2 - ok
14:05:00.0896 4580  ================ Scan VBR ==================================
14:05:00.0901 4580  [ AB2522FC70605093AF8A9F7397AFBB75 ] \Device\Harddisk0\DR0\Partition1
14:05:00.0902 4580  \Device\Harddisk0\DR0\Partition1 - ok
14:05:00.0911 4580  [ F5BE331CDEDDC5FE4288744E7456CB28 ] \Device\Harddisk1\DR1\Partition1
14:05:00.0913 4580  \Device\Harddisk1\DR1\Partition1 - ok
14:05:00.0920 4580  [ 27693C0DC8219674FFDA01A04EF5AF78 ] \Device\Harddisk2\DR2\Partition1
14:05:00.0922 4580  \Device\Harddisk2\DR2\Partition1 - ok
14:05:00.0924 4580  ============================================================
14:05:00.0925 4580  Scan finished
14:05:00.0925 4580  ============================================================
14:05:00.0949 5484  Detected object count: 1
14:05:00.0949 5484  Actual detected object count: 1
14:05:21.0270 5484  sptd ( LockedFile.Multi.Generic ) - skipped by user
14:05:21.0270 5484  sptd ( LockedFile.Multi.Generic ) - User select action: Skip
Title: Re: Connection problems - here to see if I have a virus
Post by: SuperDave on December 28, 2012, 04:08:04 PM
Please run TDSSKiller again and, this time, You need to choose action Cure

Title: Re: Connection problems - here to see if I have a virus
Post by: zulubanshee on December 28, 2012, 05:37:59 PM
Cure is not one of the options. I assume you mean Delete. See attached.

[year+ old attachment deleted by admin]
Title: Re: Connection problems - here to see if I have a virus
Post by: SuperDave on December 29, 2012, 12:45:34 PM
Cure is not one of the options. I assume you mean Delete. See attached.
Sorry, please use "delete".
Title: Re: Connection problems - here to see if I have a virus
Post by: zulubanshee on December 29, 2012, 05:46:07 PM
Machine was rebooted. I can't believe this is such a problem.  :P Thanks very much for spending so much time on it.


18:17:23.0309 3720  ================ Scan global ===============================
18:17:23.0387 3720  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
18:17:23.0574 3720  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
18:17:23.0652 3720  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
18:17:23.0870 3720  [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
18:17:23.0870 3720  [Global] - ok
18:17:23.0870 3720  ================ Scan MBR ==================================
18:17:23.0948 3720  [ B751AF1ACDDD7A1A71313731839F4ECB ] \Device\Harddisk0\DR0
18:17:26.0805 3720  \Device\Harddisk0\DR0 - ok
18:17:26.0884 3720  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
18:17:26.0894 3720  \Device\Harddisk1\DR1 - ok
18:17:26.0907 3720  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
18:17:27.0263 3720  \Device\Harddisk2\DR2 - ok
18:17:27.0264 3720  ================ Scan VBR ==================================
18:17:27.0298 3720  [ AB2522FC70605093AF8A9F7397AFBB75 ] \Device\Harddisk0\DR0\Partition1
18:17:27.0299 3720  \Device\Harddisk0\DR0\Partition1 - ok
18:17:27.0306 3720  [ F5BE331CDEDDC5FE4288744E7456CB28 ] \Device\Harddisk1\DR1\Partition1
18:17:27.0309 3720  \Device\Harddisk1\DR1\Partition1 - ok
18:17:27.0327 3720  [ 27693C0DC8219674FFDA01A04EF5AF78 ] \Device\Harddisk2\DR2\Partition1
18:17:27.0329 3720  \Device\Harddisk2\DR2\Partition1 - ok
18:17:27.0357 3720  ============================================================
18:17:27.0357 3720  Scan finished
18:17:27.0357 3720  ============================================================
18:17:27.0467 4396  Detected object count: 1
18:17:27.0467 4396  Actual detected object count: 1
18:17:32.0013 4396  C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
18:17:32.0132 4396  HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
18:17:32.0166 4396  HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted on reboot
18:17:32.0953 4396  C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot
18:17:32.0953 4396  sptd ( LockedFile.Multi.Generic ) - User select action: Delete
Title: Re: Connection problems - here to see if I have a virus
Post by: SuperDave on December 30, 2012, 11:09:52 AM
Any change?
Title: Re: Connection problems - here to see if I have a virus
Post by: zulubanshee on December 30, 2012, 11:22:42 AM
Well like i said above, it's definitely better than it was, but still at least 25% of pages have problems loading. I'm starting to think that I might have to reformat.
Title: Re: Connection problems - here to see if I have a virus
Post by: SuperDave on December 30, 2012, 11:28:25 AM
Well like i said above, it's definitely better than it was, but still at least 25% of pages have problems loading. I'm starting to think that I might have to reformat.
That would be your best option which will give you virtually a new computer.
Title: Re: Connection problems - here to see if I have a virus
Post by: zulubanshee on December 30, 2012, 04:08:04 PM
Well thanks for your help dude.
Title: Re: Connection problems - here to see if I have a virus
Post by: SuperDave on December 30, 2012, 05:43:04 PM
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.