Computer Hope
Software => Computer viruses and spyware => Topic started by: zulubanshee on December 21, 2012, 03:40:43 PM
-
My problem can be found here:
http://www.computerhope.com/forum/index.php/topic,134893.msg868106.html#msg868106 (http://www.computerhope.com/forum/index.php/topic,134893.msg868106.html#msg868106)
Essentially I have been having intermittent connection problems. Some pages load ok, others do not load, others load but without the styles sheets, usually if I refresh a bunch of times the page will load eventually, but not always. I have tried everything else and somebody on the Networking forum sent me over here. So here I am. And here are my logs.
# AdwCleaner v2.101 - Logfile created 12/21/2012 at 12:46:31
# Updated 16/12/2012 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : doug - DOUG-PC
# Boot Mode : Normal
# Running from : C:\Users\doug\Desktop\zips\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Found : C:\Program Files (x86)\ICQ6Toolbar
Folder Found : C:\ProgramData\ICQ\ICQToolbar
Folder Found : C:\Users\doug\AppData\Local\APN
Folder Found : C:\Users\doug\AppData\Local\Conduit
Folder Found : C:\Users\doug\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\doug\AppData\LocalLow\Conduit
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB9}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKU\S-1-5-21-1499011048-2565338764-885293594-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Found : HKU\S-1-5-21-1499011048-2565338764-885293594-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB9}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
-\\ Mozilla Firefox v17.0.1 (en-US)
Profile name : default-1355447943910 [Profil par défaut]
File : C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\prefs.js
[OK] File is clean.
-\\ Google Chrome v23.0.1271.97
File : C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
-\\ Opera v12.12.1707.0
File : C:\Users\doug\AppData\Roaming\Opera\Opera\operaprefs.ini
Found : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera
*************************
AdwCleaner[R1].txt - [4095 octets] - [21/12/2012 12:46:31]
########## EOF - C:\AdwCleaner[R1].txt - [4155 octets] ##########
---------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.21.15
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
doug :: DOUG-PC [administrator]
Protection: Disabled
12/21/2012 12:50:10 PM
mbam-log-2012-12-21 (12-50-10).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224470
Time elapsed: 8 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-------------------------------------------------------------------------------------------------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_37
Run by doug at 17:09:58 on 2012-12-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.7934.5953 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\cygwin\bin\cygrunsrv.exe
C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
C:\cygwin\usr\sbin\cygserver.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\System32\WUDFHost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\MHotKey.exe
C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ehome\ehtray.exe
C:\Windows\ChiFuncExt.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\splwow64.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Page = hxxp://www.bing.com/?pc=AVBR
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1008&m=lx6200-01
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
mURLSearchHooks: {855F3B16-6D32-4fe6-8A56-BBB695989046} - <orphaned>
mURLSearchHooks: <No Name>: - LocalServer32 - <no file>
dURLSearchHooks: {855F3B16-6D32-4fe6-8A56-BBB695989046} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
dURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
uRun: [Pidgin] C:\Program Files (x86)\Pidgin\pidgin.exe
uRun: [AdobeBridge] <no file>
mRun: [LchDrvKey] LchDrvKey.exe
mRun: [LedKey] CNYHKey.exe
mRun: [eRecoveryService] <no file>
mRunOnce: [New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} - hxxp://www.ivienterprise.com:8080/qcbin/ALM-Platform-Loader.11.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{69DE6067-93A0-4FFF-AD69-C6EE7006F35F} : DHCPNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1008&m=lx6200-01
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\doug\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\doug\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\doug\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\doug\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-10-24 12:14; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-13 20:24; {dc572301-7619-498c-a57d-39143191b318}; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF - ExtSQL: 2012-12-13 20:33; {64161300-e22b-11db-8314-0800200c9a66}; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF - ExtSQL: 2012-12-13 20:46; {6AC85730-7D0F-4de0-B3FA-21142DD85326}; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - ExtSQL: 2012-12-13 20:51; {c45c406e-ab73-11d8-be73-000a95be3b12}; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF - ExtSQL: 2012-12-13 20:55; [email protected]; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
FF - ExtSQL: 2012-12-13 21:00; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2012-12-13 21:16; [email protected]; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
FF - ExtSQL: 2012-12-13 21:29; jid1-xUfzOsOFlzSOXg@jetpack; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
FF - ExtSQL: 2012-12-13 21:57; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-12-13 22:49; {af79f858-4b25-4ca4-822b-b5db1be628fc}; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi
FF - ExtSQL: 2012-12-14 14:48; [email protected]; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
FF - ExtSQL: 2012-12-14 14:55; [email protected]; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
FF - ExtSQL: 2012-12-14 19:45; [email protected]; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-10-29 69152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2008-8-21 55856]
R1 VBoxDrv;VirtualBox Service;C:\Windows\System32\drivers\VBoxDrv.sys [2012-1-22 224048]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\System32\drivers\VBoxUSBMon.sys [2012-1-22 130864]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-5-4 21992]
R2 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-10-16 24576]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2008-12-11 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-21 399432]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R2 vmci;VMware vmci;C:\Windows\System32\drivers\vmci.sys [2008-12-7 64560]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-7-4 46136]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;C:\Windows\System32\drivers\AVer88xHD64.sys [2008-8-21 432256]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2008-8-21 403968]
R3 LVUVC64;Logitech QuickCam S5500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\System32\drivers\VBoxNetAdp.sys [2011-12-19 146736]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2008-8-5 392192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9619c54e0d3d;Google Update Service (gupdate1c9619c54e0d3d);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2008-12-19 133104]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-21 676936]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 BrlAPI;BrlAPI;C:\cygwin\bin\cygrunsrv.exe [2012-1-10 68096]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-21 25928]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-1-28 19544]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\System32\drivers\point64k.sys [2009-5-8 33160]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\Windows\System32\drivers\VBoxNetFlt.sys [2011-12-19 165680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-7-10 369688]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .js: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-12-16 23:25:25 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 23:25:25 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-13 12:24:00 67413224 ----a-w- C:\Windows\System32\mrt.exe
2012-11-14 07:06:18 17811968 ----a-w- C:\Windows\System32\mshtml.dll
2012-11-14 06:32:33 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:44 1346048 ----a-w- C:\Windows\System32\urlmon.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 06:02:04 237056 ----a-w- C:\Windows\System32\url.dll
2012-11-14 05:59:52 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2012-11-14 05:58:36 816640 ----a-w- C:\Windows\System32\jscript.dll
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:55:45 2144768 ----a-w- C:\Windows\System32\iertutil.dll
2012-11-14 05:55:26 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2012-11-14 05:53:22 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 05:46:25 248320 ----a-w- C:\Windows\System32\ieui.dll
2012-11-14 02:48:26 12320256 ----a-w- C:\Windows\SysWow64\mshtml.dll
2012-11-14 02:14:59 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:44 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:55:46 231936 ----a-w- C:\Windows\SysWow64\url.dll
2012-11-14 01:51:44 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:49:19 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:47:20 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2012-11-14 01:46:38 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
2012-11-14 01:45:01 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-14 01:41:30 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2012-11-13 01:55:22 2770432 ----a-w- C:\Windows\System32\win32k.sys
2012-11-13 01:45:48 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-13 01:29:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-08 04:24:01 48128 ----a-w- C:\Windows\System32\atmlib.dll
2012-11-08 03:46:35 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-11-08 02:00:56 368128 ----a-w- C:\Windows\System32\atmfd.dll
2012-11-08 01:36:08 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-11-02 10:45:52 477696 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 10:45:51 68096 ----a-w- C:\Windows\System32\dpnathlp.dll
2012-11-02 10:18:17 376320 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-02 08:59:56 26112 ----a-w- C:\Windows\System32\dpnsvr.exe
2012-11-02 08:26:06 23040 ----a-w- C:\Windows\SysWow64\dpnsvr.exe
2012-10-29 19:10:15 60304 ----a-w- C:\Users\doug\g2mdlhlpx.exe
2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-28 16:34:50 1210368 ----a-w- C:\Windows\System32\kernel32.dll
2012-09-28 16:13:29 860160 ----a-w- C:\Windows\SysWow64\kernel32.dll
2012-09-25 16:31:19 91648 ----a-w- C:\Windows\System32\synceng.dll
2012-09-25 16:19:41 75776 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-24 20:34:14 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-09-24 20:34:13 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-09-24 20:34:13 289768 ----a-w- C:\Windows\System32\javaws.exe
2012-09-24 20:34:13 189416 ----a-w- C:\Windows\System32\javaw.exe
2012-09-24 20:34:13 188904 ----a-w- C:\Windows\System32\java.exe
2012-09-24 20:34:13 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-09-24 19:32:24 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-09-24 19:32:20 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-24 19:23:41 157680 ----a-w- C:\Windows\SysWow64\javaws.exe
2012-09-24 19:23:37 149488 ----a-w- C:\Windows\SysWow64\javaw.exe
2012-09-24 19:23:26 149488 ----a-w- C:\Windows\SysWow64\java.exe
.
============= FINISH: 17:10:43.17 ===============
------------------------------------------------------------------------------------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/16/2008 2:22:15 AM
System Uptime: 12/21/2012 4:16:21 PM (1 hours ago)
.
Motherboard: Gateway | | RS780
Processor: AMD Phenom(tm) 9500 Quad-Core Processor | AM2 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 689 GiB total, 360.351 GiB free.
D: is FIXED (NTFS) - 112 GiB total, 22.587 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
J: is CDROM ()
K: is CDROM ()
L: is FIXED (NTFS) - 233 GiB total, 165.374 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
7-Zip 4.62
Activation Assistant for the 2007 Microsoft Office suites
ActivePerl 5.12.2 Build 1202 (64-bit)
ActiveState Komodo Edit 6.1.1
Adobe AIR
Adobe Community Help
Adobe Dreamweaver CS5
Adobe Fireworks CS5
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Photoshop Elements 7.0
Adobe Photoshop.com Inspiration Browser
Adobe Reader X (10.1.4)
Amazon Kindle
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD VISION Engine Control Center
Apex PDF Watermarking Software 2.3.8.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Artisteer 2
AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.64.5
AVI Movie Player
BigFix
Bing Bar
Bing Maps 3D
BlueVoda Website Builder 11.71
Bonjour
calibre
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Compatibility Pack for the 2007 Office system
Cool Timer 3.7
CPUID HWMonitor 1.19
Craigs List Editor
Craigslist Crawler
Crimson Editor (remove only)
CutePDF Writer 2.8
CyberLink LabelPrint
CyberLink Power2Go
DHTML Editing Component
DivX Setup
DivX Version Checker
Dolby Control Center
EasyBCD 1.7.2
Facebook Video Calling 1.2.0.159
Facebook Video Calling 1.2.0.287
FeedDemon
FileZilla Client 3.6.0.2
FlashPeak SlimBrowser
Forté Agent
Free PDF to Word Doc Converter v1.1
Free SMTP Server
Freecorder
FTPRush v1 Unicode
Gadwin PrintScreen
Gateway Recovery Management
GIMP 2.6.11
Google AdWords Editor
Google Chrome
Google Drive
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoogleSpider
GoToMeeting 5.2.0.952
GreenBrowser
GTK+ Runtime 2.14.7 rev a (remove only)
HeidiSQL 4.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
HP ALM Microsoft Excel Addin
HP ALM Microsoft Word Addin
HP Application Lifecycle Management
HydraVision
iCloud
Inkscape 0.48.1
iPhone Configuration Utility
IrfanView (remove only)
iTunes
Java 7 Update 7 (64-bit)
Java Auto Updater
Java SE Development Kit 7 Update 7 (64-bit)
Java(TM) 6 Update 37
Java(TM) 6 Update 5
Java(TM) 6 Update 7
KB0817 Keyboard Driver
Magic ISO Maker v5.5 (build 0272)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.65.1.1000
Marvell(R) Wireless Card Software Package
MassMailer
Matroska Pack - Lazy Man's MKV 0.9.9
Media Player Classic
Meracl ImageMap Generator v3.5.3
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 7.0
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
MixPad
MobileMe Control Panel
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 16.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL-Front 3.2
NetBeans IDE 6.9.1
Netflix Movie Viewer
Notepad++
Octoshape add-in for Adobe Flash Player
oDesk Team
OpenOffice.org 3.0
Opera 12.12
Opera Mobile
Oracle VM VirtualBox 4.1.8
PDF Generator 2.03
PDF Settings CS5
PeerBlock 1.0.0 (r181)
PhotoshopdotcomInspirationBrowser
PhotoStage Slideshow Producer
Pidgin
POSInvoicePDFLite 1.0.5
QuickPar 0.9
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Rosetta Stone Version 3
SABnzbd 0.6.15
Safari
SeaMonkey (2.0.12)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SequoiaView
Skype™ 6.0
SmartFTP Client Setup Files 4.0 (x64) (remove only)
Snap (remove only)
Soft Data Fax Modem with SmartCP
Software Informer 1.1
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Sublime Text 2.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
VideoPad Video Editor
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VLC media player 1.0.0
VMware Workstation
WampServer 2.0
WavePad Sound Editor
Winamp
Winamp Detector Plug-in
WinDirStat 1.1.2
Windows Media Player Firefox Plugin
WinRAR archiver
.
==== End Of File ===========================
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Remove the Adware:
- Please close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Delete.
- Confirm each time with OK
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
*****************************************************
Please download ComboFix (http://img7.imageshack.us/img7/4930/combofix.gif) from BleepingComputer.com (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Alternate link: GeeksToGo.com (http://www.geekstogo.com/forum/downloads.html&req=download&code=confirm_download&id=197)
Alternate link: Forospyware.com (http://www.forospyware.com/sUBs/ComboFix.exe)
If you are using Firefox, make sure that your download settings are as follows:
* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".
Rename ComboFix.exe to commy.exe before you save it to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools ]A guide to do this can be found here (http://www.bleepingcomputer.com/forums/topic114351.html)
- Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
(http://img.photobucket.com/albums/v666/sUBs/Query_RC.gif)
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif)
- Click on Yes, to continue scanning for malware.
- When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
-
# AdwCleaner v2.102 - Logfile created 12/24/2012 at 15:08:49
# Updated 23/12/2012 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : doug - DOUG-PC
# Boot Mode : Normal
# Running from : C:\Users\doug\Desktop\zips\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\DAEMON Tools Toolbar
Deleted on reboot : C:\Program Files (x86)\ICQ6Toolbar
Deleted on reboot : C:\ProgramData\ICQ\ICQToolbar
Deleted on reboot : C:\Users\doug\AppData\Local\APN
Deleted on reboot : C:\Users\doug\AppData\Local\Conduit
Deleted on reboot : C:\Users\doug\AppData\LocalLow\AVG Secure Search
Deleted on reboot : C:\Users\doug\AppData\LocalLow\Conduit
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB9}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v17.0.1 (en-US)
File : C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\prefs.js
[OK] File is clean.
-\\ Google Chrome v23.0.1271.97
File : C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
-\\ Opera v12.12.1707.0
File : C:\Users\doug\AppData\Roaming\Opera\Opera\operaprefs.ini
Deleted : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera
*************************
AdwCleaner[R1].txt - [4212 octets] - [21/12/2012 12:46:31]
AdwCleaner[S1].txt - [3726 octets] - [24/12/2012 15:08:49]
########## EOF - C:\AdwCleaner[S1].txt - [3786 octets] ##########
-
I don't think the Microsoft Recovery Console was installed. I disabled the antivirus and antispyware, then copy and pasted the line of text into the Run box. I clicked a confirmation message but it was not the ones that are displayed above (I didn't catch what it said). Those popup confirmation messages in your post above were not displayed at all. Furthermore, ComboFix appears to have simply ended without running a scan. I renamed the file to commy.exe as instructed, FTR.
-
I don't think the Microsoft Recovery Console was installed. I disabled the antivirus and antispyware, then copy and pasted the line of text into the Run box. I clicked a confirmation message but it was not the ones that are displayed above (I didn't catch what it said). Those popup confirmation messages in your post above were not displayed at all. Furthermore, ComboFix appears to have simply ended without running a scan. I renamed the file to commy.exe as instructed, FTR.
Never mind. I ran it again and it seems to be working.
-
ComboFix 12-12-23.01 - doug 12/24/2012 15:46:45.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.7934.5651 [GMT -5:00]
Running from: c:\users\doug\Desktop\commy.exe
Command switches used :: /stepdel
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\doug\AppData\Local\assembly\tmp
c:\users\doug\AppData\Roaming\013d5c525f3c127a61d11aadff2409b6-i686.cache-2
c:\users\doug\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2
c:\users\doug\AppData\Roaming\mIRC\logs\status.log
c:\users\doug\g2mdlhlpx.exe
c:\users\Public\sdelevURL.tmp
c:\windows\iun6002.exe
c:\windows\SysWow64\ccrpTmr6.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-11-24 to 2012-12-24 )))))))))))))))))))))))))))))))
.
.
2012-12-24 21:22 . 2012-12-24 21:25 -------- d-----w- c:\users\doug\AppData\Local\temp
2012-12-24 21:22 . 2012-12-24 21:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-24 20:34 . 2012-12-24 20:34 -------- d-----w- C:\commy
2012-12-24 20:10 . 2012-12-24 20:10 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D8076F9-8863-4C9F-94E9-09FED020D356}\offreg.dll
2012-12-24 10:36 . 2012-11-19 06:01 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D8076F9-8863-4C9F-94E9-09FED020D356}\mpengine.dll
2012-12-23 08:30 . 2012-11-19 06:01 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-22 08:00 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 08:00 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 08:00 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 08:00 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 17:49 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-21 17:49 . 2012-12-21 17:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-19 17:32 . 2012-12-19 17:33 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-18 01:07 . 2012-12-18 01:07 -------- d-----w- c:\users\doug\{863fee93-2b95-491c-bc50-eed8f2212d4f}
2012-12-17 23:01 . 2012-10-23 11:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71793424-D1EA-44B8-8DC5-0FA70A3EBFBC}\gapaengine.dll
2012-12-17 22:44 . 2012-12-17 22:44 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-12-17 22:44 . 2012-12-17 22:45 -------- d-----w- c:\program files\Microsoft Security Client
2012-12-17 22:43 . 2010-04-06 08:34 345984 ----a-w- c:\windows\system32\drivers\netio.sys
2012-12-16 21:32 . 2012-12-16 21:32 -------- d-----w- c:\users\doug\AppData\Roaming\Malwarebytes
2012-12-16 21:32 . 2012-12-16 21:32 -------- d-----w- c:\programdata\Malwarebytes
2012-12-13 12:21 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-13 12:21 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-13 12:21 . 2009-07-14 12:19 20480 ----a-w- c:\windows\system32\winusb.dll
2012-12-13 12:21 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-13 12:21 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-13 12:21 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 12:21 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 12:21 . 2009-07-14 12:12 16896 ----a-w- c:\windows\SysWow64\winusb.dll
2012-12-13 12:21 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-13 12:21 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-12-13 12:21 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-13 12:21 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-13 12:21 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-12 14:20 . 2012-09-28 16:34 1210368 ----a-w- c:\windows\system32\kernel32.dll
2012-12-12 14:20 . 2012-08-21 11:50 267648 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-12 14:20 . 2012-11-13 01:55 2770432 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 14:20 . 2012-11-13 01:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 14:20 . 2012-11-13 01:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 14:20 . 2012-11-02 10:45 477696 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 14:20 . 2012-11-02 10:45 68096 ----a-w- c:\windows\system32\dpnathlp.dll
2012-12-12 14:20 . 2012-11-02 10:18 376320 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-12 14:20 . 2012-11-02 08:59 26112 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-12 14:20 . 2012-11-02 08:26 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe
2012-12-05 18:07 . 2012-12-10 15:18 -------- d-----w- c:\users\doug\AppData\Local\Mozilla Firefox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 23:25 . 2012-04-13 14:55 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-16 23:25 . 2011-05-22 15:00 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 12:24 . 2006-11-02 12:35 67413224 ----a-w- c:\windows\system32\mrt.exe
2012-10-28 20:19 . 2012-10-28 20:19 4948 ----a-w- c:\users\doug\AppData\Local\VWL2C36.tmp
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"Pidgin"="c:\program files (x86)\Pidgin\pidgin.exe" [2010-10-20 48618]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-22 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
"LedKey"="CNYHKey.exe" [2008-04-24 339968]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-07-17 8192]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe" [2008-07-17 200704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 23:25]
.
2012-12-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1499011048-2565338764-885293594-1000Core.job
- c:\users\doug\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25 04:19]
.
2012-12-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1499011048-2565338764-885293594-1000UA.job
- c:\users\doug\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25 04:19]
.
2012-12-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-22 20:29]
.
2012-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2008-12-19 15:58]
.
2012-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2008-12-19 15:58]
.
2012-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1499011048-2565338764-885293594-1000Core.job
- c:\users\doug\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-02 22:13]
.
2012-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1499011048-2565338764-885293594-1000UA.job
- c:\users\doug\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-02 22:13]
.
2012-02-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1499011048-2565338764-885293594-1000.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
2012-02-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1499011048-2565338764-885293594-1000.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 21:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 21:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 21:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 21:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1008&m=lx6200-01
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: google.com\mail
TCP: DhcpNameServer = 192.168.2.1
DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} - hxxp://www.ivienterprise.com:8080/qcbin/ALM-Platform-Loader.11.cab
FF - ProfilePath - c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-13 20:24; {dc572301-7619-498c-a57d-39143191b318}; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF - ExtSQL: 2012-12-13 20:33; {64161300-e22b-11db-8314-0800200c9a66}; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF - ExtSQL: 2012-12-13 20:46; {6AC85730-7D0F-4de0-B3FA-21142DD85326}; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - ExtSQL: 2012-12-13 20:51; {c45c406e-ab73-11d8-be73-000a95be3b12}; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF - ExtSQL: 2012-12-13 20:55; [email protected]; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
FF - ExtSQL: 2012-12-13 21:00; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2012-12-13 21:16; [email protected]; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
FF - ExtSQL: 2012-12-13 21:29; jid1-xUfzOsOFlzSOXg@jetpack; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
FF - ExtSQL: 2012-12-13 21:57; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-12-13 22:49; {af79f858-4b25-4ca4-822b-b5db1be628fc}; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi
FF - ExtSQL: 2012-12-14 14:48; [email protected]; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
FF - ExtSQL: 2012-12-14 14:55; [email protected]; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
FF - ExtSQL: 2012-12-14 19:45; [email protected]; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-fsm - (no file)
Wow6432Node-HKLM-Run-eRecoveryService - (no file)
Wow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
AddRemove-BlueVoda_Website_Builder_1.0 - c:\windows\iun6002.exe
AddRemove-DivX Setup.divx.com - c:\programdata\DivX\Setup\DivXSetup.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-12-24 16:48:37
ComboFix-quarantined-files.txt 2012-12-24 21:48
.
Pre-Run: 384,761,016,320 bytes free
Post-Run: 382,622,347,264 bytes free
.
- - End Of File - - 3C8E4D75C0E069131ACA0C2D5F5DB29E
-
Please download Rooter (http://eric71.geekstogo.com/tools/Rooter.exe) and Save it to your desktop.
- Double click it to start the tool.Vista and Windows7 run as administrator.
- Click Scan.
- Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
******************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
-
There you are sir. Thanks for your assistance by the way
Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.65.1.1000
Java(TM) 6 Update 37
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java version out of Date!
Adobe Flash Player 11.5.502.135
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
Mozilla Thunderbird 16.0.2 Thunderbird out of Date!
Google Chrome 23.0.1271.97
````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
doug Desktop virus SecurityCheck.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 16 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````[/u]
-
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
***********************************************
Update your Adobe Reader. get.adobe.com/reader (http://get.adobe.com/reader/).
Be sure to uncheck the Free McAfee Security Scan so it isn't installed.
***********************************************
Total Fragmentation on Drive C: 16 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
Please run a defrag on your C drive soon. SSD means Solid State Drive.
-
OK I did all that. I am a little confused about the Adobe update because I have the latest version. I will run a defrag tonight and over the holiday.
Is there anything else I need to do, or just test the connection?
-
Everything seems to be working so far. I'll give it another day or two. In the meantime, is there somewhere to donate to the site?
-
I spoke too soon. Still having some problems. Will continue monitoring.
-
Ok. In the meantime, please run this scanner.
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
C:\Users\doug\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4a40e101-6c035a11 multiple threats deleted - quarantined
C:\Users\doug\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\6b684e5c-7fecd778 a variant of Java/Exploit.Agent.NEA trojan deleted - quarantined
C:\Users\doug\Desktop\WP stuff\free wordpress themes\Stripey.zip PHP/Kryptik.AB trojan deleted - quarantined
C:\Users\doug\Desktop\WP stuff\free wordpress themes\WPFinalFantasy.zip PHP/Kryptik.AB trojan deleted - quarantined
-
Regret to say still having the problem, but it is much reduced, at least 50%
-
Please download MiniToolBox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe) to Desktop and run it.
(http://i424.photobucket.com/albums/pp322/digistar/MiniToolBox.png)
Checkmark the following boxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- List content of Hosts
- List IP Configuration
- Lst Last 10 Event Viewer Errors
- List Users, Partitions and Memory Size
[/b]
Click Go and copy/paste the log (Result.txt) into your next post.
-
adMiniToolBox by Farbar Version: 25-11-2012
Ran by doug (administrator) on 27-12-2012 at 17:46:22
Running from "C:\Users\doug\Desktop\virus"
Windows Vista (TM) Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Connected)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Connected)
VirtualBox Host-Only Ethernet Adapter = Local Area Connection 2 (Connected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : doug-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
Physical Address. . . . . . . . . : 08-00-27-00-18-C1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::fdf2:9873:44e2:79ea%26(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.121.234(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 436731943
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-88-94-B4-00-22-68-07-91-85
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-22-68-07-91-85
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::25c0:5299:b507:443b%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, December 27, 2012 12:14:16 PM
Lease Expires . . . . . . . . . . : Sunday, December 30, 2012 12:14:14 PM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 234889832
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-88-94-B4-00-22-68-07-91-85
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter VMware Network Adapter VMnet1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a5f2:6378:7c63:a62d%12(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.166.45(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 302010454
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-88-94-B4-00-22-68-07-91-85
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::bc0f:f6fe:c759:ec47%13(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.236.71(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 335564886
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-88-94-B4-00-22-68-07-91-85
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 12:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{E0C456C5-FCC5-4E05-909B-EDC3DD13C4EE}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 14:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 16:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B2205165-AD37-42F1-8540-3AD3042F4084}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 17:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{6059A36E-DB33-4713-9C8C-27A50B8D6123}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 13:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{69DE6067-93A0-4FFF-AD69-C6EE7006F35F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.2.1
Name: google.com
Addresses: 2607:f8b0:4008:802::1002
74.125.229.232
74.125.229.233
74.125.229.238
74.125.229.224
74.125.229.225
74.125.229.226
74.125.229.227
74.125.229.228
74.125.229.229
74.125.229.230
74.125.229.231
Pinging google.com [74.125.229.238] with 32 bytes of data:
Reply from 74.125.229.238: bytes=32 time=11ms TTL=55
Reply from 74.125.229.238: bytes=32 time=12ms TTL=55
Ping statistics for 74.125.229.238:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 11ms, Maximum = 12ms, Average = 11ms
Server: UnKnown
Address: 192.168.2.1
Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=784ms TTL=48
Reply from 98.139.183.24: bytes=32 time=779ms TTL=48
Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 779ms, Maximum = 784ms, Average = 781ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
26 ...08 00 27 00 18 c1 ...... VirtualBox Host-Only Ethernet Adapter
10 ...00 22 68 07 91 85 ...... Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller
12 ...00 50 56 c0 00 01 ...... VMware Virtual Ethernet Adapter for VMnet1
13 ...00 50 56 c0 00 08 ...... VMware Virtual Ethernet Adapter for VMnet8
1 ........................... Software Loopback Interface 1
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
27 ...00 00 00 00 00 00 00 e0 isatap.{E0C456C5-FCC5-4E05-909B-EDC3DD13C4EE}
15 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
16 ...00 00 00 00 00 00 00 e0 isatap.{B2205165-AD37-42F1-8540-3AD3042F4084}
17 ...00 00 00 00 00 00 00 e0 isatap.{6059A36E-DB33-4713-9C8C-27A50B8D6123}
28 ...00 00 00 00 00 00 00 e0 isatap.{69DE6067-93A0-4FFF-AD69-C6EE7006F35F}
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.236.71 276
169.254.0.0 255.255.0.0 On-link 169.254.166.45 276
169.254.0.0 255.255.0.0 On-link 169.254.121.234 276
169.254.121.234 255.255.255.255 On-link 169.254.121.234 276
169.254.166.45 255.255.255.255 On-link 169.254.166.45 276
169.254.236.71 255.255.255.255 On-link 169.254.236.71 276
169.254.255.255 255.255.255.255 On-link 169.254.236.71 276
169.254.255.255 255.255.255.255 On-link 169.254.166.45 276
169.254.255.255 255.255.255.255 On-link 169.254.121.234 276
192.168.2.0 255.255.255.0 On-link 192.168.2.2 276
192.168.2.2 255.255.255.255 On-link 192.168.2.2 276
192.168.2.255 255.255.255.255 On-link 192.168.2.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.166.45 276
224.0.0.0 240.0.0.0 On-link 169.254.236.71 276
224.0.0.0 240.0.0.0 On-link 169.254.121.234 276
224.0.0.0 240.0.0.0 On-link 192.168.2.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.166.45 276
255.255.255.255 255.255.255.255 On-link 169.254.236.71 276
255.255.255.255 255.255.255.255 On-link 169.254.121.234 276
255.255.255.255 255.255.255.255 On-link 192.168.2.2 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 276 fe80::/64 On-link
13 276 fe80::/64 On-link
26 276 fe80::/64 On-link
10 276 fe80::/64 On-link
10 276 fe80::25c0:5299:b507:443b/128
On-link
12 276 fe80::a5f2:6378:7c63:a62d/128
On-link
13 276 fe80::bc0f:f6fe:c759:ec47/128
On-link
26 276 fe80::fdf2:9873:44e2:79ea/128
On-link
1 306 ff00::/8 On-link
12 276 ff00::/8 On-link
13 276 ff00::/8 On-link
26 276 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Event log errors: ===============================
Application errors:
==================
Error: (12/27/2012 00:03:51 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=23.0.1271.97;lang=;id=;is_machine=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\b1ae483f-1876-45fb-9c1f-a10fe92f4d1a.dmp
Error: (12/27/2012 10:08:41 AM) (Source: Perflib) (User: )
Description: PolicyAgent4
Error: (12/27/2012 10:08:41 AM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (12/27/2012 10:08:40 AM) (Source: Perflib) (User: )
Description: EmdCache4
Error: (12/26/2012 07:45:13 PM) (Source: System Restore) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe -k netsvcs; Descripton = Windows Update; Hr = 0x81000101).
Error: (12/26/2012 07:42:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error: (12/26/2012 07:42:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error: (12/26/2012 07:42:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error: (12/26/2012 07:42:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Error: (12/26/2012 07:41:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
System errors:
=============
Error: (12/27/2012 00:14:15 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 002268079185 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
Error: (12/24/2012 08:57:07 PM) (Source: Service Control Manager) (User: )
Description: Windows Modules Installer%%1053
Error: (12/24/2012 08:57:07 PM) (Source: Service Control Manager) (User: )
Description: 30000Windows Modules Installer
Error: (12/24/2012 08:57:07 PM) (Source: DCOM) (User: )
Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (12/24/2012 08:51:12 PM) (Source: Service Control Manager) (User: )
Description: Beep
Error: (12/24/2012 08:51:12 PM) (Source: Service Control Manager) (User: )
Description: LogMeIn Kernel Information Provider%%3
Error: (12/24/2012 08:51:12 PM) (Source: Service Control Manager) (User: )
Description: int15%%31
Error: (12/24/2012 08:51:12 PM) (Source: Service Control Manager) (User: )
Description: Intel(R) PRO/1000 NDIS 6 Adapter Driver%%1058
Error: (12/24/2012 08:48:12 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (12/24/2012 04:23:41 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart
Microsoft Office Sessions:
=========================
Error: (02/17/2011 08:26:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7680 seconds with 720 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2012-12-18 17:27:07.621
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-12-18 17:27:06.190
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-12-18 17:26:58.125
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-12-18 17:26:56.799
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-12-18 17:26:29.499
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-12-18 17:26:28.220
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-12-18 10:25:18.018
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-12-18 10:25:16.457
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-12-18 10:19:41.643
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-12-18 10:19:40.052
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\yk60x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
========================= Memory info: ===================================
Percentage of memory in use: 80%
Total physical RAM: 7934.27 MB
Available physical RAM: 1582.62 MB
Total Pagefile: 16081.03 MB
Available Pagefile: 10192.64 MB
Total Virtual: 4095.88 MB
Available Virtual: 3993.61 MB
========================= Partitions: =====================================
1 Drive c: (OS) (Fixed) (Total:688.87 GB) (Free:363.09 GB) NTFS
2 Drive d: () (Fixed) (Total:111.78 GB) (Free:22.59 GB) NTFS
10 Drive l: (Old C Drive) (Fixed) (Total:232.88 GB) (Free:165.37 GB) NTFS
========================= Users: ========================================
User accounts for \\DOUG-PC
__vmware_user__ Administrator doug
Guest ZendUser
**** End of log ****
-
The connection looks ok.
- Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber1.png)
- If an infected file is detected, the default action will be Cure, click on Continue.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber2.png)
- If a suspicious file is detected, the default action will be Skip, click on Continue.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillernumber3.png)
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
(http://img.photobucket.com/albums/v420/kdiamondkenny/Computer/TDSSKillerlastone3.png)
- Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
-
19:29:55.0462 5172 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:29:56.0491 5172 ============================================================
19:29:56.0491 5172 Current date / time: 2012/12/27 19:29:56.0491
19:29:56.0491 5172 SystemInfo:
19:29:56.0491 5172
19:29:56.0491 5172 OS Version: 6.0.6002 ServicePack: 2.0
19:29:56.0491 5172 Product type: Workstation
19:29:56.0491 5172 ComputerName: DOUG-PC
19:29:56.0492 5172 UserName: doug
19:29:56.0492 5172 Windows directory: C:\Windows
19:29:56.0492 5172 System windows directory: C:\Windows
19:29:56.0492 5172 Running under WOW64
19:29:56.0492 5172 Processor architecture: Intel x64
19:29:56.0492 5172 Number of processors: 4
19:29:56.0492 5172 Page size: 0x1000
19:29:56.0492 5172 Boot type: Normal boot
19:29:56.0492 5172 ============================================================
19:29:58.0703 5172 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:30:03.0797 5172 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:30:07.0937 5172 Drive \Device\Harddisk2\DR2 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:30:08.0101 5172 ============================================================
19:30:08.0101 5172 \Device\Harddisk0\DR0:
19:30:08.0101 5172 MBR partitions:
19:30:08.0101 5172 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1389000, BlocksNum 0x561BC800
19:30:08.0101 5172 \Device\Harddisk1\DR1:
19:30:08.0103 5172 MBR partitions:
19:30:08.0103 5172 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
19:30:08.0103 5172 \Device\Harddisk2\DR2:
19:30:08.0103 5172 MBR partitions:
19:30:08.0103 5172 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1
19:30:08.0103 5172 ============================================================
19:30:08.0104 5172 C: <-> \Device\Harddisk0\DR0\Partition1
19:30:08.0167 5172 D: <-> \Device\Harddisk2\DR2\Partition1
19:30:08.0221 5172 L: <-> \Device\Harddisk1\DR1\Partition1
19:30:08.0221 5172 ============================================================
19:30:08.0221 5172 Initialize success
19:30:08.0221 5172 ============================================================
19:30:22.0169 0736 ============================================================
19:30:22.0169 0736 Scan started
19:30:22.0169 0736 Mode: Manual;
19:30:22.0169 0736 ============================================================
19:30:22.0543 0736 ================ Scan system memory ========================
19:30:22.0543 0736 System memory - ok
19:30:22.0544 0736 ================ Scan services =============================
19:30:22.0734 0736 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
19:30:22.0740 0736 ACPI - ok
19:30:22.0797 0736 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
19:30:22.0799 0736 adfs - ok
19:30:22.0935 0736 [ 3FD8DC2C9735C2AA70155102CFB93EDA ] AdobeActiveFileMonitor7.0 C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
19:30:22.0939 0736 AdobeActiveFileMonitor7.0 - ok
19:30:23.0077 0736 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:30:23.0079 0736 AdobeARMservice - ok
19:30:23.0229 0736 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:30:23.0234 0736 AdobeFlashPlayerUpdateSvc - ok
19:30:23.0279 0736 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:30:23.0288 0736 adp94xx - ok
19:30:23.0310 0736 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:30:23.0317 0736 adpahci - ok
19:30:23.0326 0736 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:30:23.0329 0736 adpu160m - ok
19:30:23.0344 0736 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:30:23.0348 0736 adpu320 - ok
19:30:23.0405 0736 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:30:23.0406 0736 AeLookupSvc - ok
19:30:23.0471 0736 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
19:30:23.0478 0736 AFD - ok
19:30:23.0525 0736 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:30:23.0527 0736 agp440 - ok
19:30:23.0577 0736 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:30:23.0580 0736 aic78xx - ok
19:30:23.0609 0736 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
19:30:23.0612 0736 ALG - ok
19:30:23.0645 0736 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
19:30:23.0646 0736 aliide - ok
19:30:23.0702 0736 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:30:23.0707 0736 AMD External Events Utility - ok
19:30:23.0868 0736 AMD FUEL Service - ok
19:30:23.0896 0736 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
19:30:23.0898 0736 amdide - ok
19:30:23.0948 0736 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
19:30:23.0950 0736 amdiox64 - ok
19:30:23.0960 0736 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:30:23.0963 0736 AmdK8 - ok
19:30:24.0183 0736 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:30:24.0321 0736 amdkmdag - ok
19:30:24.0347 0736 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:30:24.0353 0736 amdkmdap - ok
19:30:24.0398 0736 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:30:24.0400 0736 AODDriver4.1 - ok
19:30:24.0446 0736 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
19:30:24.0448 0736 Appinfo - ok
19:30:24.0525 0736 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:30:24.0527 0736 Apple Mobile Device - ok
19:30:24.0572 0736 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
19:30:24.0574 0736 arc - ok
19:30:24.0602 0736 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:30:24.0604 0736 arcsas - ok
19:30:24.0655 0736 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:30:24.0656 0736 AsyncMac - ok
19:30:24.0692 0736 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
19:30:24.0693 0736 atapi - ok
19:30:24.0834 0736 [ 60216B0E704584DE6D5A9F59E9C34C47 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:30:24.0909 0736 atikmdag - ok
19:30:24.0966 0736 [ DB0D3DE15EDC96E7529FC0D3F7760894 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
19:30:24.0967 0736 AtiPcie - ok
19:30:25.0018 0736 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:30:25.0026 0736 AudioEndpointBuilder - ok
19:30:25.0037 0736 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:30:25.0042 0736 AudioSrv - ok
19:30:25.0106 0736 [ 5E76DEBBA4311AC1C44DE83D59A9584E ] AVer88xHD C:\Windows\system32\drivers\AVer88xHD64.sys
19:30:25.0114 0736 AVer88xHD - ok
19:30:25.0243 0736 [ 2ED050291BC1D7F9E322E328DB3AAECF ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:30:25.0247 0736 BBSvc - ok
19:30:25.0299 0736 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:30:25.0304 0736 BBUpdate - ok
19:30:25.0328 0736 Beep - ok
19:30:25.0387 0736 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
19:30:25.0394 0736 BFE - ok
19:30:25.0447 0736 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
19:30:25.0466 0736 BITS - ok
19:30:25.0495 0736 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:30:25.0497 0736 blbdrive - ok
19:30:25.0549 0736 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:30:25.0558 0736 Bonjour Service - ok
19:30:25.0602 0736 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:30:25.0605 0736 bowser - ok
19:30:25.0664 0736 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:30:25.0665 0736 BrFiltLo - ok
19:30:25.0712 0736 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:30:25.0714 0736 BrFiltUp - ok
19:30:25.0927 0736 [ A61D617F37456D9D32F98BF70EB5D414 ] BrlAPI C:\cygwin\bin\cygrunsrv.exe
19:30:26.0057 0736 BrlAPI - ok
19:30:26.0097 0736 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
19:30:26.0099 0736 Browser - ok
19:30:26.0144 0736 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
19:30:26.0147 0736 Brserid - ok
19:30:26.0156 0736 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:30:26.0159 0736 BrSerWdm - ok
19:30:26.0176 0736 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:30:26.0178 0736 BrUsbMdm - ok
19:30:26.0197 0736 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:30:26.0199 0736 BrUsbSer - ok
19:30:26.0209 0736 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:30:26.0211 0736 BTHMODEM - ok
19:30:26.0273 0736 [ 551BE1536B27DC056EA4D48275EFB089 ] CAXHWBS2 C:\Windows\system32\DRIVERS\CAXHWBS2.sys
19:30:26.0280 0736 CAXHWBS2 - ok
19:30:26.0299 0736 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:30:26.0301 0736 cdfs - ok
19:30:26.0329 0736 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:30:26.0331 0736 cdrom - ok
19:30:26.0364 0736 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
19:30:26.0366 0736 CertPropSvc - ok
19:30:26.0397 0736 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:30:26.0399 0736 circlass - ok
19:30:26.0446 0736 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
19:30:26.0454 0736 CLFS - ok
19:30:26.0555 0736 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:30:26.0558 0736 clr_optimization_v2.0.50727_32 - ok
19:30:26.0649 0736 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:30:26.0651 0736 clr_optimization_v2.0.50727_64 - ok
19:30:26.0762 0736 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:30:26.0765 0736 clr_optimization_v4.0.30319_32 - ok
19:30:26.0841 0736 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:30:26.0845 0736 clr_optimization_v4.0.30319_64 - ok
19:30:26.0885 0736 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:30:26.0887 0736 cmdide - ok
19:30:26.0904 0736 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:30:26.0906 0736 Compbatt - ok
19:30:26.0916 0736 COMSysApp - ok
19:30:26.0970 0736 [ C08063F052308B6F5882482615387F30 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
19:30:26.0972 0736 cpuz135 - ok
19:30:26.0993 0736 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:30:26.0996 0736 crcdisk - ok
19:30:27.0038 0736 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:30:27.0042 0736 CryptSvc - ok
19:30:27.0185 0736 [ A61D617F37456D9D32F98BF70EB5D414 ] cygserver C:\cygwin\bin\cygrunsrv.exe
19:30:27.0187 0736 cygserver - ok
19:30:27.0272 0736 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:30:27.0295 0736 DcomLaunch - ok
19:30:27.0334 0736 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:30:27.0337 0736 DfsC - ok
19:30:27.0596 0736 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
19:30:27.0647 0736 DFSR - ok
19:30:27.0710 0736 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:30:27.0713 0736 Dhcp - ok
19:30:27.0764 0736 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
19:30:27.0766 0736 disk - ok
19:30:27.0853 0736 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:30:27.0856 0736 Dnscache - ok
19:30:27.0913 0736 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
19:30:27.0918 0736 dot3svc - ok
19:30:27.0961 0736 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
19:30:27.0965 0736 DPS - ok
19:30:28.0031 0736 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:30:28.0032 0736 drmkaud - ok
19:30:28.0106 0736 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:30:28.0119 0736 DXGKrnl - ok
19:30:28.0151 0736 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
19:30:28.0155 0736 E1G60 - ok
19:30:28.0174 0736 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
19:30:28.0176 0736 EapHost - ok
19:30:28.0234 0736 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
19:30:28.0238 0736 Ecache - ok
19:30:28.0384 0736 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:30:28.0397 0736 ehRecvr - ok
19:30:28.0421 0736 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
19:30:28.0424 0736 ehSched - ok
19:30:28.0463 0736 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
19:30:28.0465 0736 ehstart - ok
19:30:28.0501 0736 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:30:28.0508 0736 elxstor - ok
19:30:28.0620 0736 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:30:28.0628 0736 EMDMgmt - ok
19:30:28.0679 0736 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:30:28.0681 0736 ErrDev - ok
19:30:28.0808 0736 [ 4D06D9A26227AC485305133916888DF1 ] ETService C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
19:30:28.0809 0736 ETService - ok
19:30:28.0951 0736 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
19:30:28.0987 0736 EventSystem - ok
19:30:29.0012 0736 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
19:30:29.0016 0736 exfat - ok
19:30:29.0064 0736 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:30:29.0085 0736 fastfat - ok
19:30:29.0132 0736 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:30:29.0133 0736 fdc - ok
19:30:29.0171 0736 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
19:30:29.0173 0736 fdPHost - ok
19:30:29.0187 0736 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
19:30:29.0190 0736 FDResPub - ok
19:30:29.0206 0736 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:30:29.0208 0736 FileInfo - ok
19:30:29.0216 0736 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:30:29.0218 0736 Filetrace - ok
19:30:29.0391 0736 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:30:29.0402 0736 FLEXnet Licensing Service - ok
19:30:29.0429 0736 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:30:29.0430 0736 flpydisk - ok
19:30:29.0488 0736 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:30:29.0494 0736 FltMgr - ok
19:30:29.0578 0736 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
19:30:29.0596 0736 FontCache - ok
19:30:29.0693 0736 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:30:29.0695 0736 FontCache3.0.0.0 - ok
19:30:29.0732 0736 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:30:29.0734 0736 Fs_Rec - ok
19:30:29.0768 0736 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:30:29.0771 0736 gagp30kx - ok
19:30:29.0843 0736 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:30:29.0845 0736 GEARAspiWDM - ok
19:30:29.0892 0736 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
19:30:29.0904 0736 gpsvc - ok
19:30:29.0994 0736 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9619c54e0d3d C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:30:29.0996 0736 gupdate1c9619c54e0d3d - ok
19:30:30.0005 0736 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:30:30.0007 0736 gupdatem - ok
19:30:30.0049 0736 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:30:30.0052 0736 gusvc - ok
19:30:30.0100 0736 [ 8895D459BF7A26445ACD8512CBAE1679 ] hcmon C:\Windows\system32\drivers\hcmon.sys
19:30:30.0102 0736 hcmon - ok
19:30:30.0180 0736 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:30:30.0186 0736 HdAudAddService - ok
19:30:30.0263 0736 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:30:30.0279 0736 HDAudBus - ok
19:30:30.0315 0736 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:30:30.0340 0736 HidBth - ok
19:30:30.0361 0736 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:30:30.0364 0736 HidIr - ok
19:30:30.0424 0736 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
19:30:30.0426 0736 hidserv - ok
19:30:30.0467 0736 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:30:30.0468 0736 HidUsb - ok
19:30:30.0494 0736 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
19:30:30.0497 0736 hkmsvc - ok
19:30:30.0536 0736 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:30:30.0538 0736 HpCISSs - ok
19:30:30.0613 0736 [ 9C369CBC5F19DA9968223197B5205F68 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
19:30:30.0636 0736 HSF_DPV - ok
19:30:30.0684 0736 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:30:30.0694 0736 HTTP - ok
19:30:30.0705 0736 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:30:30.0707 0736 i2omp - ok
19:30:30.0745 0736 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:30:30.0747 0736 i8042prt - ok
19:30:30.0779 0736 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:30:30.0785 0736 iaStorV - ok
19:30:30.0961 0736 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:30:30.0975 0736 idsvc - ok
19:30:30.0984 0736 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:30:30.0987 0736 iirsp - ok
19:30:31.0043 0736 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
19:30:31.0052 0736 IKEEXT - ok
19:30:31.0132 0736 [ 8C7FA71CB1EBCD3EDE8958D27B1BF0B4 ] int15 C:\Windows\SysWOW64\drivers\int15_64.sys
19:30:31.0134 0736 int15 - ok
19:30:31.0142 0736 IntcAzAudAddService - ok
19:30:31.0152 0736 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
19:30:31.0154 0736 intelide - ok
19:30:31.0162 0736 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:30:31.0164 0736 intelppm - ok
19:30:31.0190 0736 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:30:31.0209 0736 IPBusEnum - ok
19:30:31.0258 0736 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:30:31.0284 0736 IpFilterDriver - ok
19:30:31.0334 0736 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:30:31.0339 0736 iphlpsvc - ok
19:30:31.0347 0736 IpInIp - ok
19:30:31.0403 0736 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:30:31.0405 0736 IPMIDRV - ok
19:30:31.0419 0736 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:30:31.0421 0736 IPNAT - ok
19:30:31.0590 0736 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:30:31.0601 0736 iPod Service - ok
19:30:31.0609 0736 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:30:31.0610 0736 IRENUM - ok
19:30:31.0633 0736 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:30:31.0635 0736 isapnp - ok
19:30:31.0712 0736 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:30:31.0716 0736 iScsiPrt - ok
19:30:31.0725 0736 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:30:31.0727 0736 iteatapi - ok
19:30:31.0735 0736 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:30:31.0737 0736 iteraid - ok
19:30:31.0761 0736 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:30:31.0763 0736 kbdclass - ok
19:30:31.0803 0736 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:30:31.0805 0736 kbdhid - ok
19:30:31.0844 0736 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
19:30:31.0846 0736 KeyIso - ok
19:30:31.0922 0736 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:30:31.0939 0736 KSecDD - ok
19:30:32.0026 0736 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:30:32.0027 0736 ksthunk - ok
19:30:32.0085 0736 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
19:30:32.0093 0736 KtmRm - ok
19:30:32.0138 0736 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:30:32.0143 0736 LanmanServer - ok
19:30:32.0172 0736 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:30:32.0178 0736 LanmanWorkstation - ok
19:30:32.0228 0736 [ 3C46290F7A5D45BA6EF32C248E22AA69 ] Lbd C:\Windows\system32\DRIVERS\Lbd.sys
19:30:32.0230 0736 Lbd - ok
19:30:32.0252 0736 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:30:32.0254 0736 lltdio - ok
19:30:32.0277 0736 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:30:32.0283 0736 lltdsvc - ok
19:30:32.0297 0736 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:30:32.0299 0736 lmhosts - ok
19:30:32.0305 0736 LMIInfo - ok
19:30:32.0357 0736 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
19:30:32.0359 0736 lmimirr - ok
19:30:32.0382 0736 LMIRfsClientNP - ok
19:30:32.0406 0736 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
19:30:32.0409 0736 LMIRfsDriver - ok
19:30:32.0449 0736 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:30:32.0453 0736 LSI_FC - ok
19:30:32.0466 0736 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:30:32.0469 0736 LSI_SAS - ok
19:30:32.0478 0736 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:30:32.0482 0736 LSI_SCSI - ok
19:30:32.0515 0736 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
19:30:32.0517 0736 luafv - ok
19:30:32.0678 0736 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
19:30:32.0772 0736 LVUVC64 - ok
19:30:32.0859 0736 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:30:32.0860 0736 MBAMProtector - ok
19:30:32.0900 0736 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:30:32.0907 0736 MBAMScheduler - ok
19:30:32.0944 0736 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:30:32.0956 0736 MBAMService - ok
19:30:33.0016 0736 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
19:30:33.0070 0736 mcdbus - ok
19:30:33.0113 0736 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:30:33.0116 0736 Mcx2Svc - ok
19:30:33.0141 0736 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:30:33.0143 0736 mdmxsdk - ok
19:30:33.0167 0736 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
19:30:33.0169 0736 megasas - ok
19:30:33.0206 0736 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
19:30:33.0214 0736 MegaSR - ok
19:30:33.0295 0736 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
19:30:33.0298 0736 Microsoft Office Groove Audit Service - ok
19:30:33.0315 0736 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
19:30:33.0317 0736 MMCSS - ok
19:30:33.0332 0736 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
19:30:33.0334 0736 Modem - ok
19:30:33.0364 0736 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:30:33.0365 0736 monitor - ok
19:30:33.0381 0736 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:30:33.0384 0736 mouclass - ok
19:30:33.0399 0736 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:30:33.0400 0736 mouhid - ok
19:30:33.0415 0736 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:30:33.0418 0736 MountMgr - ok
19:30:33.0462 0736 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:30:33.0465 0736 MozillaMaintenance - ok
19:30:33.0528 0736 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:30:33.0532 0736 MpFilter - ok
19:30:33.0563 0736 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
19:30:33.0567 0736 mpio - ok
19:30:33.0594 0736 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:30:33.0597 0736 mpsdrv - ok
19:30:33.0643 0736 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
19:30:33.0653 0736 MpsSvc - ok
19:30:33.0663 0736 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:30:33.0666 0736 Mraid35x - ok
19:30:33.0699 0736 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:30:33.0702 0736 MRxDAV - ok
19:30:33.0757 0736 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:30:33.0760 0736 mrxsmb - ok
19:30:33.0813 0736 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:30:33.0818 0736 mrxsmb10 - ok
19:30:33.0874 0736 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:30:33.0876 0736 mrxsmb20 - ok
19:30:33.0897 0736 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
19:30:33.0899 0736 msahci - ok
19:30:33.0907 0736 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:30:33.0910 0736 msdsm - ok
19:30:33.0939 0736 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
19:30:33.0943 0736 MSDTC - ok
19:30:33.0964 0736 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:30:33.0965 0736 Msfs - ok
19:30:34.0001 0736 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:30:34.0002 0736 msisadrv - ok
19:30:34.0024 0736 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:30:34.0028 0736 MSiSCSI - ok
19:30:34.0035 0736 msiserver - ok
19:30:34.0075 0736 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:30:34.0076 0736 MSKSSRV - ok
19:30:34.0126 0736 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:30:34.0128 0736 MsMpSvc - ok
19:30:34.0147 0736 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:30:34.0149 0736 MSPCLOCK - ok
19:30:34.0160 0736 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:30:34.0162 0736 MSPQM - ok
19:30:34.0194 0736 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:30:34.0201 0736 MsRPC - ok
19:30:34.0238 0736 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:30:34.0239 0736 mssmbios - ok
19:30:34.0329 0736 MSSQL$SQLEXPRESS - ok
19:30:34.0447 0736 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
19:30:34.0449 0736 MSSQLServerADHelper100 - ok
19:30:34.0467 0736 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:30:34.0470 0736 MSTEE - ok
19:30:34.0741 0736 [ CB4A082AF58D1A0969F931816D5CFB05 ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
19:30:34.0815 0736 msvsmon90 - ok
19:30:34.0862 0736 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
19:30:34.0865 0736 Mup - ok
19:30:34.0923 0736 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
19:30:34.0931 0736 napagent - ok
19:30:34.0982 0736 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:30:34.0986 0736 NativeWifiP - ok
19:30:35.0055 0736 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:30:35.0067 0736 NDIS - ok
19:30:35.0107 0736 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:30:35.0108 0736 NdisTapi - ok
19:30:35.0120 0736 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:30:35.0121 0736 Ndisuio - ok
19:30:35.0171 0736 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:30:35.0175 0736 NdisWan - ok
19:30:35.0210 0736 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:30:35.0212 0736 NDProxy - ok
19:30:35.0230 0736 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:30:35.0232 0736 NetBIOS - ok
19:30:35.0269 0736 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:30:35.0274 0736 netbt - ok
19:30:35.0302 0736 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
19:30:35.0303 0736 Netlogon - ok
19:30:35.0342 0736 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
19:30:35.0349 0736 Netman - ok
19:30:35.0365 0736 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
19:30:35.0372 0736 netprofm - ok
19:30:35.0403 0736 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:30:35.0405 0736 NetTcpPortSharing - ok
19:30:35.0423 0736 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:30:35.0426 0736 nfrd960 - ok
19:30:35.0479 0736 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:30:35.0482 0736 NisDrv - ok
19:30:35.0539 0736 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:30:35.0546 0736 NisSrv - ok
19:30:35.0569 0736 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
19:30:35.0574 0736 NlaSvc - ok
19:30:35.0614 0736 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:30:35.0616 0736 Npfs - ok
19:30:35.0647 0736 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
19:30:35.0650 0736 nsi - ok
19:30:35.0660 0736 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:30:35.0662 0736 nsiproxy - ok
19:30:35.0734 0736 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:30:35.0758 0736 Ntfs - ok
19:30:35.0797 0736 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
19:30:35.0798 0736 Null - ok
19:30:35.0850 0736 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:30:35.0853 0736 nvraid - ok
19:30:35.0861 0736 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:30:35.0864 0736 nvstor - ok
19:30:35.0873 0736 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:30:35.0877 0736 nv_agp - ok
19:30:35.0886 0736 NwlnkFlt - ok
19:30:35.0896 0736 NwlnkFwd - ok
19:30:35.0979 0736 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:30:35.0987 0736 odserv - ok
19:30:36.0034 0736 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:30:36.0036 0736 ohci1394 - ok
19:30:36.0088 0736 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:30:36.0091 0736 ose - ok
19:30:36.0150 0736 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:30:36.0163 0736 p2pimsvc - ok
19:30:36.0180 0736 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
19:30:36.0187 0736 p2psvc - ok
19:30:36.0234 0736 [ 4C6A7FD04DDF4DB88791048382E3EDB1 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:30:36.0237 0736 Parport - ok
19:30:36.0276 0736 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:30:36.0279 0736 partmgr - ok
19:30:36.0353 0736 [ 55223EEFABFDB84A926515FEBAB50D9A ] pbfilter C:\Program Files\PeerBlock\pbfilter.sys
19:30:36.0355 0736 pbfilter - ok
19:30:36.0388 0736 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
19:30:36.0391 0736 PcaSvc - ok
19:30:36.0426 0736 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
19:30:36.0430 0736 pci - ok
19:30:36.0483 0736 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
19:30:36.0484 0736 pciide - ok
19:30:36.0511 0736 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:30:36.0516 0736 pcmcia - ok
19:30:36.0554 0736 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:30:36.0566 0736 PEAUTH - ok
19:30:36.0599 0736 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:30:36.0602 0736 PerfHost - ok
19:30:36.0670 0736 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
19:30:36.0692 0736 pla - ok
19:30:36.0743 0736 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:30:36.0750 0736 PlugPlay - ok
19:30:36.0769 0736 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:30:36.0777 0736 PNRPAutoReg - ok
19:30:36.0796 0736 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:30:36.0805 0736 PNRPsvc - ok
19:30:36.0858 0736 [ A6D06378F37BDBA0C0019294C2AABBD0 ] Point64 C:\Windows\system32\DRIVERS\point64k.sys
19:30:36.0860 0736 Point64 - ok
19:30:36.0914 0736 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:30:36.0924 0736 PolicyAgent - ok
19:30:36.0978 0736 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:30:36.0981 0736 PptpMiniport - ok
19:30:37.0013 0736 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:30:37.0014 0736 Processor - ok
19:30:37.0047 0736 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
19:30:37.0052 0736 ProfSvc - ok
19:30:37.0076 0736 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
19:30:37.0078 0736 ProtectedStorage - ok
19:30:37.0114 0736 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:30:37.0117 0736 PSched - ok
19:30:37.0145 0736 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
19:30:37.0147 0736 PxHlpa64 - ok
19:30:37.0197 0736 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:30:37.0216 0736 ql2300 - ok
19:30:37.0227 0736 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:30:37.0230 0736 ql40xx - ok
19:30:37.0272 0736 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
19:30:37.0279 0736 QWAVE - ok
19:30:37.0303 0736 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:30:37.0304 0736 QWAVEdrv - ok
19:30:37.0322 0736 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:30:37.0323 0736 RasAcd - ok
19:30:37.0359 0736 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
19:30:37.0362 0736 RasAuto - ok
19:30:37.0395 0736 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:30:37.0399 0736 Rasl2tp - ok
19:30:37.0424 0736 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
19:30:37.0431 0736 RasMan - ok
19:30:37.0480 0736 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:30:37.0482 0736 RasPppoe - ok
19:30:37.0526 0736 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:30:37.0529 0736 RasSstp - ok
19:30:37.0568 0736 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:30:37.0574 0736 rdbss - ok
19:30:37.0605 0736 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:30:37.0606 0736 RDPCDD - ok
19:30:37.0643 0736 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:30:37.0649 0736 rdpdr - ok
19:30:37.0656 0736 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:30:37.0657 0736 RDPENCDD - ok
19:30:37.0709 0736 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:30:37.0714 0736 RDPWD - ok
19:30:37.0733 0736 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:30:37.0737 0736 RemoteAccess - ok
19:30:37.0765 0736 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:30:37.0770 0736 RemoteRegistry - ok
19:30:37.0827 0736 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
19:30:37.0829 0736 RpcLocator - ok
19:30:37.0877 0736 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
19:30:37.0886 0736 RpcSs - ok
19:30:37.0908 0736 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:30:37.0911 0736 rspndr - ok
19:30:37.0943 0736 RSUSBSTOR - ok
19:30:37.0989 0736 [ F8DA8FC39CE5859C0D8C0FE6524CE465 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
19:30:37.0993 0736 RTHDMIAzAudService - ok
19:30:38.0002 0736 Rts516xIR - ok
19:30:38.0026 0736 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
19:30:38.0028 0736 SamSs - ok
19:30:38.0060 0736 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:30:38.0063 0736 sbp2port - ok
19:30:38.0107 0736 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:30:38.0112 0736 SCardSvr - ok
19:30:38.0173 0736 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
19:30:38.0187 0736 Schedule - ok
19:30:38.0228 0736 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:30:38.0229 0736 SCPolicySvc - ok
19:30:38.0256 0736 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:30:38.0260 0736 SDRSVC - ok
19:30:38.0275 0736 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:30:38.0277 0736 secdrv - ok
19:30:38.0288 0736 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
19:30:38.0291 0736 seclogon - ok
19:30:38.0303 0736 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
19:30:38.0306 0736 SENS - ok
19:30:38.0321 0736 [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:30:38.0322 0736 Serenum - ok
19:30:38.0336 0736 [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:30:38.0339 0736 Serial - ok
19:30:38.0371 0736 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:30:38.0373 0736 sermouse - ok
19:30:38.0415 0736 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
19:30:38.0418 0736 SessionEnv - ok
19:30:38.0427 0736 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:30:38.0429 0736 sffdisk - ok
19:30:38.0438 0736 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:30:38.0440 0736 sffp_mmc - ok
19:30:38.0449 0736 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:30:38.0450 0736 sffp_sd - ok
19:30:38.0458 0736 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:30:38.0460 0736 sfloppy - ok
19:30:38.0497 0736 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:30:38.0504 0736 SharedAccess - ok
19:30:38.0561 0736 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:30:38.0568 0736 ShellHWDetection - ok
19:30:38.0576 0736 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:30:38.0579 0736 SiSRaid2 - ok
19:30:38.0604 0736 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:30:38.0607 0736 SiSRaid4 - ok
19:30:38.0660 0736 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:30:38.0663 0736 SkypeUpdate - ok
19:30:38.0769 0736 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
19:30:38.0808 0736 slsvc - ok
19:30:38.0857 0736 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:30:38.0861 0736 SLUINotify - ok
19:30:38.0910 0736 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:30:38.0913 0736 Smb - ok
19:30:38.0947 0736 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:30:38.0950 0736 SNMPTRAP - ok
19:30:38.0997 0736 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
19:30:38.0999 0736 spldr - ok
19:30:39.0051 0736 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
19:30:39.0058 0736 Spooler - ok
19:30:39.0150 0736 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
19:30:39.0150 0736 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
19:30:39.0154 0736 sptd ( LockedFile.Multi.Generic ) - warning
19:30:39.0154 0736 sptd - detected LockedFile.Multi.Generic (1)
19:30:39.0192 0736 [ EB2FD937449B7ACEB39372F875EB8E78 ] SQLAgent$SQLEXPRESS c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
19:30:39.0199 0736 SQLAgent$SQLEXPRESS - ok
19:30:39.0279 0736 [ 99DE6ACFA5CA83FAD6A765C81C6F129F ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:30:39.0284 0736 SQLBrowser - ok
19:30:39.0355 0736 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:30:39.0358 0736 SQLWriter - ok
19:30:39.0407 0736 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
19:30:39.0416 0736 srv - ok
19:30:39.0461 0736 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:30:39.0465 0736 srv2 - ok
19:30:39.0490 0736 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:30:39.0493 0736 srvnet - ok
19:30:39.0543 0736 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:30:39.0548 0736 SSDPSRV - ok
19:30:39.0564 0736 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:30:39.0569 0736 SstpSvc - ok
19:30:39.0617 0736 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
19:30:39.0628 0736 stisvc - ok
19:30:39.0657 0736 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:30:39.0659 0736 swenum - ok
19:30:39.0754 0736 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:30:39.0763 0736 SwitchBoard - ok
19:30:39.0856 0736 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
19:30:39.0865 0736 swprv - ok
19:30:39.0884 0736 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:30:39.0886 0736 Symc8xx - ok
19:30:39.0894 0736 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:30:39.0896 0736 Sym_hi - ok
19:30:39.0905 0736 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:30:39.0907 0736 Sym_u3 - ok
19:30:39.0960 0736 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
19:30:39.0975 0736 SysMain - ok
19:30:39.0997 0736 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:30:40.0001 0736 TabletInputService - ok
19:30:40.0054 0736 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:30:40.0061 0736 TapiSrv - ok
19:30:40.0088 0736 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
19:30:40.0091 0736 TBS - ok
19:30:40.0166 0736 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:30:40.0189 0736 Tcpip - ok
19:30:40.0217 0736 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:30:40.0229 0736 Tcpip6 - ok
19:30:40.0260 0736 [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:30:40.0262 0736 tcpipreg - ok
19:30:40.0291 0736 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:30:40.0292 0736 TDPIPE - ok
19:30:40.0301 0736 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:30:40.0303 0736 TDTCP - ok
19:30:40.0333 0736 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:30:40.0336 0736 tdx - ok
19:30:40.0367 0736 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:30:40.0369 0736 TermDD - ok
19:30:40.0419 0736 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
19:30:40.0429 0736 TermService - ok
19:30:40.0461 0736 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
19:30:40.0465 0736 Themes - ok
19:30:40.0505 0736 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
19:30:40.0507 0736 THREADORDER - ok
19:30:
-
That does not appear to be the complete TDSSKiller log. Could you please run it again and just post the bottom 10 lines of the log?
-
14:04:57.0761 4580 ================ Scan global ===============================
14:04:57.0793 4580 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
14:04:57.0834 4580 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
14:04:57.0851 4580 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
14:04:57.0897 4580 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
14:04:57.0902 4580 [Global] - ok
14:04:57.0903 4580 ================ Scan MBR ==================================
14:04:57.0921 4580 [ B751AF1ACDDD7A1A71313731839F4ECB ] \Device\Harddisk0\DR0
14:05:00.0571 4580 \Device\Harddisk0\DR0 - ok
14:05:00.0586 4580 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
14:05:00.0590 4580 \Device\Harddisk1\DR1 - ok
14:05:00.0596 4580 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
14:05:00.0895 4580 \Device\Harddisk2\DR2 - ok
14:05:00.0896 4580 ================ Scan VBR ==================================
14:05:00.0901 4580 [ AB2522FC70605093AF8A9F7397AFBB75 ] \Device\Harddisk0\DR0\Partition1
14:05:00.0902 4580 \Device\Harddisk0\DR0\Partition1 - ok
14:05:00.0911 4580 [ F5BE331CDEDDC5FE4288744E7456CB28 ] \Device\Harddisk1\DR1\Partition1
14:05:00.0913 4580 \Device\Harddisk1\DR1\Partition1 - ok
14:05:00.0920 4580 [ 27693C0DC8219674FFDA01A04EF5AF78 ] \Device\Harddisk2\DR2\Partition1
14:05:00.0922 4580 \Device\Harddisk2\DR2\Partition1 - ok
14:05:00.0924 4580 ============================================================
14:05:00.0925 4580 Scan finished
14:05:00.0925 4580 ============================================================
14:05:00.0949 5484 Detected object count: 1
14:05:00.0949 5484 Actual detected object count: 1
14:05:21.0270 5484 sptd ( LockedFile.Multi.Generic ) - skipped by user
14:05:21.0270 5484 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
-
Please run TDSSKiller again and, this time, You need to choose action Cure
-
Cure is not one of the options. I assume you mean Delete. See attached.
[year+ old attachment deleted by admin]
-
Cure is not one of the options. I assume you mean Delete. See attached.
Sorry, please use "delete".
-
Machine was rebooted. I can't believe this is such a problem. :P Thanks very much for spending so much time on it.
18:17:23.0309 3720 ================ Scan global ===============================
18:17:23.0387 3720 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
18:17:23.0574 3720 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
18:17:23.0652 3720 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
18:17:23.0870 3720 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
18:17:23.0870 3720 [Global] - ok
18:17:23.0870 3720 ================ Scan MBR ==================================
18:17:23.0948 3720 [ B751AF1ACDDD7A1A71313731839F4ECB ] \Device\Harddisk0\DR0
18:17:26.0805 3720 \Device\Harddisk0\DR0 - ok
18:17:26.0884 3720 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
18:17:26.0894 3720 \Device\Harddisk1\DR1 - ok
18:17:26.0907 3720 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
18:17:27.0263 3720 \Device\Harddisk2\DR2 - ok
18:17:27.0264 3720 ================ Scan VBR ==================================
18:17:27.0298 3720 [ AB2522FC70605093AF8A9F7397AFBB75 ] \Device\Harddisk0\DR0\Partition1
18:17:27.0299 3720 \Device\Harddisk0\DR0\Partition1 - ok
18:17:27.0306 3720 [ F5BE331CDEDDC5FE4288744E7456CB28 ] \Device\Harddisk1\DR1\Partition1
18:17:27.0309 3720 \Device\Harddisk1\DR1\Partition1 - ok
18:17:27.0327 3720 [ 27693C0DC8219674FFDA01A04EF5AF78 ] \Device\Harddisk2\DR2\Partition1
18:17:27.0329 3720 \Device\Harddisk2\DR2\Partition1 - ok
18:17:27.0357 3720 ============================================================
18:17:27.0357 3720 Scan finished
18:17:27.0357 3720 ============================================================
18:17:27.0467 4396 Detected object count: 1
18:17:27.0467 4396 Actual detected object count: 1
18:17:32.0013 4396 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
18:17:32.0132 4396 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
18:17:32.0166 4396 HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted on reboot
18:17:32.0953 4396 C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot
18:17:32.0953 4396 sptd ( LockedFile.Multi.Generic ) - User select action: Delete
-
Any change?
-
Well like i said above, it's definitely better than it was, but still at least 25% of pages have problems loading. I'm starting to think that I might have to reformat.
-
Well like i said above, it's definitely better than it was, but still at least 25% of pages have problems loading. I'm starting to think that I might have to reformat.
That would be your best option which will give you virtually a new computer.
-
Well thanks for your help dude.
-
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.