Jump to content

Have Google Redirect Virus - April 2012


Recommended Posts

So I'm pretty sure I picked up some nasty malware/virus while streaming tv shows a month back. I've been unable to start Windows security center or Microsoft Security Essentials and I get redirected if I click on the top Google links. However, I can't seem to find the stupid thing (used malware bytes, Spybot Search & Destroy, Kapresky stuff, etc).

I've attached below my logs from running DDS. Thanks, Alex.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by User at 1:35:52 on 2012-04-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1979.542 [GMT 1:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\rundll32.exe

C:\Program Files\Windows Home Server\esClient.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Windows Home Server\WHSConnector.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\dvd43\DVD43_Tray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Live\Mesh\WLSync.exe

C:\Program Files\Windows Home Server\WHSTrayApp.exe

C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Users\User\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\Program Files\Windows Live\Mesh\MOE.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll

mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll

TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll

uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [WLSync] "c:\program files\windows live\mesh\WLSync.exe" /background

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe

StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{19D515E1-851B-4B8B-B932-FED1713FC829} : DhcpNameServer = 8.8.8.8

TCP: Interfaces\{1CAC04CD-6190-4548-83B7-7D9E69D64440} : DhcpNameServer = 192.168.2.254

TCP: Interfaces\{24361609-8878-4E49-81C8-CAEC513AF1CE} : DhcpNameServer = 192.168.22.1

TCP: Interfaces\{9ECA6236-A346-4024-AD93-2F771B7C5548} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{9ECA6236-A346-4024-AD93-2F771B7C5548}\D49616F6 : DhcpNameServer = 192.168.22.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 239472]

R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2011-1-10 97136]

R2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\hewlett-packard\hp mediasmart server\MSSConnectorService.exe [2009-10-5 20992]

R2 MediaCollectorService;MediaCollectorService;c:\program files\hewlett-packard\hp mediasmart server\MediaCollectorClient.exe [2009-10-5 81920]

R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-2-9 198136]

R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]

R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-10-31 7522304]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-2-4 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-2-6 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2012-04-05 00:28:11 -------- d-----w- c:\users\user\appdata\roaming\QuickScan

2012-04-04 23:48:10 -------- d-----w- c:\users\user\appdata\local\{DA52D89C-6741-48D5-BEF0-C77F65DF6450}

2012-04-04 23:47:55 -------- d-----w- c:\users\user\appdata\local\{44EFC2E9-F48E-4579-8084-3BCF813A67FD}

2012-04-04 23:37:45 -------- d-----w- c:\users\user\appdata\local\{11AC4AD2-9364-4E52-87CD-A62C97BA2558}

2012-04-04 23:37:34 -------- d-----w- c:\users\user\appdata\local\{C77C6E00-5A1F-47B3-B81D-87CDF094698C}

2012-04-04 23:32:11 -------- d-----w- c:\users\user\appdata\local\{AD0C51B0-A32B-452C-8F86-9E970B449E8E}

2012-04-04 23:31:29 -------- d-----w- c:\users\user\appdata\local\{E25260D0-4336-4241-B68C-10D2BCF8BE80}

2012-04-04 08:04:18 -------- d-----w- c:\users\user\appdata\local\{F571CE18-FA07-4926-AEAD-3DBF2DE175B3}

2012-04-03 19:29:07 -------- d-----w- c:\users\user\appdata\local\{1950F180-56CF-485B-B3D4-EB440FB85E05}

2012-04-01 19:28:05 -------- d-----w- c:\users\user\appdata\local\{2431BC81-0526-4D96-8574-9EAE2D83692C}

2012-03-28 22:54:20 -------- d-----w- c:\programdata\SecTaskMan

2012-03-28 22:54:16 -------- d-----w- c:\program files\Security Task Manager

2012-03-28 16:16:37 -------- d-----w- c:\users\user\appdata\local\{F8E314AA-5136-4E11-8847-481E2AA13915}

2012-03-28 04:16:12 -------- d-----w- c:\users\user\appdata\local\{52F97560-D165-4FC6-83E9-ED88F069CEFB}

2012-03-28 04:15:58 -------- d-----w- c:\users\user\appdata\local\{E1C90403-E9FD-48BB-8313-5803E8CE120B}

2012-03-27 22:45:09 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes

2012-03-27 22:45:03 -------- d-----w- c:\programdata\Malwarebytes

2012-03-27 22:45:02 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-27 22:45:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-27 19:48:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-03-27 19:48:46 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-03-27 11:09:14 -------- d-----w- c:\users\user\appdata\local\{FF22158D-3FF5-4CCE-BFB0-D569907047BD}

2012-03-27 11:09:04 -------- d-----w- c:\users\user\appdata\local\{37C44D95-1D83-42EE-BBE0-3E44FEB51D8A}

2012-03-26 23:08:34 -------- d-----w- c:\users\user\appdata\local\{B637B6DC-B05A-45CD-BBC8-753CF7300655}

2012-03-26 23:08:20 -------- d-----w- c:\users\user\appdata\local\{AA8F9A57-F2FB-4569-A28D-5C15ED615A08}

2012-03-26 11:07:44 -------- d-----w- c:\users\user\appdata\local\{795B9476-D3FB-4458-90F8-C241E694ABCF}

2012-03-25 23:07:17 -------- d-----w- c:\users\user\appdata\local\{E2CB7C1A-C337-48AB-83BF-F2741DCB17A3}

2012-03-25 13:26:41 102912 --sha-r- c:\windows\system32\C_20297U.dll

2012-03-25 11:06:51 -------- d-----w- c:\users\user\appdata\local\{F349DA42-595E-46D9-B57D-EBAD44176A65}

2012-03-25 01:05:19 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bba6c972-5613-475a-9c65-7219a969ac74}\mpengine.dll

2012-03-24 21:48:33 -------- d-----w- c:\users\user\appdata\local\{CC281EF0-D0FC-4579-9C6D-77C5356DF509}

2012-03-24 09:48:07 -------- d-----w- c:\users\user\appdata\local\{C865FA18-6A64-4740-9F38-BED6A86621AA}

2012-03-23 21:47:40 -------- d-----w- c:\users\user\appdata\local\{629F079B-0C10-465C-8965-637A0AE91915}

2012-03-23 21:47:28 -------- d-----w- c:\users\user\appdata\local\{CDFBF0BE-AD29-4437-9238-B502DB1E9A05}

2012-03-23 09:46:58 -------- d-----w- c:\users\user\appdata\local\{4218EA18-EC41-465E-9CA5-F92081AB2124}

2012-03-22 21:46:28 -------- d-----w- c:\users\user\appdata\local\{852A4EE3-F1A8-4845-912E-C91D2BDD9536}

2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr

2012-03-22 09:45:54 -------- d-----w- c:\users\user\appdata\local\{5F780C63-EE79-47A4-8AEA-2E16D1D75228}

2012-03-22 09:45:36 -------- d-----w- c:\users\user\appdata\local\{8367E30D-0F5A-4E08-A325-D63C897C3DDB}

2012-03-21 21:45:05 -------- d-----w- c:\users\user\appdata\local\{CEFB68C2-23D5-4038-A94E-4B4ED71A83EC}

2012-03-21 21:44:43 -------- d-----w- c:\users\user\appdata\local\{5DD56B2D-DFBA-4616-8574-3BE951BD8015}

2012-03-21 09:44:13 -------- d-----w- c:\users\user\appdata\local\{F789D451-EA24-4037-BF34-801DA4879F30}

2012-03-20 21:30:35 -------- d-----w- c:\users\user\appdata\local\{722B28B7-19E0-45BB-BB95-A8BE7ABC7EB9}

2012-03-20 21:30:23 -------- d-----w- c:\users\user\appdata\local\{1A6BEE46-9917-4D9A-9A4D-B4277ABAFAA5}

2012-03-20 09:29:57 -------- d-----w- c:\users\user\appdata\local\{9F3F579A-6746-49E8-89C0-46C3FEF906E8}

2012-03-19 21:29:30 -------- d-----w- c:\users\user\appdata\local\{0EFA30F7-A5FE-4F85-8EF1-7EBB5366C853}

2012-03-19 09:29:03 -------- d-----w- c:\users\user\appdata\local\{F166E2AC-7C9F-4CCE-8C99-A1254B5B176B}

2012-03-18 20:09:20 -------- d-----w- c:\users\user\appdata\local\{A9EC69F8-FC0D-493E-B3AD-ACDB04EBD70F}

2012-03-18 20:09:08 -------- d-----w- c:\users\user\appdata\local\{9BDD5B82-0F6D-45C0-A681-28E4FDC96E2D}

2012-03-18 15:49:27 -------- d-----w- c:\users\user\appdata\local\{F906A9B5-7673-453A-881B-7EC6B8954807}

2012-03-18 08:45:25 -------- d-----w- c:\users\user\appdata\local\{75839C79-D634-4E71-8633-9B02D81DC1D2}

2012-03-18 08:31:08 -------- d-----w- c:\users\user\appdata\local\{4D06B50E-49B6-4BBF-A2BE-2DE1F7D83154}

2012-03-17 23:01:22 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys

2012-03-17 23:01:17 -------- d-----w- c:\program files\dvd43

2012-03-17 20:31:20 805376 ----a-w- c:\windows\system32\FntCache.dll

2012-03-17 20:31:19 739840 ----a-w- c:\windows\system32\d2d1.dll

2012-03-17 11:27:44 -------- d-----w- c:\users\user\appdata\local\{9FFEFE9A-B81E-43F5-88E3-04014EBFD7A3}

2012-03-17 09:10:42 -------- d-----w- c:\users\user\appdata\local\{936F39CE-C69D-44BA-8703-52FF3AA00D1C}

2012-03-16 21:10:13 -------- d-----w- c:\users\user\appdata\local\{1393C591-581C-42D4-AABB-1208842CBD23}

2012-03-16 21:10:00 -------- d-----w- c:\users\user\appdata\local\{146BB4C5-3001-407A-AF2A-B9C5D067035C}

2012-03-16 20:28:14 -------- d-----w- c:\users\user\appdata\roaming\HandBrake

2012-03-16 09:09:31 -------- d-----w- c:\users\user\appdata\local\{BF2C2B0B-7AB4-41B5-A73B-A9AC64978C63}

2012-03-15 21:09:04 -------- d-----w- c:\users\user\appdata\local\{48A62693-A3C8-4949-B350-2385A212789A}

2012-03-15 21:08:52 -------- d-----w- c:\users\user\appdata\local\{E1316B6B-1B84-453F-8F8E-AC1D704DA27E}

2012-03-15 09:08:25 -------- d-----w- c:\users\user\appdata\local\{59D2290D-56E5-468C-A3E9-2567C89BF080}

2012-03-15 09:08:14 -------- d-----w- c:\users\user\appdata\local\{E8A68F7C-1DF5-40BD-8493-8952C151259E}

2012-03-15 03:01:06 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-15 03:01:05 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-15 01:12:08 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll

2012-03-15 01:12:05 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2012-03-15 01:12:05 517448 ----a-w- c:\windows\system32\XAudio2_4.dll

2012-03-15 01:12:04 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll

2012-03-15 01:11:04 -------- d-----w- c:\program files\Lightworks

2012-03-15 00:36:48 -------- d-----w- c:\program files\OSSBuild

2012-03-15 00:27:21 -------- d-----w- c:\program files\Handbrake

2012-03-14 23:47:46 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-14 21:07:46 -------- d-----w- c:\users\user\appdata\local\{43578E7F-D5CC-4FC5-B819-02D9D47D5D20}

2012-03-13 23:50:39 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-03-13 23:50:37 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-03-13 23:49:24 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-13 23:49:23 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-13 23:49:23 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-13 23:49:21 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-13 23:49:20 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-13 23:49:19 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-13 20:22:48 -------- d-----w- c:\users\user\appdata\local\{5D7B04F4-5FB9-4BB9-A66B-B4A578C1CC9D}

2012-03-13 08:22:20 -------- d-----w- c:\users\user\appdata\local\{DB1719BD-9B99-42D8-9031-6FB64503AB3B}

2012-03-12 20:21:46 -------- d-----w- c:\users\user\appdata\local\{CE7555EE-3551-4017-917A-1B0808DD06EB}

2012-03-12 08:21:12 -------- d-----w- c:\users\user\appdata\local\{9696A130-C1A8-4369-A31F-6787DE0B378E}

2012-03-12 08:21:02 -------- d-----w- c:\users\user\appdata\local\{CED101E3-826E-4181-B41F-4947A36FC8A4}

2012-03-11 20:20:31 -------- d-----w- c:\users\user\appdata\local\{7837F59C-BACA-4631-8AFD-F012B59617D3}

2012-03-11 08:19:57 -------- d-----w- c:\users\user\appdata\local\{7535A5FB-41B6-433D-B6B9-EFFD5334ABF8}

2012-03-10 20:19:30 -------- d-----w- c:\users\user\appdata\local\{56B0F915-841B-4C47-81BD-A564B58E3A3F}

2012-03-10 08:19:03 -------- d-----w- c:\users\user\appdata\local\{04280C3C-899F-4FA4-85B2-173FAEB0D86F}

2012-03-09 22:12:37 -------- d-----w- c:\program files\VideoLAN

2012-03-09 20:18:38 -------- d-----w- c:\users\user\appdata\local\{40052EF2-FE70-42E2-A90C-F299ABF49A13}

2012-03-09 08:18:14 -------- d-----w- c:\users\user\appdata\local\{B7BEEB4C-CCB1-4679-86AD-2742B8F08ECE}

2012-03-09 08:18:03 -------- d-----w- c:\users\user\appdata\local\{7E75D24E-D88D-412D-87BC-B794ADD52A6D}

2012-03-08 20:17:36 -------- d-----w- c:\users\user\appdata\local\{474D65CB-6EE1-47C7-A169-97DE22301D52}

2012-03-08 08:17:11 -------- d-----w- c:\users\user\appdata\local\{B1EDEABF-3305-458B-819F-4A4294F313AC}

2012-03-07 20:16:47 -------- d-----w- c:\users\user\appdata\local\{AAE87A0B-AF35-492E-BA52-5CB2465F1256}

2012-03-07 20:16:36 -------- d-----w- c:\users\user\appdata\local\{72A8F409-8774-462D-9B65-1DFA7AE24B4A}

2012-03-07 08:16:08 -------- d-----w- c:\users\user\appdata\local\{3768BCE2-30F8-4F8B-84CD-9BF63B68E5FB}

2012-03-07 08:15:57 -------- d-----w- c:\users\user\appdata\local\{83B6C3A2-F141-4AE1-94D8-E2C3427567A5}

2012-03-06 16:05:50 -------- d-----w- c:\users\user\appdata\local\{6FE4ACCE-7DDB-450F-8556-9DBB2351CCC5}

2012-03-06 04:05:26 -------- d-----w- c:\users\user\appdata\local\{A094D666-7F3A-49F6-94E1-AC01BCC809F8}

2012-03-06 04:05:14 -------- d-----w- c:\users\user\appdata\local\{AED62BE4-B43F-4EC7-914F-53F3EA72C0A2}

.

==================== Find3M ====================

.

2012-03-06 23:50:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-20 07:39:41 152576 ----a-w- c:\windows\system32\msclmd.dll

2012-02-08 22:59:54 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll

2012-02-08 22:59:54 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll

2012-02-03 14:19:35 7522304 ----a-w- c:\windows\system32\drivers\NETwNs32.sys

2012-02-03 14:19:34 684032 ----a-w- c:\windows\system32\NETwNc32.dll

2012-02-03 14:19:34 2760704 ----a-w- c:\windows\system32\NETwNr32.dll

2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 1:37:13.54 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 02/02/2012 18:45:54

System Uptime: 05/04/2012 00:43:47 (1 hours ago)

.

Motherboard: Acer | | Aspire 4810T

Processor: Genuine Intel® CPU U4100 @ 1.30GHz | CPU | 1300/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 387.262 GiB free.

D: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe Flash Player 11 ActiveX

Apple Software Update

µTorrent

BlackBerry Desktop Software 6.1

BlackBerry Device Software Updater

Broadcom 802.11 Wireless LAN Adapter

Broadcom Wireless Utility

Cisco EAP-FAST Module

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DivX Setup

Dropbox

DVD43 v4.6.0

Google Chrome

GStreamer WinBuilds 0.10.6 (GPL)

HandBrake 0.9.6

HP MediaSmart Server 3.0 Update 1

HP Update

Java Auto Updater

Java 6 Update 31

Lightworks

Malwarebytes Anti-Malware version 1.60.1.1000

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel MUI (English) 2010

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office Home and Student 2010

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2007

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2007

Microsoft Office Word MUI (English) 2010

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSVCRT

Nitro Reader 2

Picasa 3

QuickTime

Security Task Manager 1.8d

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

Sky Go Desktop

Skype Click to Call

Skype™ 5.8

Spotify

TunnelBear 1.0.29

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

uTorrentControl2 Toolbar

VC80CRTRedist - 8.0.50727.6195

VLC media player 2.0.0

Windows Driver Package - Intel (NETwLv32) net (10/07/2010 13.4.0.139)

Windows Driver Package - Intel (NETwNs32) net (10/27/2011 14.3.0.6)

Windows Home Server Connector

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

.

==== Event Viewer Messages From Past Week ========

.

29/03/2012 21:01:24, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user User-PC\User SID (S-1-5-21-4278735001-178053511-1665522800-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

29/03/2012 21:01:24, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user User-PC\User SID (S-1-5-21-4278735001-178053511-1665522800-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

05/04/2012 01:36:09, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer.

05/04/2012 01:05:09, Error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is TOKOTASIK.

04/04/2012 11:07:57, Error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.

04/04/2012 08:18:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

04/04/2012 08:18:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

04/04/2012 00:45:00, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

04/04/2012 00:43:21, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

04/04/2012 00:43:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

04/04/2012 00:43:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

04/04/2012 00:43:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

04/04/2012 00:43:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

04/04/2012 00:43:00, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6

04/04/2012 00:43:00, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

04/04/2012 00:43:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

04/04/2012 00:42:56, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

04/04/2012 00:42:56, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

02/04/2012 08:19:43, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello Alex and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall the following applications:

µTorrent - It is against our policy. Take a look here

uTorrentControl2 Toolbar - A Conduit "Community Toolbar" - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality.

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Link to post
Share on other sites

Hey Maniac,

Thank you for helping me out. Please see below the report from TDSSKiller log

23:29:07.0892 5660 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02

23:29:08.0027 5660 ============================================================

23:29:08.0027 5660 Current date / time: 2012/04/05 23:29:08.0027

23:29:08.0027 5660 SystemInfo:

23:29:08.0027 5660

23:29:08.0028 5660 OS Version: 6.1.7601 ServicePack: 1.0

23:29:08.0028 5660 Product type: Workstation

23:29:08.0028 5660 ComputerName: USER-PC

23:29:08.0028 5660 UserName: User

23:29:08.0028 5660 Windows directory: C:\Windows

23:29:08.0028 5660 System windows directory: C:\Windows

23:29:08.0028 5660 Processor architecture: Intel x86

23:29:08.0028 5660 Number of processors: 2

23:29:08.0028 5660 Page size: 0x1000

23:29:08.0028 5660 Boot type: Normal boot

23:29:08.0028 5660 ============================================================

23:29:09.0873 5660 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

23:29:09.0937 5660 \Device\Harddisk0\DR0:

23:29:09.0937 5660 MBR used

23:29:09.0937 5660 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

23:29:09.0937 5660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000

23:29:09.0979 5660 Initialize success

23:29:09.0979 5660 ============================================================

23:30:25.0602 3144 ============================================================

23:30:25.0602 3144 Scan started

23:30:25.0602 3144 Mode: Manual; SigCheck; TDLFS;

23:30:25.0602 3144 ============================================================

23:30:28.0273 3144 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

23:30:28.0433 3144 1394ohci - ok

23:30:28.0572 3144 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

23:30:28.0602 3144 ACPI - ok

23:30:28.0654 3144 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

23:30:28.0736 3144 AcpiPmi - ok

23:30:28.0848 3144 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

23:30:28.0886 3144 adp94xx - ok

23:30:28.0923 3144 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

23:30:28.0953 3144 adpahci - ok

23:30:28.0996 3144 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

23:30:29.0016 3144 adpu320 - ok

23:30:29.0066 3144 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

23:30:29.0158 3144 AeLookupSvc - ok

23:30:29.0272 3144 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

23:30:29.0354 3144 AFD - ok

23:30:29.0448 3144 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

23:30:29.0472 3144 agp440 - ok

23:30:29.0538 3144 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

23:30:29.0559 3144 aic78xx - ok

23:30:29.0666 3144 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

23:30:29.0716 3144 ALG - ok

23:30:29.0788 3144 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

23:30:29.0807 3144 aliide - ok

23:30:29.0844 3144 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

23:30:29.0865 3144 amdagp - ok

23:30:29.0900 3144 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

23:30:29.0920 3144 amdide - ok

23:30:29.0986 3144 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

23:30:30.0038 3144 AmdK8 - ok

23:30:30.0139 3144 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

23:30:30.0199 3144 AmdPPM - ok

23:30:30.0311 3144 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

23:30:30.0333 3144 amdsata - ok

23:30:30.0397 3144 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

23:30:30.0422 3144 amdsbs - ok

23:30:30.0472 3144 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

23:30:30.0492 3144 amdxata - ok

23:30:30.0544 3144 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

23:30:30.0603 3144 AppID - ok

23:30:30.0682 3144 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

23:30:30.0752 3144 AppIDSvc - ok

23:30:30.0802 3144 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll

23:30:30.0902 3144 Appinfo - ok

23:30:30.0982 3144 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

23:30:31.0002 3144 arc - ok

23:30:31.0042 3144 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

23:30:31.0062 3144 arcsas - ok

23:30:31.0131 3144 arXfrSvc (0ef69443881cde7d8354408f05cf23df) C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe

23:30:31.0155 3144 arXfrSvc - ok

23:30:31.0257 3144 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

23:30:31.0363 3144 AsyncMac - ok

23:30:31.0467 3144 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

23:30:31.0485 3144 atapi - ok

23:30:31.0549 3144 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

23:30:31.0617 3144 AudioEndpointBuilder - ok

23:30:31.0633 3144 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

23:30:31.0682 3144 Audiosrv - ok

23:30:31.0751 3144 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll

23:30:31.0831 3144 AxInstSV - ok

23:30:31.0933 3144 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

23:30:32.0006 3144 b06bdrv - ok

23:30:32.0108 3144 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

23:30:32.0172 3144 b57nd60x - ok

23:30:32.0275 3144 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

23:30:32.0368 3144 BDESVC - ok

23:30:32.0469 3144 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

23:30:32.0526 3144 Beep - ok

23:30:32.0637 3144 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll

23:30:32.0710 3144 BFE - ok

23:30:32.0799 3144 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll

23:30:32.0879 3144 BITS - ok

23:30:32.0934 3144 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

23:30:32.0970 3144 blbdrive - ok

23:30:33.0048 3144 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

23:30:33.0090 3144 bowser - ok

23:30:33.0167 3144 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

23:30:33.0214 3144 BrFiltLo - ok

23:30:33.0251 3144 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

23:30:33.0293 3144 BrFiltUp - ok

23:30:33.0370 3144 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll

23:30:33.0430 3144 Browser - ok

23:30:33.0481 3144 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

23:30:33.0543 3144 Brserid - ok

23:30:33.0635 3144 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

23:30:33.0676 3144 BrSerWdm - ok

23:30:33.0705 3144 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

23:30:33.0747 3144 BrUsbMdm - ok

23:30:33.0833 3144 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

23:30:33.0883 3144 BrUsbSer - ok

23:30:33.0978 3144 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

23:30:34.0016 3144 BTHMODEM - ok

23:30:34.0100 3144 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

23:30:34.0152 3144 bthserv - ok

23:30:34.0210 3144 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

23:30:34.0276 3144 cdfs - ok

23:30:34.0381 3144 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

23:30:34.0415 3144 cdrom - ok

23:30:34.0489 3144 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

23:30:34.0546 3144 CertPropSvc - ok

23:30:34.0590 3144 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

23:30:34.0627 3144 circlass - ok

23:30:34.0703 3144 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

23:30:34.0732 3144 CLFS - ok

23:30:34.0812 3144 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:30:34.0832 3144 clr_optimization_v2.0.50727_32 - ok

23:30:34.0931 3144 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:30:34.0990 3144 clr_optimization_v4.0.30319_32 - ok

23:30:35.0094 3144 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

23:30:35.0125 3144 CmBatt - ok

23:30:35.0205 3144 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

23:30:35.0225 3144 cmdide - ok

23:30:35.0279 3144 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys

23:30:35.0325 3144 CNG - ok

23:30:35.0446 3144 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

23:30:35.0466 3144 Compbatt - ok

23:30:35.0604 3144 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

23:30:35.0642 3144 CompositeBus - ok

23:30:35.0716 3144 COMSysApp - ok

23:30:35.0771 3144 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

23:30:35.0791 3144 crcdisk - ok

23:30:35.0870 3144 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll

23:30:35.0927 3144 CryptSvc - ok

23:30:35.0976 3144 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

23:30:36.0046 3144 DcomLaunch - ok

23:30:36.0132 3144 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

23:30:36.0192 3144 defragsvc - ok

23:30:36.0255 3144 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

23:30:36.0310 3144 DfsC - ok

23:30:36.0392 3144 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll

23:30:36.0454 3144 Dhcp - ok

23:30:36.0511 3144 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

23:30:36.0567 3144 discache - ok

23:30:36.0671 3144 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

23:30:36.0696 3144 Disk - ok

23:30:36.0729 3144 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll

23:30:36.0796 3144 Dnscache - ok

23:30:36.0886 3144 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll

23:30:36.0951 3144 dot3svc - ok

23:30:37.0050 3144 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll

23:30:37.0254 3144 DPS - ok

23:30:37.0351 3144 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

23:30:37.0391 3144 drmkaud - ok

23:30:37.0504 3144 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\Windows\system32\DRIVERS\dvd43llh.sys

23:30:37.0534 3144 dvd43llh ( UnsignedFile.Multi.Generic ) - warning

23:30:37.0534 3144 dvd43llh - detected UnsignedFile.Multi.Generic (1)

23:30:37.0596 3144 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

23:30:37.0648 3144 DXGKrnl - ok

23:30:37.0687 3144 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

23:30:37.0742 3144 EapHost - ok

23:30:37.0871 3144 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

23:30:37.0998 3144 ebdrv - ok

23:30:38.0079 3144 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe

23:30:38.0129 3144 EFS - ok

23:30:38.0165 3144 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe

23:30:38.0258 3144 ehRecvr - ok

23:30:38.0294 3144 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

23:30:38.0364 3144 ehSched - ok

23:30:38.0442 3144 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

23:30:38.0477 3144 elxstor - ok

23:30:38.0519 3144 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

23:30:38.0550 3144 ErrDev - ok

23:30:38.0603 3144 esClient (27aa2c6917c94f6636563d416c8ee24f) C:\Program Files\Windows Home Server\esClient.exe

23:30:38.0621 3144 esClient - ok

23:30:38.0712 3144 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

23:30:38.0780 3144 EventSystem - ok

23:30:38.0850 3144 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

23:30:38.0901 3144 exfat - ok

23:30:38.0967 3144 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

23:30:39.0032 3144 fastfat - ok

23:30:39.0125 3144 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe

23:30:39.0193 3144 Fax - ok

23:30:39.0283 3144 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

23:30:39.0319 3144 fdc - ok

23:30:39.0370 3144 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

23:30:39.0427 3144 fdPHost - ok

23:30:39.0490 3144 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

23:30:39.0538 3144 FDResPub - ok

23:30:39.0576 3144 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

23:30:39.0596 3144 FileInfo - ok

23:30:39.0605 3144 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

23:30:39.0665 3144 Filetrace - ok

23:30:39.0692 3144 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

23:30:39.0731 3144 flpydisk - ok

23:30:39.0843 3144 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

23:30:39.0869 3144 FltMgr - ok

23:30:39.0944 3144 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll

23:30:40.0043 3144 FontCache - ok

23:30:40.0138 3144 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

23:30:40.0157 3144 FontCache3.0.0.0 - ok

23:30:40.0235 3144 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

23:30:40.0255 3144 FsDepends - ok

23:30:40.0300 3144 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

23:30:40.0321 3144 Fs_Rec - ok

23:30:40.0387 3144 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

23:30:40.0417 3144 fvevol - ok

23:30:40.0511 3144 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

23:30:40.0534 3144 gagp30kx - ok

23:30:40.0588 3144 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll

23:30:40.0668 3144 gpsvc - ok

23:30:40.0763 3144 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

23:30:40.0785 3144 gusvc - ok

23:30:40.0876 3144 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

23:30:40.0963 3144 hcw85cir - ok

23:30:41.0077 3144 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

23:30:41.0123 3144 HdAudAddService - ok

23:30:41.0222 3144 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

23:30:41.0265 3144 HDAudBus - ok

23:30:41.0363 3144 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

23:30:41.0397 3144 HidBatt - ok

23:30:41.0498 3144 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

23:30:41.0541 3144 HidBth - ok

23:30:41.0649 3144 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

23:30:41.0689 3144 HidIr - ok

23:30:41.0735 3144 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll

23:30:41.0808 3144 hidserv - ok

23:30:41.0921 3144 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

23:30:41.0951 3144 HidUsb - ok

23:30:42.0000 3144 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll

23:30:42.0046 3144 hkmsvc - ok

23:30:42.0088 3144 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll

23:30:42.0178 3144 HomeGroupListener - ok

23:30:42.0205 3144 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll

23:30:42.0250 3144 HomeGroupProvider - ok

23:30:42.0317 3144 HPMSSConnectorSvc (4092496c2e1b1438665b086548512b13) C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe

23:30:42.0326 3144 HPMSSConnectorSvc ( UnsignedFile.Multi.Generic ) - warning

23:30:42.0326 3144 HPMSSConnectorSvc - detected UnsignedFile.Multi.Generic (1)

23:30:42.0433 3144 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

23:30:42.0454 3144 HpSAMD - ok

23:30:42.0506 3144 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

23:30:42.0572 3144 HTTP - ok

23:30:42.0640 3144 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

23:30:42.0661 3144 hwpolicy - ok

23:30:42.0741 3144 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

23:30:42.0775 3144 i8042prt - ok

23:30:42.0903 3144 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

23:30:42.0934 3144 iaStorV - ok

23:30:43.0006 3144 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

23:30:43.0067 3144 idsvc - ok

23:30:43.0363 3144 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys

23:30:43.0702 3144 igfx - ok

23:30:43.0817 3144 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

23:30:43.0837 3144 iirsp - ok

23:30:43.0890 3144 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll

23:30:43.0972 3144 IKEEXT - ok

23:30:44.0027 3144 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

23:30:44.0045 3144 intelide - ok

23:30:44.0135 3144 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

23:30:44.0160 3144 intelppm - ok

23:30:44.0230 3144 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

23:30:44.0299 3144 IPBusEnum - ok

23:30:44.0344 3144 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:30:44.0404 3144 IpFilterDriver - ok

23:30:44.0511 3144 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll

23:30:44.0585 3144 iphlpsvc - ok

23:30:44.0677 3144 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

23:30:44.0719 3144 IPMIDRV - ok

23:30:44.0766 3144 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

23:30:44.0828 3144 IPNAT - ok

23:30:44.0926 3144 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

23:30:44.0992 3144 IRENUM - ok

23:30:45.0097 3144 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

23:30:45.0117 3144 isapnp - ok

23:30:45.0154 3144 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

23:30:45.0182 3144 iScsiPrt - ok

23:30:45.0220 3144 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

23:30:45.0241 3144 kbdclass - ok

23:30:45.0479 3144 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

23:30:45.0519 3144 kbdhid - ok

23:30:45.0595 3144 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

23:30:45.0617 3144 KeyIso - ok

23:30:45.0673 3144 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys

23:30:45.0694 3144 KSecDD - ok

23:30:45.0748 3144 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys

23:30:45.0772 3144 KSecPkg - ok

23:30:45.0832 3144 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

23:30:45.0906 3144 KtmRm - ok

23:30:45.0995 3144 L1C (6c32bfeab708915d6bbf4b20d4f3ef7b) C:\Windows\system32\DRIVERS\L1C62x86.sys

23:30:46.0049 3144 L1C - ok

23:30:46.0140 3144 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll

23:30:46.0207 3144 LanmanServer - ok

23:30:46.0312 3144 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll

23:30:46.0362 3144 LanmanWorkstation - ok

23:30:46.0443 3144 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

23:30:46.0511 3144 lltdio - ok

23:30:46.0565 3144 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

23:30:46.0629 3144 lltdsvc - ok

23:30:46.0684 3144 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

23:30:46.0742 3144 lmhosts - ok

23:30:46.0801 3144 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

23:30:46.0824 3144 LSI_FC - ok

23:30:46.0917 3144 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

23:30:46.0939 3144 LSI_SAS - ok

23:30:46.0976 3144 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

23:30:46.0992 3144 LSI_SAS2 - ok

23:30:47.0023 3144 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

23:30:47.0039 3144 LSI_SCSI - ok

23:30:47.0086 3144 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

23:30:47.0146 3144 luafv - ok

23:30:47.0228 3144 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll

23:30:47.0255 3144 Mcx2Svc - ok

23:30:47.0335 3144 MediaCollectorService (75e31d760ff9a57da66cb2e336c40316) C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe

23:30:47.0359 3144 MediaCollectorService ( UnsignedFile.Multi.Generic ) - warning

23:30:47.0359 3144 MediaCollectorService - detected UnsignedFile.Multi.Generic (1)

23:30:47.0453 3144 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

23:30:47.0473 3144 megasas - ok

23:30:47.0604 3144 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

23:30:47.0630 3144 MegaSR - ok

23:30:47.0717 3144 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

23:30:47.0735 3144 Microsoft Office Groove Audit Service - ok

23:30:47.0813 3144 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

23:30:47.0873 3144 MMCSS - ok

23:30:47.0938 3144 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

23:30:47.0998 3144 Modem - ok

23:30:48.0098 3144 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

23:30:48.0131 3144 monitor - ok

23:30:48.0238 3144 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

23:30:48.0257 3144 mouclass - ok

23:30:48.0321 3144 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

23:30:48.0352 3144 mouhid - ok

23:30:48.0429 3144 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

23:30:48.0450 3144 mountmgr - ok

23:30:48.0508 3144 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys

23:30:48.0534 3144 MpFilter - ok

23:30:48.0570 3144 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

23:30:48.0592 3144 mpio - ok

23:30:48.0621 3144 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys

23:30:48.0638 3144 MpNWMon - ok

23:30:48.0670 3144 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

23:30:48.0718 3144 mpsdrv - ok

23:30:48.0775 3144 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll

23:30:48.0865 3144 MpsSvc - ok

23:30:48.0965 3144 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

23:30:49.0010 3144 MRxDAV - ok

23:30:49.0101 3144 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

23:30:49.0167 3144 mrxsmb - ok

23:30:49.0263 3144 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:30:49.0296 3144 mrxsmb10 - ok

23:30:49.0328 3144 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:30:49.0368 3144 mrxsmb20 - ok

23:30:49.0458 3144 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

23:30:49.0478 3144 msahci - ok

23:30:49.0522 3144 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

23:30:49.0547 3144 msdsm - ok

23:30:49.0591 3144 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

23:30:49.0634 3144 MSDTC - ok

23:30:49.0705 3144 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

23:30:49.0754 3144 Msfs - ok

23:30:49.0796 3144 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

23:30:49.0855 3144 mshidkmdf - ok

23:30:49.0894 3144 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

23:30:49.0913 3144 msisadrv - ok

23:30:49.0999 3144 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

23:30:50.0056 3144 MSiSCSI - ok

23:30:50.0072 3144 msiserver - ok

23:30:50.0119 3144 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

23:30:50.0178 3144 MSKSSRV - ok

23:30:50.0256 3144 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

23:30:50.0274 3144 MsMpSvc - ok

23:30:50.0378 3144 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

23:30:50.0435 3144 MSPCLOCK - ok

23:30:50.0546 3144 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

23:30:50.0595 3144 MSPQM - ok

23:30:50.0637 3144 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

23:30:50.0653 3144 MsRPC - ok

23:30:50.0723 3144 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

23:30:50.0743 3144 mssmbios - ok

23:30:50.0793 3144 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

23:30:50.0843 3144 MSTEE - ok

23:30:50.0883 3144 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

23:30:50.0923 3144 MTConfig - ok

23:30:50.0983 3144 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

23:30:51.0003 3144 Mup - ok

23:30:51.0083 3144 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll

23:30:51.0153 3144 napagent - ok

23:30:51.0273 3144 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

23:30:51.0313 3144 NativeWifiP - ok

23:30:51.0423 3144 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

23:30:51.0483 3144 NDIS - ok

23:30:51.0563 3144 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

23:30:51.0613 3144 NdisCap - ok

23:30:51.0663 3144 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

23:30:51.0723 3144 NdisTapi - ok

23:30:51.0793 3144 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

23:30:51.0863 3144 Ndisuio - ok

23:30:51.0943 3144 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

23:30:52.0013 3144 NdisWan - ok

23:30:52.0083 3144 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

23:30:52.0143 3144 NDProxy - ok

23:30:52.0213 3144 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

23:30:52.0273 3144 NetBIOS - ok

23:30:52.0342 3144 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

23:30:52.0406 3144 NetBT - ok

23:30:52.0485 3144 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

23:30:52.0508 3144 Netlogon - ok

23:30:52.0582 3144 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

23:30:52.0649 3144 Netman - ok

23:30:52.0741 3144 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

23:30:52.0810 3144 netprofm - ok

23:30:52.0914 3144 netr28u (27ee4b406e2f26f6117a9a420bd4cb65) C:\Windows\system32\DRIVERS\netr28u.sys

23:30:52.0987 3144 netr28u - ok

23:30:53.0084 3144 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

23:30:53.0103 3144 NetTcpPortSharing - ok

23:30:53.0351 3144 NETwNs32 (6de8d8d6e23f42d819eae39fa3f6f31d) C:\Windows\system32\DRIVERS\NETwNs32.sys

23:30:53.0639 3144 NETwNs32 - ok

23:30:53.0753 3144 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

23:30:53.0773 3144 nfrd960 - ok

23:30:53.0825 3144 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

23:30:53.0841 3144 NisDrv - ok

23:30:53.0916 3144 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

23:30:53.0941 3144 NisSrv - ok

23:30:54.0059 3144 NitroReaderDriverReadSpool2 (88ba747aa5c103566fe6289b4ac3937d) C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe

23:30:54.0084 3144 NitroReaderDriverReadSpool2 - ok

23:30:54.0178 3144 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll

23:30:54.0240 3144 NlaSvc - ok

23:30:54.0292 3144 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

23:30:54.0340 3144 Npfs - ok

23:30:54.0442 3144 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

23:30:54.0506 3144 nsi - ok

23:30:54.0570 3144 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

23:30:54.0619 3144 nsiproxy - ok

23:30:54.0725 3144 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

23:30:54.0805 3144 Ntfs - ok

23:30:54.0850 3144 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

23:30:54.0905 3144 Null - ok

23:30:54.0977 3144 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

23:30:55.0001 3144 nvraid - ok

23:30:55.0059 3144 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

23:30:55.0083 3144 nvstor - ok

23:30:55.0136 3144 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

23:30:55.0162 3144 nv_agp - ok

23:30:55.0260 3144 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

23:30:55.0292 3144 odserv - ok

23:30:55.0390 3144 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

23:30:55.0422 3144 ohci1394 - ok

23:30:55.0496 3144 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

23:30:55.0516 3144 ose - ok

23:30:55.0680 3144 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

23:30:55.0901 3144 osppsvc - ok

23:30:55.0988 3144 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

23:30:56.0046 3144 p2pimsvc - ok

23:30:56.0141 3144 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

23:30:56.0192 3144 p2psvc - ok

23:30:56.0247 3144 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

23:30:56.0272 3144 Parport - ok

23:30:56.0338 3144 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

23:30:56.0362 3144 partmgr - ok

23:30:56.0397 3144 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

23:30:56.0431 3144 Parvdm - ok

23:30:56.0462 3144 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

23:30:56.0503 3144 PcaSvc - ok

23:30:56.0553 3144 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

23:30:56.0578 3144 pci - ok

23:30:56.0622 3144 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

23:30:56.0642 3144 pciide - ok

23:30:56.0673 3144 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

23:30:56.0697 3144 pcmcia - ok

23:30:56.0724 3144 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

23:30:56.0746 3144 pcw - ok

23:30:56.0784 3144 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

23:30:56.0875 3144 PEAUTH - ok

23:30:57.0017 3144 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll

23:30:57.0132 3144 pla - ok

23:30:57.0212 3144 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll

23:30:57.0273 3144 PlugPlay - ok

23:30:57.0329 3144 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

23:30:57.0371 3144 PNRPAutoReg - ok

23:30:57.0407 3144 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

23:30:57.0489 3144 PNRPsvc - ok

23:30:57.0529 3144 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll

23:30:57.0596 3144 PolicyAgent - ok

23:30:57.0684 3144 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll

23:30:57.0790 3144 Power - ok

23:30:57.0900 3144 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

23:30:57.0954 3144 PptpMiniport - ok

23:30:58.0047 3144 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

23:30:58.0079 3144 Processor - ok

23:30:58.0172 3144 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll

23:30:58.0222 3144 ProfSvc - ok

23:30:58.0252 3144 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

23:30:58.0274 3144 ProtectedStorage - ok

23:30:58.0336 3144 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

23:30:58.0401 3144 Psched - ok

23:30:58.0482 3144 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

23:30:58.0563 3144 ql2300 - ok

23:30:58.0624 3144 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

23:30:58.0648 3144 ql40xx - ok

23:30:58.0695 3144 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

23:30:58.0741 3144 QWAVE - ok

23:30:58.0798 3144 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

23:30:58.0834 3144 QWAVEdrv - ok

23:30:58.0910 3144 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

23:30:58.0974 3144 RasAcd - ok

23:30:59.0076 3144 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

23:30:59.0123 3144 RasAgileVpn - ok

23:30:59.0166 3144 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

23:30:59.0219 3144 RasAuto - ok

23:30:59.0272 3144 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

23:30:59.0341 3144 Rasl2tp - ok

23:30:59.0434 3144 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll

23:30:59.0501 3144 RasMan - ok

23:30:59.0604 3144 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

23:30:59.0654 3144 RasPppoe - ok

23:30:59.0714 3144 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

23:30:59.0764 3144 RasSstp - ok

23:30:59.0824 3144 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

23:30:59.0891 3144 rdbss - ok

23:30:59.0976 3144 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

23:31:00.0006 3144 rdpbus - ok

23:31:00.0036 3144 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

23:31:00.0106 3144 RDPCDD - ok

23:31:00.0206 3144 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

23:31:00.0256 3144 RDPENCDD - ok

23:31:00.0286 3144 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

23:31:00.0346 3144 RDPREFMP - ok

23:31:00.0446 3144 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys

23:31:00.0521 3144 RDPWD - ok

23:31:00.0630 3144 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

23:31:00.0655 3144 rdyboost - ok

23:31:00.0694 3144 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

23:31:00.0756 3144 RemoteAccess - ok

23:31:00.0809 3144 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

23:31:00.0869 3144 RemoteRegistry - ok

23:31:00.0982 3144 RimUsb (4f4a4c09cc5be58a76cac1c337e004e6) C:\Windows\system32\Drivers\RimUsb.sys

23:31:01.0040 3144 RimUsb - ok

23:31:01.0142 3144 RimVSerPort (3a5633ad615e2b15291bd0b1b97ccd8a) C:\Windows\system32\DRIVERS\RimSerial.sys

23:31:01.0176 3144 RimVSerPort - ok

23:31:01.0286 3144 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys

23:31:01.0347 3144 ROOTMODEM - ok

23:31:01.0409 3144 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

23:31:01.0458 3144 RpcEptMapper - ok

23:31:01.0487 3144 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

23:31:01.0529 3144 RpcLocator - ok

23:31:01.0574 3144 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

23:31:01.0626 3144 RpcSs - ok

23:31:01.0693 3144 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

23:31:01.0755 3144 rspndr - ok

23:31:01.0795 3144 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

23:31:01.0817 3144 SamSs - ok

23:31:01.0870 3144 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

23:31:01.0892 3144 sbp2port - ok

23:31:01.0932 3144 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

23:31:01.0992 3144 SCardSvr - ok

23:31:02.0019 3144 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

23:31:02.0085 3144 scfilter - ok

23:31:02.0147 3144 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll

23:31:02.0243 3144 Schedule - ok

23:31:02.0276 3144 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

23:31:02.0320 3144 SCPolicySvc - ok

23:31:02.0348 3144 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll

23:31:02.0413 3144 SDRSVC - ok

23:31:02.0514 3144 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

23:31:02.0578 3144 secdrv - ok

23:31:02.0618 3144 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

23:31:02.0683 3144 seclogon - ok

23:31:02.0750 3144 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll

23:31:02.0803 3144 SENS - ok

23:31:02.0838 3144 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll

23:31:02.0904 3144 SensrSvc - ok

23:31:03.0000 3144 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

23:31:03.0039 3144 Serenum - ok

23:31:03.0146 3144 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

23:31:03.0173 3144 Serial - ok

23:31:03.0220 3144 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

23:31:03.0243 3144 sermouse - ok

23:31:03.0305 3144 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll

23:31:03.0359 3144 SessionEnv - ok

23:31:03.0410 3144 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

23:31:03.0448 3144 sffdisk - ok

23:31:03.0532 3144 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

23:31:03.0578 3144 sffp_mmc - ok

23:31:03.0666 3144 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

23:31:03.0692 3144 sffp_sd - ok

23:31:03.0731 3144 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

23:31:03.0763 3144 sfloppy - ok

23:31:03.0813 3144 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll

23:31:03.0879 3144 SharedAccess - ok

23:31:03.0978 3144 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll

23:31:04.0033 3144 ShellHWDetection - ok

23:31:04.0084 3144 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

23:31:04.0105 3144 sisagp - ok

23:31:04.0158 3144 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

23:31:04.0179 3144 SiSRaid2 - ok

23:31:04.0205 3144 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

23:31:04.0226 3144 SiSRaid4 - ok

23:31:04.0292 3144 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files\Skype\Updater\Updater.exe

23:31:04.0311 3144 SkypeUpdate - ok

23:31:04.0419 3144 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

23:31:04.0469 3144 Smb - ok

23:31:04.0524 3144 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

23:31:04.0550 3144 SNMPTRAP - ok

23:31:04.0577 3144 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

23:31:04.0597 3144 spldr - ok

23:31:04.0641 3144 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe

23:31:04.0715 3144 Spooler - ok

23:31:04.0827 3144 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe

23:31:04.0978 3144 sppsvc - ok

23:31:05.0066 3144 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll

23:31:05.0134 3144 sppuinotify - ok

23:31:05.0208 3144 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

23:31:05.0262 3144 srv - ok

23:31:05.0364 3144 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

23:31:05.0413 3144 srv2 - ok

23:31:05.0515 3144 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

23:31:05.0605 3144 srvnet - ok

23:31:05.0801 3144 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

23:31:05.0854 3144 SSDPSRV - ok

23:31:05.0879 3144 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

23:31:05.0937 3144 SstpSvc - ok

23:31:05.0995 3144 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

23:31:06.0015 3144 stexstor - ok

23:31:06.0106 3144 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll

23:31:06.0168 3144 StiSvc - ok

23:31:06.0240 3144 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

23:31:06.0259 3144 swenum - ok

23:31:06.0299 3144 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

23:31:06.0374 3144 swprv - ok

23:31:06.0433 3144 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll

23:31:06.0502 3144 SysMain - ok

23:31:06.0545 3144 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll

23:31:06.0594 3144 TabletInputService - ok

23:31:06.0639 3144 tap0901 (98a1e6bc9f766b0b0a5bf00af847ef20) C:\Windows\system32\DRIVERS\tap0901.sys

23:31:06.0716 3144 tap0901 - ok

23:31:06.0800 3144 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll

23:31:06.0870 3144 TapiSrv - ok

23:31:06.0917 3144 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

23:31:06.0975 3144 TBS - ok

23:31:07.0073 3144 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys

23:31:07.0151 3144 Tcpip - ok

23:31:07.0217 3144 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys

23:31:07.0265 3144 TCPIP6 - ok

23:31:07.0387 3144 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

23:31:07.0443 3144 tcpipreg - ok

23:31:07.0541 3144 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

23:31:07.0592 3144 TDPIPE - ok

23:31:07.0632 3144 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys

23:31:07.0662 3144 TDTCP - ok

23:31:07.0692 3144 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

23:31:07.0742 3144 tdx - ok

23:31:07.0782 3144 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

23:31:07.0802 3144 TermDD - ok

23:31:07.0852 3144 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll

23:31:07.0922 3144 TermService - ok

23:31:07.0952 3144 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

23:31:08.0002 3144 Themes - ok

23:31:08.0102 3144 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

23:31:08.0152 3144 THREADORDER - ok

23:31:08.0213 3144 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

23:31:08.0277 3144 TrkWks - ok

23:31:08.0353 3144 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe

23:31:08.0410 3144 TrustedInstaller - ok

23:31:08.0491 3144 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

23:31:08.0551 3144 tssecsrv - ok

23:31:08.0664 3144 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

23:31:08.0722 3144 TsUsbFlt - ok

23:31:08.0832 3144 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

23:31:08.0899 3144 tunnel - ok

23:31:08.0954 3144 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

23:31:08.0975 3144 uagp35 - ok

23:31:09.0029 3144 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

23:31:09.0086 3144 udfs - ok

23:31:09.0131 3144 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

23:31:09.0166 3144 UI0Detect - ok

23:31:09.0271 3144 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

23:31:09.0291 3144 uliagpkx - ok

23:31:09.0350 3144 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys

23:31:09.0378 3144 umbus - ok

23:31:09.0480 3144 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

23:31:09.0516 3144 UmPass - ok

23:31:09.0606 3144 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

23:31:09.0666 3144 upnphost - ok

23:31:09.0716 3144 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

23:31:09.0806 3144 usbccgp - ok

23:31:09.0902 3144 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

23:31:09.0930 3144 usbcir - ok

23:31:09.0988 3144 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

23:31:10.0012 3144 usbehci - ok

23:31:10.0055 3144 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

23:31:10.0085 3144 usbhub - ok

23:31:10.0143 3144 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys

23:31:10.0176 3144 usbohci - ok

23:31:10.0239 3144 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

23:31:10.0265 3144 usbprint - ok

23:31:10.0340 3144 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:31:10.0399 3144 USBSTOR - ok

23:31:10.0494 3144 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

23:31:10.0519 3144 usbuhci - ok

23:31:10.0574 3144 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys

23:31:10.0612 3144 usbvideo - ok

23:31:10.0693 3144 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

23:31:10.0747 3144 UxSms - ok

23:31:10.0797 3144 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

23:31:10.0819 3144 VaultSvc - ok

23:31:10.0924 3144 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

23:31:10.0947 3144 vdrvroot - ok

23:31:11.0005 3144 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe

23:31:11.0083 3144 vds - ok

23:31:11.0191 3144 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

23:31:11.0242 3144 vga - ok

23:31:11.0284 3144 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

23:31:11.0343 3144 VgaSave - ok

23:31:11.0378 3144 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

23:31:11.0403 3144 vhdmp - ok

23:31:11.0495 3144 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

23:31:11.0518 3144 viaagp - ok

23:31:11.0562 3144 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

23:31:11.0590 3144 ViaC7 - ok

23:31:11.0622 3144 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

23:31:11.0642 3144 viaide - ok

23:31:11.0678 3144 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

23:31:11.0701 3144 volmgr - ok

23:31:11.0750 3144 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

23:31:11.0780 3144 volmgrx - ok

23:31:11.0822 3144 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

23:31:11.0849 3144 volsnap - ok

23:31:11.0940 3144 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

23:31:11.0965 3144 vsmraid - ok

23:31:12.0036 3144 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe

23:31:12.0127 3144 VSS - ok

23:31:12.0172 3144 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

23:31:12.0208 3144 vwifibus - ok

23:31:12.0276 3144 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

23:31:12.0306 3144 vwififlt - ok

23:31:12.0344 3144 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

23:31:12.0392 3144 W32Time - ok

23:31:12.0455 3144 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

23:31:12.0483 3144 WacomPen - ok

23:31:12.0538 3144 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

23:31:12.0592 3144 WANARP - ok

23:31:12.0597 3144 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

23:31:12.0638 3144 Wanarpv6 - ok

23:31:12.0770 3144 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe

23:31:12.0852 3144 WatAdminSvc - ok

23:31:12.0927 3144 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe

23:31:13.0012 3144 wbengine - ok

23:31:13.0055 3144 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

23:31:13.0101 3144 WbioSrvc - ok

23:31:13.0180 3144 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll

23:31:13.0219 3144 wcncsvc - ok

23:31:13.0271 3144 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

23:31:13.0316 3144 WcsPlugInService - ok

23:31:13.0361 3144 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

23:31:13.0380 3144 Wd - ok

23:31:13.0414 3144 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

23:31:13.0449 3144 Wdf01000 - ok

23:31:13.0490 3144 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

23:31:13.0562 3144 WdiServiceHost - ok

23:31:13.0572 3144 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

23:31:13.0602 3144 WdiSystemHost - ok

23:31:13.0642 3144 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll

23:31:13.0682 3144 WebClient - ok

23:31:13.0712 3144 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

23:31:13.0772 3144 Wecsvc - ok

23:31:13.0792 3144 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

23:31:13.0872 3144 wercplsupport - ok

23:31:13.0912 3144 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

23:31:13.0962 3144 WerSvc - ok

23:31:14.0012 3144 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

23:31:14.0052 3144 WfpLwf - ok

23:31:14.0132 3144 WHSConnector (9cbb79bf4786d141096fcdfb2b831690) C:\Program Files\Windows Home Server\WHSConnector.exe

23:31:14.0152 3144 WHSConnector - ok

23:31:14.0242 3144 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

23:31:14.0262 3144 WIMMount - ok

23:31:14.0322 3144 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

23:31:14.0392 3144 WinDefend - ok

23:31:14.0402 3144 WinHttpAutoProxySvc - ok

23:31:14.0492 3144 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

23:31:14.0543 3144 Winmgmt - ok

23:31:14.0613 3144 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll

23:31:14.0699 3144 WinRM - ok

23:31:14.0757 3144 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

23:31:14.0836 3144 Wlansvc - ok

23:31:14.0933 3144 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

23:31:14.0950 3144 wlcrasvc - ok

23:31:15.0060 3144 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

23:31:15.0159 3144 wlidsvc - ok

23:31:15.0223 3144 wltrysvc - ok

23:31:15.0291 3144 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

23:31:15.0315 3144 WmiAcpi - ok

23:31:15.0408 3144 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

23:31:15.0437 3144 wmiApSrv - ok

23:31:15.0542 3144 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe

23:31:15.0623 3144 WMPNetworkSvc - ok

23:31:15.0676 3144 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

23:31:15.0730 3144 WPCSvc - ok

23:31:15.0768 3144 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll

23:31:15.0840 3144 WPDBusEnum - ok

23:31:15.0881 3144 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

23:31:15.0939 3144 ws2ifsl - ok

23:31:15.0993 3144 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll

23:31:16.0070 3144 wscsvc - ok

23:31:16.0259 3144 WSearch - ok

23:31:16.0364 3144 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll

23:31:16.0483 3144 wuauserv - ok

23:31:16.0540 3144 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

23:31:16.0580 3144 WudfPf - ok

23:31:16.0668 3144 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

23:31:16.0719 3144 WUDFRd - ok

23:31:16.0772 3144 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll

23:31:16.0826 3144 wudfsvc - ok

23:31:16.0865 3144 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

23:31:16.0900 3144 WwanSvc - ok

23:31:16.0960 3144 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

23:31:17.0154 3144 \Device\Harddisk0\DR0 - ok

23:31:17.0159 3144 Boot (0x1200) (31638fbd96d2f70885b4eec84498ca76) \Device\Harddisk0\DR0\Partition0

23:31:17.0162 3144 \Device\Harddisk0\DR0\Partition0 - ok

23:31:17.0196 3144 Boot (0x1200) (86e0e3b5b2f41cc4613a054b8c283b50) \Device\Harddisk0\DR0\Partition1

23:31:17.0198 3144 \Device\Harddisk0\DR0\Partition1 - ok

23:31:17.0199 3144 ============================================================

23:31:17.0199 3144 Scan finished

23:31:17.0199 3144 ============================================================

23:31:17.0217 0700 Detected object count: 3

23:31:17.0217 0700 Actual detected object count: 3

23:31:52.0577 0700 dvd43llh ( UnsignedFile.Multi.Generic ) - skipped by user

23:31:52.0577 0700 dvd43llh ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:31:52.0577 0700 HPMSSConnectorSvc ( UnsignedFile.Multi.Generic ) - skipped by user

23:31:52.0577 0700 HPMSSConnectorSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

23:31:52.0580 0700 MediaCollectorService ( UnsignedFile.Multi.Generic ) - skipped by user

23:31:52.0580 0700 MediaCollectorService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Here is the malwarebytes log:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.05.10

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

User :: USER-PC [administrator]

05/04/2012 23:34:53

mbam-log-2012-04-05 (23-34-53).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 202342

Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

<p>And here is my new DDS log:</p>

<p> </p>

<p> </p>

<div>.</div>

<div>DDS (Ver_2011-08-26.01) - NTFSx86 </div>

<div>Internet Explorer: 9.0.8112.16421</div>

<div>Run by User at 23:54:12 on 2012-04-05</div>

<div>Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.1979.614 [GMT 1:00]</div>

<div>.</div>

<div>AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}</div>

<div>SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}</div>

<div>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div>

<div>.</div>

<div>============== Running Processes ===============</div>

<div>.</div>

<div>C:\Windows\system32\wininit.exe</div>

<div>C:\Windows\system32\lsm.exe</div>

<div>C:\Windows\system32\svchost.exe -k DcomLaunch</div>

<div>C:\Windows\system32\svchost.exe -k RPCSS</div>

<div>C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted</div>

<div>C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted</div>

<div>C:\Windows\system32\svchost.exe -k netsvcs</div>

<div>C:\Windows\system32\svchost.exe -k LocalService</div>

<div>C:\Windows\system32\svchost.exe -k NetworkService</div>

<div>C:\Windows\System32\WLTRYSVC.EXE</div>

<div>C:\Windows\System32\bcmwltry.exe</div>

<div>C:\Windows\system32\taskeng.exe</div>

<div>C:\Windows\System32\spoolsv.exe</div>

<div>C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork</div>

<div>C:\Windows\system32\rundll32.exe</div>

<div>C:\Program Files\Windows Home Server\esClient.exe</div>

<div>C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe</div>

<div>C:\Windows\system32\taskhost.exe</div>

<div>C:\Windows\system32\Dwm.exe</div>

<div>C:\Windows\Explorer.EXE</div>

<div>C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe</div>

<div>C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation</div>

<div>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</div>

<div>C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe</div>

<div>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe</div>

<div>C:\Program Files\Windows Home Server\WHSConnector.exe</div>

<div>C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted</div>

<div>C:\Windows\System32\rundll32.exe</div>

<div>C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe</div>

<div>C:\Program Files\Windows Media Player\wmpnetwk.exe</div>

<div>C:\Windows\system32\SearchIndexer.exe</div>

<div>C:\Windows\System32\igfxtray.exe</div>

<div>C:\Windows\System32\hkcmd.exe</div>

<div>C:\Windows\System32\igfxpers.exe</div>

<div>C:\Windows\System32\WLTRAY.EXE</div>

<div>C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe</div>

<div>C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe</div>

<div>C:\Program Files\DivX\DivX Update\DivXUpdate.exe</div>

<div>C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe</div>

<div>C:\Program Files\Common Files\Java\Java Update\jusched.exe</div>

<div>C:\Program Files\dvd43\DVD43_Tray.exe</div>

<div>C:\Program Files\Windows Sidebar\sidebar.exe</div>

<div>C:\Program Files\Skype\Phone\Skype.exe</div>

<div>C:\Program Files\Windows Live\Mesh\WLSync.exe</div>

<div>C:\Program Files\Windows Home Server\WHSTrayApp.exe</div>

<div>C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe</div>

<div>C:\Users\User\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe</div>

<div>C:\Program Files\Windows Live\Mesh\MOE.exe</div>

<div>C:\Program Files\Windows Live\Contacts\wlcomm.exe</div>

<div>C:\Windows\System32\svchost.exe -k LocalServicePeerNet</div>

<div>C:\Windows\system32\DllHost.exe</div>

<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>

<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>

<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>

<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>

<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>

<div>C:\Windows\system32\rundll32.exe</div>

<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>

<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>

<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>

<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>

<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>

<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>

<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>

<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>

<div>C:\Windows\system32\notepad.exe</div>

<div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div>

<div>C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe</div>

<div>C:\Windows\notepad.exe</div>

<div>C:\Windows\system32\WerFault.exe</div>

<div>C:\Windows\system32\SearchProtocolHost.exe</div>

<div>C:\Windows\system32\SearchFilterHost.exe</div>

<div>C:\Windows\system32\DllHost.exe</div>

<div>C:\Windows\system32\DllHost.exe</div>

<div>C:\Windows\system32\conhost.exe</div>

<div>C:\Windows\system32\wbem\wmiprvse.exe</div>

<div>.</div>

<div>============== Pseudo HJT Report ===============</div>

<div>.</div>

<div>uStart Page = hxxp://www.google.co.uk/</div>

<div>BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll</div>

<div>BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll</div>

<div>BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll</div>

<div>BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll</div>

<div>BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll</div>

<div>BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll</div>

<div>BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL</div>

<div>BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll</div>

<div>TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll</div>

<div>uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c</div>

<div>uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun</div>

<div>uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun</div>

<div>uRun: [WLSync] "c:\program files\windows live\mesh\WLSync.exe" /background</div>

<div>mRun: [igfxTray] c:\windows\system32\igfxtray.exe</div>

<div>mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe</div>

<div>mRun: [Persistence] c:\windows\system32\igfxpers.exe</div>

<div>mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe</div>

<div>mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"</div>

<div>mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey</div>

<div>mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe</div>

<div>mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW</div>

<div>mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe</div>

<div>mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime</div>

<div>mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"</div>

<div>mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe</div>

<div>StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exe</div>

<div>StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe</div>

<div>mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)</div>

<div>mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)</div>

<div>mPolicies-system: EnableUIADesktopToggle = 0 (0x0)</div>

<div>IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200</div>

<div>IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000</div>

<div>IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105</div>

<div>IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll</div>

<div>IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll</div>

<div>IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll</div>

<div>IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL</div>

<div>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab</div>

<div>DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab</div>

<div>DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab</div>

<div>DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab</div>

<div>TCP: DhcpNameServer = 192.168.1.254</div>

<div>TCP: Interfaces\{19D515E1-851B-4B8B-B932-FED1713FC829} : DhcpNameServer = 8.8.8.8</div>

<div>TCP: Interfaces\{1CAC04CD-6190-4548-83B7-7D9E69D64440} : DhcpNameServer = 192.168.2.254</div>

<div>TCP: Interfaces\{24361609-8878-4E49-81C8-CAEC513AF1CE} : DhcpNameServer = 192.168.22.1</div>

<div>TCP: Interfaces\{9ECA6236-A346-4024-AD93-2F771B7C5548} : DhcpNameServer = 192.168.1.254</div>

<div>TCP: Interfaces\{9ECA6236-A346-4024-AD93-2F771B7C5548}\D49616F6 : DhcpNameServer = 192.168.22.1</div>

<div>Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll</div>

<div>Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll</div>

<div>Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL</div>

<div>Notify: igfxcui - igfxdev.dll</div>

<div>SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll</div>

<div>.</div>

<div>============= SERVICES / DRIVERS ===============</div>

<div>.</div>

<div>R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]</div>

<div>R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]</div>

<div>R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 239472]</div>

<div>R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2011-1-10 97136]</div>

<div>R2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\hewlett-packard\hp mediasmart server\MSSConnectorService.exe [2009-10-5 20992]</div>

<div>R2 MediaCollectorService;MediaCollectorService;c:\program files\hewlett-packard\hp mediasmart server\MediaCollectorClient.exe [2009-10-5 81920]</div>

<div>R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-2-9 198136]</div>

<div>R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688]</div>

<div>R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]</div>

<div>R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-5 40776]</div>

<div>R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-10-31 7522304]</div>

<div>S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]</div>

<div>S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]</div>

<div>S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]</div>

<div>S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]</div>

<div>S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]</div>

<div>S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]</div>

<div>S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]</div>

<div>S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]</div>

<div>S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-2-4 52224]</div>

<div>S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-2-6 1343400]</div>

<div>S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]</div>

<div>.</div>

<div>=============== Created Last 30 ================</div>

<div>.</div>

<div>2012-04-05 22:33:59<span class="Apple-tab-span" style="white-space:pre"> </span>40776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbamswissarmy.sys</div>

<div>2012-04-05 00:28:11<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\roaming\QuickScan</div>

<div>2012-04-04 23:48:10<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{DA52D89C-6741-48D5-BEF0-C77F65DF6450}</div>

<div>2012-04-04 23:47:55<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{44EFC2E9-F48E-4579-8084-3BCF813A67FD}</div>

<div>2012-04-04 23:37:45<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{11AC4AD2-9364-4E52-87CD-A62C97BA2558}</div>

<div>2012-04-04 23:37:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{C77C6E00-5A1F-47B3-B81D-87CDF094698C}</div>

<div>2012-04-04 23:32:11<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{AD0C51B0-A32B-452C-8F86-9E970B449E8E}</div>

<div>2012-04-04 23:31:29<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{E25260D0-4336-4241-B68C-10D2BCF8BE80}</div>

<div>2012-04-04 08:04:18<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{F571CE18-FA07-4926-AEAD-3DBF2DE175B3}</div>

<div>2012-04-03 19:29:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{1950F180-56CF-485B-B3D4-EB440FB85E05}</div>

<div>2012-04-01 19:28:05<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{2431BC81-0526-4D96-8574-9EAE2D83692C}</div>

<div>2012-03-28 22:54:20<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\SecTaskMan</div>

<div>2012-03-28 22:54:16<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Security Task Manager</div>

<div>2012-03-28 16:16:37<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{F8E314AA-5136-4E11-8847-481E2AA13915}</div>

<div>2012-03-28 04:16:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{52F97560-D165-4FC6-83E9-ED88F069CEFB}</div>

<div>2012-03-28 04:15:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{E1C90403-E9FD-48BB-8313-5803E8CE120B}</div>

<div>2012-03-27 22:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\roaming\Malwarebytes</div>

<div>2012-03-27 22:45:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Malwarebytes</div>

<div>2012-03-27 22:45:02<span class="Apple-tab-span" style="white-space:pre"> </span>20464<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div>

<div>2012-03-27 22:45:02<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Malwarebytes' Anti-Malware</div>

<div>2012-03-27 19:48:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Spybot - Search & Destroy</div>

<div>2012-03-27 19:48:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Spybot - Search & Destroy</div>

<div>2012-03-27 11:09:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{FF22158D-3FF5-4CCE-BFB0-D569907047BD}</div>

<div>2012-03-27 11:09:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{37C44D95-1D83-42EE-BBE0-3E44FEB51D8A}</div>

<div>2012-03-26 23:08:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{B637B6DC-B05A-45CD-BBC8-753CF7300655}</div>

<div>2012-03-26 23:08:20<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{AA8F9A57-F2FB-4569-A28D-5C15ED615A08}</div>

<div>2012-03-26 11:07:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{795B9476-D3FB-4458-90F8-C241E694ABCF}</div>

<div>2012-03-25 23:07:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{E2CB7C1A-C337-48AB-83BF-F2741DCB17A3}</div>

<div>2012-03-25 13:26:41<span class="Apple-tab-span" style="white-space:pre"> </span>102912<span class="Apple-tab-span" style="white-space:pre"> </span>--sha-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\C_20297U.dll</div>

<div>2012-03-25 11:06:51<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{F349DA42-595E-46D9-B57D-EBAD44176A65}</div>

<div>2012-03-25 01:05:19<span class="Apple-tab-span" style="white-space:pre"> </span>6582328<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\microsoft\microsoft antimalware\definition updates\{bba6c972-5613-475a-9c65-7219a969ac74}\mpengine.dll</div>

<div>2012-03-24 21:48:33<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{CC281EF0-D0FC-4579-9C6D-77C5356DF509}</div>

<div>2012-03-24 09:48:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{C865FA18-6A64-4740-9F38-BED6A86621AA}</div>

<div>2012-03-23 21:47:40<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{629F079B-0C10-465C-8965-637A0AE91915}</div>

<div>2012-03-23 21:47:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{CDFBF0BE-AD29-4437-9238-B502DB1E9A05}</div>

<div>2012-03-23 09:46:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{4218EA18-EC41-465E-9CA5-F92081AB2124}</div>

<div>2012-03-22 21:46:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{852A4EE3-F1A8-4845-912E-C91D2BDD9536}</div>

<div>2012-03-22 19:12:12<span class="Apple-tab-span" style="white-space:pre"> </span>4435968<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\GPhotos.scr</div>

<div>2012-03-22 09:45:54<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{5F780C63-EE79-47A4-8AEA-2E16D1D75228}</div>

<div>2012-03-22 09:45:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{8367E30D-0F5A-4E08-A325-D63C897C3DDB}</div>

<div>2012-03-21 21:45:05<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{CEFB68C2-23D5-4038-A94E-4B4ED71A83EC}</div>

<div>2012-03-21 21:44:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{5DD56B2D-DFBA-4616-8574-3BE951BD8015}</div>

<div>2012-03-21 09:44:13<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{F789D451-EA24-4037-BF34-801DA4879F30}</div>

<div>2012-03-20 21:30:35<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{722B28B7-19E0-45BB-BB95-A8BE7ABC7EB9}</div>

<div>2012-03-20 21:30:23<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{1A6BEE46-9917-4D9A-9A4D-B4277ABAFAA5}</div>

<div>2012-03-20 09:29:57<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{9F3F579A-6746-49E8-89C0-46C3FEF906E8}</div>

<div>2012-03-19 21:29:30<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{0EFA30F7-A5FE-4F85-8EF1-7EBB5366C853}</div>

<div>2012-03-19 09:29:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{F166E2AC-7C9F-4CCE-8C99-A1254B5B176B}</div>

<div>2012-03-18 20:09:20<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{A9EC69F8-FC0D-493E-B3AD-ACDB04EBD70F}</div>

<div>2012-03-18 20:09:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{9BDD5B82-0F6D-45C0-A681-28E4FDC96E2D}</div>

<div>2012-03-18 15:49:27<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{F906A9B5-7673-453A-881B-7EC6B8954807}</div>

<div>2012-03-18 08:45:25<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{75839C79-D634-4E71-8633-9B02D81DC1D2}</div>

<div>2012-03-18 08:31:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{4D06B50E-49B6-4BBF-A2BE-2DE1F7D83154}</div>

<div>2012-03-17 23:01:22<span class="Apple-tab-span" style="white-space:pre"> </span>18816<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\dvd43llh.sys</div>

<div>2012-03-17 23:01:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\dvd43</div>

<div>2012-03-17 20:31:20<span class="Apple-tab-span" style="white-space:pre"> </span>805376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FntCache.dll</div>

<div>2012-03-17 20:31:19<span class="Apple-tab-span" style="white-space:pre"> </span>739840<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\d2d1.dll</div>

<div>2012-03-17 11:27:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{9FFEFE9A-B81E-43F5-88E3-04014EBFD7A3}</div>

<div>2012-03-17 09:10:42<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{936F39CE-C69D-44BA-8703-52FF3AA00D1C}</div>

<div>2012-03-16 21:10:13<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{1393C591-581C-42D4-AABB-1208842CBD23}</div>

<div>2012-03-16 21:10:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{146BB4C5-3001-407A-AF2A-B9C5D067035C}</div>

<div>2012-03-16 20:28:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\roaming\HandBrake</div>

<div>2012-03-16 09:09:31<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{BF2C2B0B-7AB4-41B5-A73B-A9AC64978C63}</div>

<div>2012-03-15 21:09:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{48A62693-A3C8-4949-B350-2385A212789A}</div>

<div>2012-03-15 21:08:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{E1316B6B-1B84-453F-8F8E-AC1D704DA27E}</div>

<div>2012-03-15 09:08:25<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{59D2290D-56E5-468C-A3E9-2567C89BF080}</div>

<div>2012-03-15 09:08:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{E8A68F7C-1DF5-40BD-8493-8952C151259E}</div>

<div>2012-03-15 03:01:06<span class="Apple-tab-span" style="white-space:pre"> </span>3968368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntkrnlpa.exe</div>

<div>2012-03-15 03:01:05<span class="Apple-tab-span" style="white-space:pre"> </span>3913584<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntoskrnl.exe</div>

<div>2012-03-15 01:12:08<span class="Apple-tab-span" style="white-space:pre"> </span>4178264<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\D3DX9_41.dll</div>

<div>2012-03-15 01:12:05<span class="Apple-tab-span" style="white-space:pre"> </span>69448<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\XAPOFX1_3.dll</div>

<div>2012-03-15 01:12:05<span class="Apple-tab-span" style="white-space:pre"> </span>517448<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\XAudio2_4.dll</div>

<div>2012-03-15 01:12:04<span class="Apple-tab-span" style="white-space:pre"> </span>22360<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\X3DAudio1_6.dll</div>

<div>2012-03-15 01:11:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Lightworks</div>

<div>2012-03-15 00:36:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\OSSBuild</div>

<div>2012-03-15 00:27:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Handbrake</div>

<div>2012-03-14 23:47:46<span class="Apple-tab-span" style="white-space:pre"> </span>472808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\deployJava1.dll</div>

<div>2012-03-14 21:07:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{43578E7F-D5CC-4FC5-B819-02D9D47D5D20}</div>

<div>2012-03-13 23:50:39<span class="Apple-tab-span" style="white-space:pre"> </span>2343424<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\win32k.sys</div>

<div>2012-03-13 23:50:37<span class="Apple-tab-span" style="white-space:pre"> </span>1077248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\DWrite.dll</div>

<div>2012-03-13 23:49:24<span class="Apple-tab-span" style="white-space:pre"> </span>8192<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\rdrmemptylst.exe</div>

<div>2012-03-13 23:49:23<span class="Apple-tab-span" style="white-space:pre"> </span>58880<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\rdpwsx.dll</div>

<div>2012-03-13 23:49:23<span class="Apple-tab-span" style="white-space:pre"> </span>129536<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\rdpcorekmts.dll</div>

<div>2012-03-13 23:49:21<span class="Apple-tab-span" style="white-space:pre"> </span>826880<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\rdpcore.dll</div>

<div>2012-03-13 23:49:20<span class="Apple-tab-span" style="white-space:pre"> </span>24576<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\tdtcp.sys</div>

<div>2012-03-13 23:49:19<span class="Apple-tab-span" style="white-space:pre"> </span>183808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\rdpwd.sys</div>

<div>2012-03-13 20:22:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{5D7B04F4-5FB9-4BB9-A66B-B4A578C1CC9D}</div>

<div>2012-03-13 08:22:20<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{DB1719BD-9B99-42D8-9031-6FB64503AB3B}</div>

<div>2012-03-12 20:21:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{CE7555EE-3551-4017-917A-1B0808DD06EB}</div>

<div>2012-03-12 08:21:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{9696A130-C1A8-4369-A31F-6787DE0B378E}</div>

<div>2012-03-12 08:21:02<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{CED101E3-826E-4181-B41F-4947A36FC8A4}</div>

<div>2012-03-11 20:20:31<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{7837F59C-BACA-4631-8AFD-F012B59617D3}</div>

<div>2012-03-11 08:19:57<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{7535A5FB-41B6-433D-B6B9-EFFD5334ABF8}</div>

<div>2012-03-10 20:19:30<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{56B0F915-841B-4C47-81BD-A564B58E3A3F}</div>

<div>2012-03-10 08:19:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{04280C3C-899F-4FA4-85B2-173FAEB0D86F}</div>

<div>2012-03-09 22:12:37<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\VideoLAN</div>

<div>2012-03-09 20:18:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{40052EF2-FE70-42E2-A90C-F299ABF49A13}</div>

<div>2012-03-09 08:18:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{B7BEEB4C-CCB1-4679-86AD-2742B8F08ECE}</div>

<div>2012-03-09 08:18:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{7E75D24E-D88D-412D-87BC-B794ADD52A6D}</div>

<div>2012-03-08 20:17:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{474D65CB-6EE1-47C7-A169-97DE22301D52}</div>

<div>2012-03-08 08:17:11<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{B1EDEABF-3305-458B-819F-4A4294F313AC}</div>

<div>2012-03-07 20:16:47<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{AAE87A0B-AF35-492E-BA52-5CB2465F1256}</div>

<div>2012-03-07 20:16:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{72A8F409-8774-462D-9B65-1DFA7AE24B4A}</div>

<div>2012-03-07 08:16:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{3768BCE2-30F8-4F8B-84CD-9BF63B68E5FB}</div>

<div>2012-03-07 08:15:57<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{83B6C3A2-F141-4AE1-94D8-E2C3427567A5}</div>

<div>.</div>

<div>==================== Find3M  ====================</div>

<div>.</div>

<div>2012-03-06 23:50:08<span class="Apple-tab-span" style="white-space:pre"> </span>414368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerCPLApp.cpl</div>

<div>2012-02-20 07:39:41<span class="Apple-tab-span" style="white-space:pre"> </span>152576<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msclmd.dll</div>

<div>2012-02-08 22:59:54<span class="Apple-tab-span" style="white-space:pre"> </span>27640<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nitrolocalmon2.dll</div>

<div>2012-02-08 22:59:54<span class="Apple-tab-span" style="white-space:pre"> </span>18936<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nitrolocalui2.dll</div>

<div>2012-02-03 14:19:35<span class="Apple-tab-span" style="white-space:pre"> </span>7522304<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\NETwNs32.sys</div>

<div>2012-02-03 14:19:34<span class="Apple-tab-span" style="white-space:pre"> </span>684032<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\NETwNc32.dll</div>

<div>2012-02-03 14:19:34<span class="Apple-tab-span" style="white-space:pre"> </span>2760704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\NETwNr32.dll</div>

<div>2012-01-31 12:44:05<span class="Apple-tab-span" style="white-space:pre"> </span>237072<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MpSigStub.exe</div>

<div>.</div>

<div>============= FINISH: 23:54:59.96 ===============</div>

<div> </div>

<div>

<div> </div>

<div>VC80CRTRedist - 8.0.50727.6195</div>

<div>VLC media player 2.0.0</div>

<div>Windows Driver Package - Intel (NETwLv32) net  (10/07/2010 13.4.0.139)</div>

<div>Windows Driver Package - Intel (NETwNs32) net  (10/27/2011 14.3.0.6)</div>

<div>Windows Home Server Connector</div>

<div>Windows Live Communications Platform</div>

<div>Windows Live Essentials</div>

<div>Windows Live ID Sign-in Assistant</div>

<div>Windows Live Installer</div>

<div>Windows Live Mesh</div>

<div>Windows Live Mesh ActiveX Control for Remote Connections</div>

<div>Windows Live PIMT Platform</div>

<div>Windows Live Remote Client</div>

<div>Windows Live Remote Client Resources</div>

<div>Windows Live Remote Service</div>

<div>Windows Live Remote Service Resources</div>

<div>Windows Live SOXE</div>

<div>Windows Live SOXE Definitions</div>

<div>Windows Live UX Platform</div>

<div>Windows Live UX Platform Language Pack</div>

<div>.</div>

<div>==== Event Viewer Messages From Past Week ========</div>

<div>.</div>

<div>29/03/2012 21:01:24, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user User-PC\User SID (S-1-5-21-4278735001-178053511-1665522800-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.</div>

<div>29/03/2012 21:01:24, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user User-PC\User SID (S-1-5-21-4278735001-178053511-1665522800-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.</div>

<div>05/04/2012 23:51:52, Error: NetBT [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer.</div>

<div>05/04/2012 10:36:11, Error: BROWSER [8019]  - The browser was unable to promote itself to master browser.  The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.</div>

<div>05/04/2012 09:18:41, Error: BROWSER [8020]  - The browser was unable to promote itself to master browser.  The computer that currently believes it is the master browser is unknown.</div>

<div>05/04/2012 01:05:09, Error: BROWSER [8009]  - The browser was unable to promote itself to master browser.  The computer that currently believes it is the master browser is TOKOTASIK.</div>

<div>04/04/2012 08:18:43, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}</div>

<div>04/04/2012 08:18:43, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}</div>

<div>04/04/2012 00:45:00, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.</div>

<div>04/04/2012 00:43:21, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.</div>

<div>04/04/2012 00:43:13, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}</div>

<div>04/04/2012 00:43:13, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}</div>

<div>04/04/2012 00:43:10, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}</div>

<div>04/04/2012 00:43:04, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}</div>

<div>04/04/2012 00:43:00, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache MpFilter spldr Wanarpv6</div>

<div>04/04/2012 00:43:00, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.</div>

<div>04/04/2012 00:43:00, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}</div>

<div>04/04/2012 00:42:56, Error: Service Control Manager [7001]  - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.</div>

<div>04/04/2012 00:42:56, Error: Service Control Manager [7001]  - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.</div>

<div>.</div>

<div>==== End Of File ===========================</div>

<div> </div>

</div>

<div> </div>

Link to post
Share on other sites

hmm.. gonna try again to see if i can get rid of the html stuff.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by User at 23:54:12 on 2012-04-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1979.614 [GMT 1:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\rundll32.exe

C:\Program Files\Windows Home Server\esClient.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Windows Home Server\WHSConnector.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\dvd43\DVD43_Tray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Live\Mesh\WLSync.exe

C:\Program Files\Windows Home Server\WHSTrayApp.exe

C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Users\User\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\Program Files\Windows Live\Mesh\MOE.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\notepad.exe

C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\notepad.exe

C:\Windows\system32\WerFault.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll

uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [WLSync] "c:\program files\windows live\mesh\WLSync.exe" /background

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe

StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{19D515E1-851B-4B8B-B932-FED1713FC829} : DhcpNameServer = 8.8.8.8

TCP: Interfaces\{1CAC04CD-6190-4548-83B7-7D9E69D64440} : DhcpNameServer = 192.168.2.254

TCP: Interfaces\{24361609-8878-4E49-81C8-CAEC513AF1CE} : DhcpNameServer = 192.168.22.1

TCP: Interfaces\{9ECA6236-A346-4024-AD93-2F771B7C5548} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{9ECA6236-A346-4024-AD93-2F771B7C5548}\D49616F6 : DhcpNameServer = 192.168.22.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 239472]

R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2011-1-10 97136]

R2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\hewlett-packard\hp mediasmart server\MSSConnectorService.exe [2009-10-5 20992]

R2 MediaCollectorService;MediaCollectorService;c:\program files\hewlett-packard\hp mediasmart server\MediaCollectorClient.exe [2009-10-5 81920]

R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-2-9 198136]

R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-5 40776]

R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-10-31 7522304]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-2-4 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-2-6 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2012-04-05 22:33:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-04-05 00:28:11 -------- d-----w- c:\users\user\appdata\roaming\QuickScan

2012-04-04 23:48:10 -------- d-----w- c:\users\user\appdata\local\{DA52D89C-6741-48D5-BEF0-C77F65DF6450}

2012-04-04 23:47:55 -------- d-----w- c:\users\user\appdata\local\{44EFC2E9-F48E-4579-8084-3BCF813A67FD}

2012-04-04 23:37:45 -------- d-----w- c:\users\user\appdata\local\{11AC4AD2-9364-4E52-87CD-A62C97BA2558}

2012-04-04 23:37:34 -------- d-----w- c:\users\user\appdata\local\{C77C6E00-5A1F-47B3-B81D-87CDF094698C}

2012-04-04 23:32:11 -------- d-----w- c:\users\user\appdata\local\{AD0C51B0-A32B-452C-8F86-9E970B449E8E}

2012-04-04 23:31:29 -------- d-----w- c:\users\user\appdata\local\{E25260D0-4336-4241-B68C-10D2BCF8BE80}

2012-04-04 08:04:18 -------- d-----w- c:\users\user\appdata\local\{F571CE18-FA07-4926-AEAD-3DBF2DE175B3}

2012-04-03 19:29:07 -------- d-----w- c:\users\user\appdata\local\{1950F180-56CF-485B-B3D4-EB440FB85E05}

2012-04-01 19:28:05 -------- d-----w- c:\users\user\appdata\local\{2431BC81-0526-4D96-8574-9EAE2D83692C}

2012-03-28 22:54:20 -------- d-----w- c:\programdata\SecTaskMan

2012-03-28 22:54:16 -------- d-----w- c:\program files\Security Task Manager

2012-03-28 16:16:37 -------- d-----w- c:\users\user\appdata\local\{F8E314AA-5136-4E11-8847-481E2AA13915}

2012-03-28 04:16:12 -------- d-----w- c:\users\user\appdata\local\{52F97560-D165-4FC6-83E9-ED88F069CEFB}

2012-03-28 04:15:58 -------- d-----w- c:\users\user\appdata\local\{E1C90403-E9FD-48BB-8313-5803E8CE120B}

2012-03-27 22:45:09 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes

2012-03-27 22:45:03 -------- d-----w- c:\programdata\Malwarebytes

2012-03-27 22:45:02 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-27 22:45:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-27 19:48:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-03-27 19:48:46 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-03-27 11:09:14 -------- d-----w- c:\users\user\appdata\local\{FF22158D-3FF5-4CCE-BFB0-D569907047BD}

2012-03-27 11:09:04 -------- d-----w- c:\users\user\appdata\local\{37C44D95-1D83-42EE-BBE0-3E44FEB51D8A}

2012-03-26 23:08:34 -------- d-----w- c:\users\user\appdata\local\{B637B6DC-B05A-45CD-BBC8-753CF7300655}

2012-03-26 23:08:20 -------- d-----w- c:\users\user\appdata\local\{AA8F9A57-F2FB-4569-A28D-5C15ED615A08}

2012-03-26 11:07:44 -------- d-----w- c:\users\user\appdata\local\{795B9476-D3FB-4458-90F8-C241E694ABCF}

2012-03-25 23:07:17 -------- d-----w- c:\users\user\appdata\local\{E2CB7C1A-C337-48AB-83BF-F2741DCB17A3}

2012-03-25 13:26:41 102912 --sha-r- c:\windows\system32\C_20297U.dll

2012-03-25 11:06:51 -------- d-----w- c:\users\user\appdata\local\{F349DA42-595E-46D9-B57D-EBAD44176A65}

2012-03-25 01:05:19 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bba6c972-5613-475a-9c65-7219a969ac74}\mpengine.dll

2012-03-24 21:48:33 -------- d-----w- c:\users\user\appdata\local\{CC281EF0-D0FC-4579-9C6D-77C5356DF509}

2012-03-24 09:48:07 -------- d-----w- c:\users\user\appdata\local\{C865FA18-6A64-4740-9F38-BED6A86621AA}

2012-03-23 21:47:40 -------- d-----w- c:\users\user\appdata\local\{629F079B-0C10-465C-8965-637A0AE91915}

2012-03-23 21:47:28 -------- d-----w- c:\users\user\appdata\local\{CDFBF0BE-AD29-4437-9238-B502DB1E9A05}

2012-03-23 09:46:58 -------- d-----w- c:\users\user\appdata\local\{4218EA18-EC41-465E-9CA5-F92081AB2124}

2012-03-22 21:46:28 -------- d-----w- c:\users\user\appdata\local\{852A4EE3-F1A8-4845-912E-C91D2BDD9536}

2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr

2012-03-22 09:45:54 -------- d-----w- c:\users\user\appdata\local\{5F780C63-EE79-47A4-8AEA-2E16D1D75228}

2012-03-22 09:45:36 -------- d-----w- c:\users\user\appdata\local\{8367E30D-0F5A-4E08-A325-D63C897C3DDB}

2012-03-21 21:45:05 -------- d-----w- c:\users\user\appdata\local\{CEFB68C2-23D5-4038-A94E-4B4ED71A83EC}

2012-03-21 21:44:43 -------- d-----w- c:\users\user\appdata\local\{5DD56B2D-DFBA-4616-8574-3BE951BD8015}

2012-03-21 09:44:13 -------- d-----w- c:\users\user\appdata\local\{F789D451-EA24-4037-BF34-801DA4879F30}

2012-03-20 21:30:35 -------- d-----w- c:\users\user\appdata\local\{722B28B7-19E0-45BB-BB95-A8BE7ABC7EB9}

2012-03-20 21:30:23 -------- d-----w- c:\users\user\appdata\local\{1A6BEE46-9917-4D9A-9A4D-B4277ABAFAA5}

2012-03-20 09:29:57 -------- d-----w- c:\users\user\appdata\local\{9F3F579A-6746-49E8-89C0-46C3FEF906E8}

2012-03-19 21:29:30 -------- d-----w- c:\users\user\appdata\local\{0EFA30F7-A5FE-4F85-8EF1-7EBB5366C853}

2012-03-19 09:29:03 -------- d-----w- c:\users\user\appdata\local\{F166E2AC-7C9F-4CCE-8C99-A1254B5B176B}

2012-03-18 20:09:20 -------- d-----w- c:\users\user\appdata\local\{A9EC69F8-FC0D-493E-B3AD-ACDB04EBD70F}

2012-03-18 20:09:08 -------- d-----w- c:\users\user\appdata\local\{9BDD5B82-0F6D-45C0-A681-28E4FDC96E2D}

2012-03-18 15:49:27 -------- d-----w- c:\users\user\appdata\local\{F906A9B5-7673-453A-881B-7EC6B8954807}

2012-03-18 08:45:25 -------- d-----w- c:\users\user\appdata\local\{75839C79-D634-4E71-8633-9B02D81DC1D2}

2012-03-18 08:31:08 -------- d-----w- c:\users\user\appdata\local\{4D06B50E-49B6-4BBF-A2BE-2DE1F7D83154}

2012-03-17 23:01:22 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys

2012-03-17 23:01:17 -------- d-----w- c:\program files\dvd43

2012-03-17 20:31:20 805376 ----a-w- c:\windows\system32\FntCache.dll

2012-03-17 20:31:19 739840 ----a-w- c:\windows\system32\d2d1.dll

2012-03-17 11:27:44 -------- d-----w- c:\users\user\appdata\local\{9FFEFE9A-B81E-43F5-88E3-04014EBFD7A3}

2012-03-17 09:10:42 -------- d-----w- c:\users\user\appdata\local\{936F39CE-C69D-44BA-8703-52FF3AA00D1C}

2012-03-16 21:10:13 -------- d-----w- c:\users\user\appdata\local\{1393C591-581C-42D4-AABB-1208842CBD23}

2012-03-16 21:10:00 -------- d-----w- c:\users\user\appdata\local\{146BB4C5-3001-407A-AF2A-B9C5D067035C}

2012-03-16 20:28:14 -------- d-----w- c:\users\user\appdata\roaming\HandBrake

2012-03-16 09:09:31 -------- d-----w- c:\users\user\appdata\local\{BF2C2B0B-7AB4-41B5-A73B-A9AC64978C63}

2012-03-15 21:09:04 -------- d-----w- c:\users\user\appdata\local\{48A62693-A3C8-4949-B350-2385A212789A}

2012-03-15 21:08:52 -------- d-----w- c:\users\user\appdata\local\{E1316B6B-1B84-453F-8F8E-AC1D704DA27E}

2012-03-15 09:08:25 -------- d-----w- c:\users\user\appdata\local\{59D2290D-56E5-468C-A3E9-2567C89BF080}

2012-03-15 09:08:14 -------- d-----w- c:\users\user\appdata\local\{E8A68F7C-1DF5-40BD-8493-8952C151259E}

2012-03-15 03:01:06 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-15 03:01:05 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-15 01:12:08 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll

2012-03-15 01:12:05 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2012-03-15 01:12:05 517448 ----a-w- c:\windows\system32\XAudio2_4.dll

2012-03-15 01:12:04 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll

2012-03-15 01:11:04 -------- d-----w- c:\program files\Lightworks

2012-03-15 00:36:48 -------- d-----w- c:\program files\OSSBuild

2012-03-15 00:27:21 -------- d-----w- c:\program files\Handbrake

2012-03-14 23:47:46 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-14 21:07:46 -------- d-----w- c:\users\user\appdata\local\{43578E7F-D5CC-4FC5-B819-02D9D47D5D20}

2012-03-13 23:50:39 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-03-13 23:50:37 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-03-13 23:49:24 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-13 23:49:23 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-13 23:49:23 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-13 23:49:21 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-13 23:49:20 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-13 23:49:19 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-13 20:22:48 -------- d-----w- c:\users\user\appdata\local\{5D7B04F4-5FB9-4BB9-A66B-B4A578C1CC9D}

2012-03-13 08:22:20 -------- d-----w- c:\users\user\appdata\local\{DB1719BD-9B99-42D8-9031-6FB64503AB3B}

2012-03-12 20:21:46 -------- d-----w- c:\users\user\appdata\local\{CE7555EE-3551-4017-917A-1B0808DD06EB}

2012-03-12 08:21:12 -------- d-----w- c:\users\user\appdata\local\{9696A130-C1A8-4369-A31F-6787DE0B378E}

2012-03-12 08:21:02 -------- d-----w- c:\users\user\appdata\local\{CED101E3-826E-4181-B41F-4947A36FC8A4}

2012-03-11 20:20:31 -------- d-----w- c:\users\user\appdata\local\{7837F59C-BACA-4631-8AFD-F012B59617D3}

2012-03-11 08:19:57 -------- d-----w- c:\users\user\appdata\local\{7535A5FB-41B6-433D-B6B9-EFFD5334ABF8}

2012-03-10 20:19:30 -------- d-----w- c:\users\user\appdata\local\{56B0F915-841B-4C47-81BD-A564B58E3A3F}

2012-03-10 08:19:03 -------- d-----w- c:\users\user\appdata\local\{04280C3C-899F-4FA4-85B2-173FAEB0D86F}

2012-03-09 22:12:37 -------- d-----w- c:\program files\VideoLAN

2012-03-09 20:18:38 -------- d-----w- c:\users\user\appdata\local\{40052EF2-FE70-42E2-A90C-F299ABF49A13}

2012-03-09 08:18:14 -------- d-----w- c:\users\user\appdata\local\{B7BEEB4C-CCB1-4679-86AD-2742B8F08ECE}

2012-03-09 08:18:03 -------- d-----w- c:\users\user\appdata\local\{7E75D24E-D88D-412D-87BC-B794ADD52A6D}

2012-03-08 20:17:36 -------- d-----w- c:\users\user\appdata\local\{474D65CB-6EE1-47C7-A169-97DE22301D52}

2012-03-08 08:17:11 -------- d-----w- c:\users\user\appdata\local\{B1EDEABF-3305-458B-819F-4A4294F313AC}

2012-03-07 20:16:47 -------- d-----w- c:\users\user\appdata\local\{AAE87A0B-AF35-492E-BA52-5CB2465F1256}

2012-03-07 20:16:36 -------- d-----w- c:\users\user\appdata\local\{72A8F409-8774-462D-9B65-1DFA7AE24B4A}

2012-03-07 08:16:08 -------- d-----w- c:\users\user\appdata\local\{3768BCE2-30F8-4F8B-84CD-9BF63B68E5FB}

2012-03-07 08:15:57 -------- d-----w- c:\users\user\appdata\local\{83B6C3A2-F141-4AE1-94D8-E2C3427567A5}

.

==================== Find3M ====================

.

2012-03-06 23:50:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-20 07:39:41 152576 ----a-w- c:\windows\system32\msclmd.dll

2012-02-08 22:59:54 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll

2012-02-08 22:59:54 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll

2012-02-03 14:19:35 7522304 ----a-w- c:\windows\system32\drivers\NETwNs32.sys

2012-02-03 14:19:34 684032 ----a-w- c:\windows\system32\NETwNc32.dll

2012-02-03 14:19:34 2760704 ----a-w- c:\windows\system32\NETwNr32.dll

2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 23:54:59.96 ===============

VC80CRTRedist - 8.0.50727.6195

VLC media player 2.0.0

Windows Driver Package - Intel (NETwLv32) net (10/07/2010 13.4.0.139)

Windows Driver Package - Intel (NETwNs32) net (10/27/2011 14.3.0.6)

Windows Home Server Connector

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

.

==== Event Viewer Messages From Past Week ========

.

29/03/2012 21:01:24, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user User-PC\User SID (S-1-5-21-4278735001-178053511-1665522800-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

29/03/2012 21:01:24, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user User-PC\User SID (S-1-5-21-4278735001-178053511-1665522800-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

05/04/2012 23:51:52, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer.

05/04/2012 10:36:11, Error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.

05/04/2012 09:18:41, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.

05/04/2012 01:05:09, Error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is TOKOTASIK.

04/04/2012 08:18:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

04/04/2012 08:18:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

04/04/2012 00:45:00, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

04/04/2012 00:43:21, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

04/04/2012 00:43:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

04/04/2012 00:43:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

04/04/2012 00:43:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

04/04/2012 00:43:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

04/04/2012 00:43:00, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6

04/04/2012 00:43:00, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

04/04/2012 00:43:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

04/04/2012 00:42:56, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

04/04/2012 00:42:56, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

.

==== End Of File ===========================

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Hey Maniac,

Here is my combofix file log:

ComboFix 12-04-06.02 - User 06/04/2012 14:52:29.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1979.1210 [GMT 1:00]

Running from: c:\users\User\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))

.

.

2012-04-06 14:00 . 2012-04-06 14:00 -------- d-----w- c:\users\Mcx1-USER-PC\AppData\Local\temp

2012-04-06 14:00 . 2012-04-06 14:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-05 00:28 . 2012-04-05 00:28 -------- d-----w- c:\users\User\AppData\Roaming\QuickScan

2012-03-28 22:54 . 2012-03-28 22:57 -------- d-----w- c:\programdata\SecTaskMan

2012-03-28 22:54 . 2012-03-28 22:54 -------- d-----w- c:\program files\Security Task Manager

2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes

2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\programdata\Malwarebytes

2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-27 22:45 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-27 19:48 . 2012-04-04 23:30 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-03-27 19:48 . 2012-04-04 23:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-03-25 13:26 . 2012-03-25 13:26 102912 --sha-r- c:\windows\system32\C_20297U.dll

2012-03-25 01:05 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBA6C972-5613-475A-9C65-7219A969AC74}\mpengine.dll

2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr

2012-03-17 23:01 . 2012-03-17 23:01 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys

2012-03-17 23:01 . 2012-03-17 23:01 -------- d-----w- c:\program files\dvd43

2012-03-17 20:31 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll

2012-03-17 20:31 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll

2012-03-16 20:29 . 2012-03-25 00:36 -------- d-----w- c:\users\User\AppData\Roaming\dvdcss

2012-03-16 20:28 . 2012-03-25 00:39 -------- d-----w- c:\users\User\AppData\Roaming\HandBrake

2012-03-15 03:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-15 03:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-15 01:12 . 2009-03-09 15:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll

2012-03-15 01:12 . 2009-03-16 14:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2012-03-15 01:12 . 2009-03-16 14:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll

2012-03-15 01:12 . 2009-03-16 14:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll

2012-03-15 01:11 . 2012-03-15 01:11 -------- d-----w- c:\program files\Lightworks

2012-03-15 00:36 . 2012-03-15 00:36 -------- d-----w- c:\program files\OSSBuild

2012-03-15 00:27 . 2012-03-15 00:41 -------- d-----w- c:\program files\Handbrake

2012-03-14 23:48 . 2012-03-14 23:48 -------- d-----w- c:\program files\Common Files\Java

2012-03-14 23:47 . 2012-03-14 23:47 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-14 23:47 . 2012-03-14 23:47 -------- d-----w- c:\program files\Java

2012-03-13 23:50 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-03-13 23:50 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-03-13 23:49 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-13 23:49 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-13 23:49 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-13 23:49 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-13 23:49 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-13 23:49 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-09 22:15 . 2012-04-05 22:26 -------- d-----w- c:\users\User\AppData\Roaming\vlc

2012-03-09 22:12 . 2012-03-09 22:12 -------- d-----w- c:\program files\VideoLAN

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-14 02:15 . 2012-02-05 04:33 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-03-06 23:50 . 2012-02-03 14:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-27 22:49 . 2012-02-27 22:49 53248 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe

2012-02-20 07:39 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2012-02-17 01:36 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-02-10 16:58 . 2012-02-10 17:00 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7CDCC94C-D765-4D15-8A85-B8550996959A}\gapaengine.dll

2012-02-08 22:59 . 2012-02-12 23:30 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll

2012-02-08 22:59 . 2012-02-12 23:30 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll

2012-02-06 19:23 . 2012-02-06 19:23 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-02-06 19:23 . 2012-02-06 19:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-02-06 19:22 . 2012-02-06 19:22 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-02-04 12:37 . 2012-02-10 17:00 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-02-04 00:23 . 2012-02-04 00:23 86528 ----a-w- c:\windows\system32\iesysprep.dll

2012-02-04 00:23 . 2012-02-04 00:23 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-02-04 00:23 . 2012-02-04 00:23 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-02-04 00:23 . 2012-02-04 00:23 74752 ----a-w- c:\windows\system32\iesetup.dll

2012-02-04 00:23 . 2012-02-04 00:23 63488 ----a-w- c:\windows\system32\tdc.ocx

2012-02-04 00:23 . 2012-02-04 00:23 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-02-04 00:23 . 2012-02-04 00:23 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-02-04 00:23 . 2012-02-04 00:23 367104 ----a-w- c:\windows\system32\html.iec

2012-02-04 00:23 . 2012-02-04 00:23 23552 ----a-w- c:\windows\system32\licmgr10.dll

2012-02-04 00:23 . 2012-02-04 00:23 161792 ----a-w- c:\windows\system32\msls31.dll

2012-02-04 00:23 . 2012-02-04 00:23 152064 ----a-w- c:\windows\system32\wextract.exe

2012-02-04 00:23 . 2012-02-04 00:23 150528 ----a-w- c:\windows\system32\iexpress.exe

2012-02-04 00:23 . 2012-02-04 00:23 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-02-04 00:23 . 2012-02-04 00:23 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-02-04 00:23 . 2012-02-04 00:23 35840 ----a-w- c:\windows\system32\imgutil.dll

2012-02-04 00:23 . 2012-02-04 00:23 11776 ----a-w- c:\windows\system32\mshta.exe

2012-02-04 00:23 . 2012-02-04 00:23 101888 ----a-w- c:\windows\system32\admparse.dll

2012-02-03 14:19 . 2011-10-31 15:56 7522304 ----a-w- c:\windows\system32\drivers\NETwNs32.sys

2012-02-03 14:19 . 2010-05-18 22:31 2760704 ----a-w- c:\windows\system32\NETwNr32.dll

2012-02-03 14:19 . 2010-05-18 22:29 684032 ----a-w- c:\windows\system32\NETwNc32.dll

2012-01-31 12:44 . 2012-02-02 19:02 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-17 04:39 . 2012-02-03 14:25 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A22EA17E-FE7D-457E-8232-0352C1BAC298}\mpengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]

"WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2011-05-13 1449312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-01-19 1236992]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]

.

c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-6 26945440]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-2-20 603504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-06 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 239472]

S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 97136]

S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992]

S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920]

S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2012-02-08 198136]

S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 376688]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]

S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2012-02-03 7522304]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 69743802

*NewlyCreated* - FIXTDSS

*Deregistered* - 69743802

*Deregistered* - FixTDSS

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278735001-178053511-1665522800-1000Core.job

- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:55]

.

2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278735001-178053511-1665522800-1000UA.job

- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:55]

.

2012-04-06 c:\windows\Tasks\MQZBYM.job

- c:\windows\system32\C_20297U.dll [2012-03-25 13:26]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)

AddRemove-2364577090.go.sky.com - c:\program files\Microsoft Silverlight\4.0.60831.0\Silverlight.Configuration.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-04-06 15:04:21

ComboFix-quarantined-files.txt 2012-04-06 14:04

.

Pre-Run: 415,705,190,400 bytes free

Post-Run: 415,864,659,968 bytes free

.

- - End Of File - - A89DC5B946FE08110A794195A68C6F99

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

http://forums.malwarebytes.org/index.php?showtopic=108216

KillAll::

Collect::[8]
c:\windows\Tasks\MQZBYM.job
c:\windows\system32\C_20297U.dll

Driver::
69743802

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Maniac,

Ok I've done that. See below:

ComboFix 12-04-06.02 - User 06/04/2012 16:21:51.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1979.1260 [GMT 1:00]

Running from: c:\users\User\Desktop\ComboFix.exe

Command switches used :: c:\users\User\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

file zipped: c:\windows\system32\C_20297U.dll

file zipped: c:\windows\Tasks\MQZBYM.job

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_69743802

.

.

((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))

.

.

2012-04-06 15:30 . 2012-04-06 15:30 -------- d-----w- c:\users\Mcx1-USER-PC\AppData\Local\temp

2012-04-06 15:30 . 2012-04-06 15:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-05 00:28 . 2012-04-05 00:28 -------- d-----w- c:\users\User\AppData\Roaming\QuickScan

2012-03-28 22:54 . 2012-03-28 22:57 -------- d-----w- c:\programdata\SecTaskMan

2012-03-28 22:54 . 2012-03-28 22:54 -------- d-----w- c:\program files\Security Task Manager

2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes

2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\programdata\Malwarebytes

2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-27 22:45 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-27 19:48 . 2012-04-04 23:30 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-03-27 19:48 . 2012-04-04 23:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-03-25 13:26 . 2012-03-25 13:26 102912 --sha-r- c:\windows\system32\C_20297U.dll

2012-03-25 01:05 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBA6C972-5613-475A-9C65-7219A969AC74}\mpengine.dll

2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr

2012-03-17 23:01 . 2012-03-17 23:01 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys

2012-03-17 23:01 . 2012-03-17 23:01 -------- d-----w- c:\program files\dvd43

2012-03-17 20:31 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll

2012-03-17 20:31 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll

2012-03-16 20:29 . 2012-03-25 00:36 -------- d-----w- c:\users\User\AppData\Roaming\dvdcss

2012-03-16 20:28 . 2012-03-25 00:39 -------- d-----w- c:\users\User\AppData\Roaming\HandBrake

2012-03-15 03:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-15 03:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-15 01:12 . 2009-03-09 15:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll

2012-03-15 01:12 . 2009-03-16 14:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2012-03-15 01:12 . 2009-03-16 14:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll

2012-03-15 01:12 . 2009-03-16 14:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll

2012-03-15 01:11 . 2012-03-15 01:11 -------- d-----w- c:\program files\Lightworks

2012-03-15 00:36 . 2012-03-15 00:36 -------- d-----w- c:\program files\OSSBuild

2012-03-15 00:27 . 2012-03-15 00:41 -------- d-----w- c:\program files\Handbrake

2012-03-14 23:48 . 2012-03-14 23:48 -------- d-----w- c:\program files\Common Files\Java

2012-03-14 23:47 . 2012-03-14 23:47 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-14 23:47 . 2012-03-14 23:47 -------- d-----w- c:\program files\Java

2012-03-13 23:50 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-03-13 23:50 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-03-13 23:49 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-13 23:49 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-13 23:49 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-13 23:49 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-13 23:49 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-13 23:49 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-09 22:15 . 2012-04-05 22:26 -------- d-----w- c:\users\User\AppData\Roaming\vlc

2012-03-09 22:12 . 2012-03-09 22:12 -------- d-----w- c:\program files\VideoLAN

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-14 02:15 . 2012-02-05 04:33 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-03-06 23:50 . 2012-02-03 14:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-27 22:49 . 2012-02-27 22:49 53248 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe

2012-02-20 07:39 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2012-02-17 01:36 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-02-10 16:58 . 2012-02-10 17:00 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7CDCC94C-D765-4D15-8A85-B8550996959A}\gapaengine.dll

2012-02-08 22:59 . 2012-02-12 23:30 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll

2012-02-08 22:59 . 2012-02-12 23:30 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll

2012-02-06 19:23 . 2012-02-06 19:23 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-02-06 19:23 . 2012-02-06 19:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-02-06 19:22 . 2012-02-06 19:22 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-02-04 12:37 . 2012-02-10 17:00 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-02-04 00:23 . 2012-02-04 00:23 86528 ----a-w- c:\windows\system32\iesysprep.dll

2012-02-04 00:23 . 2012-02-04 00:23 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-02-04 00:23 . 2012-02-04 00:23 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-02-04 00:23 . 2012-02-04 00:23 74752 ----a-w- c:\windows\system32\iesetup.dll

2012-02-04 00:23 . 2012-02-04 00:23 63488 ----a-w- c:\windows\system32\tdc.ocx

2012-02-04 00:23 . 2012-02-04 00:23 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-02-04 00:23 . 2012-02-04 00:23 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-02-04 00:23 . 2012-02-04 00:23 367104 ----a-w- c:\windows\system32\html.iec

2012-02-04 00:23 . 2012-02-04 00:23 23552 ----a-w- c:\windows\system32\licmgr10.dll

2012-02-04 00:23 . 2012-02-04 00:23 161792 ----a-w- c:\windows\system32\msls31.dll

2012-02-04 00:23 . 2012-02-04 00:23 152064 ----a-w- c:\windows\system32\wextract.exe

2012-02-04 00:23 . 2012-02-04 00:23 150528 ----a-w- c:\windows\system32\iexpress.exe

2012-02-04 00:23 . 2012-02-04 00:23 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-02-04 00:23 . 2012-02-04 00:23 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-02-04 00:23 . 2012-02-04 00:23 35840 ----a-w- c:\windows\system32\imgutil.dll

2012-02-04 00:23 . 2012-02-04 00:23 11776 ----a-w- c:\windows\system32\mshta.exe

2012-02-04 00:23 . 2012-02-04 00:23 101888 ----a-w- c:\windows\system32\admparse.dll

2012-02-03 14:19 . 2011-10-31 15:56 7522304 ----a-w- c:\windows\system32\drivers\NETwNs32.sys

2012-02-03 14:19 . 2010-05-18 22:31 2760704 ----a-w- c:\windows\system32\NETwNr32.dll

2012-02-03 14:19 . 2010-05-18 22:29 684032 ----a-w- c:\windows\system32\NETwNc32.dll

2012-01-31 12:44 . 2012-02-02 19:02 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-17 04:39 . 2012-02-03 14:25 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A22EA17E-FE7D-457E-8232-0352C1BAC298}\mpengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]

"WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2011-05-13 1449312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-01-19 1236992]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]

.

c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-6 26945440]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-2-20 603504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]

R3 CFcatchme;CFcatchme;c:\users\User\AppData\Local\Temp\CFcatchme.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-06 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 239472]

S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 97136]

S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992]

S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920]

S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2012-02-08 198136]

S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 376688]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]

S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2012-02-03 7522304]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278735001-178053511-1665522800-1000Core.job

- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:55]

.

2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278735001-178053511-1665522800-1000UA.job

- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:55]

.

2012-04-06 c:\windows\Tasks\MQZBYM.job

- c:\windows\system32\C_20297U.dll [2012-03-25 13:26]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(4040)

c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conhost.exe

c:\windows\system32\DllHost.exe

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Completion time: 2012-04-06 16:36:48 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-06 15:36

ComboFix2.txt 2012-04-06 14:04

.

Pre-Run: 415,926,677,504 bytes free

Post-Run: 415,690,604,544 bytes free

.

- - End Of File - - 8DF30253AE9173FEF3D7F33E2CC71704

Upload was successful

Link to post
Share on other sites

Maniac,

here is the log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-07 02:57:22

-----------------------------

02:57:22.903 OS Version: Windows 6.1.7601 Service Pack 1

02:57:22.903 Number of processors: 2 586 0x170A

02:57:22.903 ComputerName: USER-PC UserName: User

02:57:24.385 Initialize success

02:58:17.854 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1

02:58:17.858 Disk 0 Vendor: ST9500325AS 0001SDM1 Size: 476940MB BusType: 11

02:58:17.870 Disk 0 MBR read successfully

02:58:17.875 Disk 0 MBR scan

02:58:17.879 Disk 0 Windows 7 default MBR code

02:58:17.892 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

02:58:17.907 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848

02:58:17.915 Disk 0 scanning sectors +976771072

02:58:18.006 Disk 0 scanning C:\Windows\system32\drivers

02:58:25.033 Service scanning

02:58:40.378 Modules scanning

02:58:49.340 Disk 0 trace - called modules:

02:58:49.372 ntkrnlpa.exe CLASSPNP.SYS disk.sys dvd43llh.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys

02:58:49.372 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8562f7d0]

02:58:49.902 3 CLASSPNP.SYS[8898159e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x847ba030]

02:58:49.902 \Driver\atapi[0x85137f38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> dvd43llh.sys[0x945c7b20]

02:58:49.918 Scan finished successfully

02:59:05.973 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"

02:59:05.989 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

Link to post
Share on other sites

Download the following GMER Rootkit Scanner from http://www2.gmer.net/download.php

Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.

Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run

It may take a minute to load and become available.

If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..

In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED

IAT/EAT

Drives/Partition other than Systemdrive (typically only C:\ should be checked)

Show All (don't miss this one)

Then click the Scan button & wait for it to finish.

Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop

**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Click OK and quit the GMER program.

Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.

Post the log file in your next reply.

Link to post
Share on other sites

Maniac,

I think I did this right. Here is the log file for GMER

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-04-07 14:14:24

Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST9500325AS rev.0001SDM1

Running: m0ic33pn.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 82A933D9 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82ACCD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

? C:\Users\User\AppData\Local\Temp\aswMBR.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtCreateFile + 6 77CA55CE 4 Bytes [28, 00, 2D, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtCreateFile + B 77CA55D3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 1 Byte [28]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 4 Bytes [28, 03, 2D, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtMapViewOfSection + B 77CA5C33 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenFile + 6 77CA5CDE 4 Bytes [68, 00, 2D, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenFile + B 77CA5CE3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenProcess + 6 77CA5D8E 4 Bytes [A8, 01, 2D, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenProcess + B 77CA5D93 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenProcessToken + 6 77CA5D9E 4 Bytes CALL 76CA8AA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenProcessToken + B 77CA5DA3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenProcessTokenEx + 6 77CA5DAE 4 Bytes [A8, 02, 2D, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenProcessTokenEx + B 77CA5DB3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenThread + 6 77CA5E0E 4 Bytes [68, 01, 2D, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenThread + B 77CA5E13 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenThreadToken + 6 77CA5E1E 4 Bytes [68, 02, 2D, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenThreadToken + B 77CA5E23 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenThreadTokenEx + 6 77CA5E2E 4 Bytes CALL 76CA8B35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenThreadTokenEx + B 77CA5E33 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtQueryAttributesFile + 6 77CA5F3E 4 Bytes [A8, 00, 2D, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtQueryAttributesFile + B 77CA5F43 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtQueryFullAttributesFile + 6 77CA5FEE 4 Bytes CALL 76CA8CF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtQueryFullAttributesFile + B 77CA5FF3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtSetInformationFile + 6 77CA663E 4 Bytes [28, 01, 2D, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtSetInformationFile + B 77CA6643 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtSetInformationThread + 6 77CA669E 4 Bytes [28, 02, 2D, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtSetInformationThread + B 77CA66A3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 1 Byte [68]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 4 Bytes [68, 03, 2D, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtUnmapViewOfSection + B 77CA69C3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtCreateFile + 6 77CA55CE 4 Bytes [28, 00, 13, 00] {SUB [EAX], AL; ADC EAX, [EAX]}

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtCreateFile + B 77CA55D3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 1 Byte [28]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 4 Bytes [28, 03, 13, 00] {SUB [EBX], AL; ADC EAX, [EAX]}

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtMapViewOfSection + B 77CA5C33 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenFile + 6 77CA5CDE 4 Bytes [68, 00, 13, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenFile + B 77CA5CE3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcess + 6 77CA5D8E 4 Bytes [A8, 01, 13, 00] {TEST AL, 0x1; ADC EAX, [EAX]}

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcess + B 77CA5D93 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcessToken + 6 77CA5D9E 4 Bytes CALL 76CA70A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcessToken + B 77CA5DA3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcessTokenEx + 6 77CA5DAE 4 Bytes [A8, 02, 13, 00] {TEST AL, 0x2; ADC EAX, [EAX]}

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcessTokenEx + B 77CA5DB3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThread + 6 77CA5E0E 4 Bytes [68, 01, 13, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThread + B 77CA5E13 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThreadToken + 6 77CA5E1E 4 Bytes [68, 02, 13, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThreadToken + B 77CA5E23 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThreadTokenEx + 6 77CA5E2E 4 Bytes CALL 76CA7135 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThreadTokenEx + B 77CA5E33 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtQueryAttributesFile + 6 77CA5F3E 4 Bytes [A8, 00, 13, 00] {TEST AL, 0x0; ADC EAX, [EAX]}

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtQueryAttributesFile + B 77CA5F43 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtQueryFullAttributesFile + 6 77CA5FEE 4 Bytes CALL 76CA72F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtQueryFullAttributesFile + B 77CA5FF3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtSetInformationFile + 6 77CA663E 4 Bytes [28, 01, 13, 00] {SUB [ECX], AL; ADC EAX, [EAX]}

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtSetInformationFile + B 77CA6643 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtSetInformationThread + 6 77CA669E 4 Bytes [28, 02, 13, 00] {SUB [EDX], AL; ADC EAX, [EAX]}

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtSetInformationThread + B 77CA66A3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 1 Byte [68]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 4 Bytes [68, 03, 13, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtUnmapViewOfSection + B 77CA69C3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtQueryInformationProcess 77CA6048 5 Bytes JMP 027B5A3A

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] GDI32.dll!ExtTextOutW 77398192 5 Bytes JMP 0279F09E

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] GDI32.dll!GetGlyphIndicesW 7739B78F 5 Bytes JMP 0279F52B

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] GDI32.dll!TextOutW 7739FDE4 5 Bytes JMP 0279EB6A

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] GDI32.dll!ExtTextOutA 773A03F9 5 Bytes JMP 0279EFBA

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] GDI32.dll!TextOutA 773A077D 5 Bytes JMP 0279EA9E

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] GDI32.dll!GetGlyphIndicesA 773BBB6A 5 Bytes JMP 0279F45E

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!DrawTextExW 775D5894 5 Bytes JMP 0279EED3

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!DrawTextW 775D5B6A 5 Bytes JMP 0279ED11

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!SetClipboardData 775E2962 5 Bytes JMP 0279E987

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!DialogBoxParamW 775E3B9B 5 Bytes JMP 0279DC86

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!DrawTextA 775EAE29 5 Bytes JMP 0279EC36

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!DrawTextExA 775EAE60 5 Bytes JMP 0279EDEC

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!closesocket 77DB3918 5 Bytes JMP 0279E8E0

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!getaddrinfo 77DB4296 5 Bytes JMP 0279D7D7

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!WSASend 77DB4406 5 Bytes JMP 0279E5A8

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!GetAddrInfoW 77DB4889 5 Bytes JMP 0279D8B7

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!recv 77DB6B0E 5 Bytes JMP 0279E4FA

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!send 77DB6F01 5 Bytes JMP 0279E455

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!WSARecv 77DB7089 5 Bytes JMP 0279E67C

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!WSAGetOverlappedResult 77DB7489 5 Bytes JMP 0279E7C0

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!WSAAsyncGetHostByName 77DC726A 5 Bytes JMP 0279DBA7

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!gethostbyname 77DC7673 5 Bytes JMP 0279D716

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WININET.dll!InternetCrackUrlA 77710326 5 Bytes JMP 0279F7F1

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WININET.dll!InternetCrackUrlW 77723129 5 Bytes JMP 0279F93A

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtCreateFile + 6 77CA55CE 4 Bytes [28, 00, 0A, 00] {SUB [EAX], AL; OR AL, [EAX]}

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtCreateFile + B 77CA55D3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 1 Byte [28]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 4 Bytes [28, 03, 0A, 00] {SUB [EBX], AL; OR AL, [EAX]}

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtMapViewOfSection + B 77CA5C33 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenFile + 6 77CA5CDE 4 Bytes [68, 00, 0A, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenFile + B 77CA5CE3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcess + 6 77CA5D8E 4 Bytes [A8, 01, 0A, 00] {TEST AL, 0x1; OR AL, [EAX]}

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcess + B 77CA5D93 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessToken + 6 77CA5D9E 4 Bytes CALL 76CA67A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessToken + B 77CA5DA3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessTokenEx + 6 77CA5DAE 4 Bytes [A8, 02, 0A, 00] {TEST AL, 0x2; OR AL, [EAX]}

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessTokenEx + B 77CA5DB3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThread + 6 77CA5E0E 4 Bytes [68, 01, 0A, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThread + B 77CA5E13 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadToken + 6 77CA5E1E 4 Bytes [68, 02, 0A, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadToken + B 77CA5E23 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadTokenEx + 6 77CA5E2E 4 Bytes CALL 76CA6835 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadTokenEx + B 77CA5E33 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryAttributesFile + 6 77CA5F3E 4 Bytes [A8, 00, 0A, 00] {TEST AL, 0x0; OR AL, [EAX]}

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryAttributesFile + B 77CA5F43 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryFullAttributesFile + 6 77CA5FEE 4 Bytes CALL 76CA69F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryFullAttributesFile + B 77CA5FF3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationFile + 6 77CA663E 4 Bytes [28, 01, 0A, 00] {SUB [ECX], AL; OR AL, [EAX]}

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationFile + B 77CA6643 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationThread + 6 77CA669E 4 Bytes [28, 02, 0A, 00] {SUB [EDX], AL; OR AL, [EAX]}

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationThread + B 77CA66A3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 1 Byte [68]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 4 Bytes [68, 03, 0A, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtUnmapViewOfSection + B 77CA69C3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtCreateFile + 6 77CA55CE 4 Bytes [28, 00, 48, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtCreateFile + B 77CA55D3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 1 Byte [28]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 4 Bytes [28, 03, 48, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtMapViewOfSection + B 77CA5C33 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenFile + 6 77CA5CDE 4 Bytes [68, 00, 48, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenFile + B 77CA5CE3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcess + 6 77CA5D8E 4 Bytes [A8, 01, 48, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcess + B 77CA5D93 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcessToken + 6 77CA5D9E 4 Bytes CALL 76CAA5A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcessToken + B 77CA5DA3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcessTokenEx + 6 77CA5DAE 4 Bytes [A8, 02, 48, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcessTokenEx + B 77CA5DB3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThread + 6 77CA5E0E 4 Bytes [68, 01, 48, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThread + B 77CA5E13 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThreadToken + 6 77CA5E1E 4 Bytes [68, 02, 48, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThreadToken + B 77CA5E23 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThreadTokenEx + 6 77CA5E2E 4 Bytes CALL 76CAA635 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThreadTokenEx + B 77CA5E33 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtQueryAttributesFile + 6 77CA5F3E 4 Bytes [A8, 00, 48, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtQueryAttributesFile + B 77CA5F43 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtQueryFullAttributesFile + 6 77CA5FEE 4 Bytes CALL 76CAA7F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtQueryFullAttributesFile + B 77CA5FF3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtSetInformationFile + 6 77CA663E 4 Bytes [28, 01, 48, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtSetInformationFile + B 77CA6643 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtSetInformationThread + 6 77CA669E 4 Bytes [28, 02, 48, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtSetInformationThread + B 77CA66A3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 1 Byte [68]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 4 Bytes [68, 03, 48, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtUnmapViewOfSection + B 77CA69C3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtCreateFile + 6 77CA55CE 4 Bytes [28, 00, 31, 00] {SUB [EAX], AL; XOR [EAX], EAX}

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtCreateFile + B 77CA55D3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 1 Byte [28]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 4 Bytes [28, 03, 31, 00] {SUB [EBX], AL; XOR [EAX], EAX}

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtMapViewOfSection + B 77CA5C33 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenFile + 6 77CA5CDE 4 Bytes [68, 00, 31, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenFile + B 77CA5CE3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcess + 6 77CA5D8E 4 Bytes [A8, 01, 31, 00] {TEST AL, 0x1; XOR [EAX], EAX}

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcess + B 77CA5D93 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcessToken + 6 77CA5D9E 4 Bytes CALL 76CA8EA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcessToken + B 77CA5DA3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcessTokenEx + 6 77CA5DAE 4 Bytes [A8, 02, 31, 00] {TEST AL, 0x2; XOR [EAX], EAX}

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcessTokenEx + B 77CA5DB3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThread + 6 77CA5E0E 4 Bytes [68, 01, 31, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThread + B 77CA5E13 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThreadToken + 6 77CA5E1E 4 Bytes [68, 02, 31, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThreadToken + B 77CA5E23 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThreadTokenEx + 6 77CA5E2E 4 Bytes CALL 76CA8F35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThreadTokenEx + B 77CA5E33 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtQueryAttributesFile + 6 77CA5F3E 4 Bytes [A8, 00, 31, 00] {TEST AL, 0x0; XOR [EAX], EAX}

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtQueryAttributesFile + B 77CA5F43 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtQueryFullAttributesFile + 6 77CA5FEE 4 Bytes CALL 76CA90F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtQueryFullAttributesFile + B 77CA5FF3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtSetInformationFile + 6 77CA663E 4 Bytes [28, 01, 31, 00] {SUB [ECX], AL; XOR [EAX], EAX}

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtSetInformationFile + B 77CA6643 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtSetInformationThread + 6 77CA669E 4 Bytes [28, 02, 31, 00] {SUB [EDX], AL; XOR [EAX], EAX}

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtSetInformationThread + B 77CA66A3 1 Byte [E2]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 1 Byte [68]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 4 Bytes [68, 03, 31, 00]

.text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtUnmapViewOfSection + B 77CA69C3 1 Byte [E2]

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

<p>Hmmm not sure if this log correct:</p>

<p> </p>

<p> </p>

<div>ESETSmartInstaller@High as CAB hook log:</div>

<div>OnlineScanner.ocx - registred OK</div>

<div> </div>

<div>I did a scan and it came out that there was a threat that was quarantined. Let me know if I need to re-run.</div>

Link to post
Share on other sites

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

<p>Maniac,</p>

<p> </p>

<p>See below the log:</p>

<p> </p>

<p> </p>

<div>Status: Disinfected   (events: 1)<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>08/04/2012 17:18:36<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program HEUR:Trojan.Win32.Generic<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\User\Downloads\google_.zip<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>Status: Quarantined   (events: 2)<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>08/04/2012 17:18:36<span class="Apple-tab-span" style="white-space:pre"> </span>Quarantined<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program HEUR:Trojan.Win32.Generic<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\User\Downloads\google_.zip/google_.exe<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>08/04/2012 17:18:36<span class="Apple-tab-span" style="white-space:pre"> </span>Quarantined<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program HEUR:Trojan.Win32.Generic<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\User\Downloads\google_.zip/google_.exe//UPX<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div> </div>

Link to post
Share on other sites

<p> </p>

<div>Status: Disinfected   (events: 1)<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>08/04/2012 17:18:36<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program HEUR:Trojan.Win32.Generic<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\User\Downloads\google_.zip<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>Status: Quarantined   (events: 2)<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>08/04/2012 17:18:36<span class="Apple-tab-span" style="white-space:pre"> </span>Quarantined<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program HEUR:Trojan.Win32.Generic<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\User\Downloads\google_.zip/google_.exe<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>08/04/2012 17:18:36<span class="Apple-tab-span" style="white-space:pre"> </span>Quarantined<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program HEUR:Trojan.Win32.Generic<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\User\Downloads\google_.zip/google_.exe//UPX<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div> </div>

Link to post
Share on other sites

Goodmorning Maniac,

here is my new combofix log file:

ComboFix 12-04-08.02 - User 09/04/2012 10:29:56.3.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1979.1083 [GMT 1:00]

Running from: c:\users\User\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))

.

.

2012-04-09 09:39 . 2012-04-09 09:39 -------- d-----w- c:\users\Mcx1-USER-PC\AppData\Local\temp

2012-04-09 09:39 . 2012-04-09 09:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-05 00:28 . 2012-04-05 00:28 -------- d-----w- c:\users\User\AppData\Roaming\QuickScan

2012-03-28 22:54 . 2012-04-09 09:07 -------- d-----w- c:\programdata\SecTaskMan

2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes

2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\programdata\Malwarebytes

2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-27 22:45 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-27 19:48 . 2012-04-04 23:30 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-03-27 19:48 . 2012-04-04 23:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-03-25 01:05 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBA6C972-5613-475A-9C65-7219A969AC74}\mpengine.dll

2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr

2012-03-17 23:01 . 2012-03-17 23:01 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys

2012-03-17 23:01 . 2012-03-17 23:01 -------- d-----w- c:\program files\dvd43

2012-03-17 20:31 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll

2012-03-17 20:31 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll

2012-03-16 20:29 . 2012-03-25 00:36 -------- d-----w- c:\users\User\AppData\Roaming\dvdcss

2012-03-16 20:28 . 2012-03-25 00:39 -------- d-----w- c:\users\User\AppData\Roaming\HandBrake

2012-03-15 03:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-15 03:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-15 01:12 . 2009-03-09 15:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll

2012-03-15 01:12 . 2009-03-16 14:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2012-03-15 01:12 . 2009-03-16 14:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll

2012-03-15 01:12 . 2009-03-16 14:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll

2012-03-15 01:11 . 2012-03-15 01:11 -------- d-----w- c:\program files\Lightworks

2012-03-15 00:36 . 2012-03-15 00:36 -------- d-----w- c:\program files\OSSBuild

2012-03-15 00:27 . 2012-03-15 00:41 -------- d-----w- c:\program files\Handbrake

2012-03-14 23:48 . 2012-03-14 23:48 -------- d-----w- c:\program files\Common Files\Java

2012-03-14 23:47 . 2012-03-14 23:47 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-14 23:47 . 2012-03-14 23:47 -------- d-----w- c:\program files\Java

2012-03-13 23:50 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-03-13 23:50 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-03-13 23:49 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-13 23:49 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-13 23:49 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-13 23:49 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-13 23:49 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-13 23:49 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-14 02:15 . 2012-02-05 04:33 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-03-06 23:50 . 2012-02-03 14:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-27 22:49 . 2012-02-27 22:49 53248 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe

2012-02-20 07:39 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2012-02-17 01:36 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-02-10 16:58 . 2012-02-10 17:00 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7CDCC94C-D765-4D15-8A85-B8550996959A}\gapaengine.dll

2012-02-08 22:59 . 2012-02-12 23:30 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll

2012-02-08 22:59 . 2012-02-12 23:30 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll

2012-02-06 19:23 . 2012-02-06 19:23 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-02-06 19:23 . 2012-02-06 19:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-02-06 19:22 . 2012-02-06 19:22 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-02-04 12:37 . 2012-02-10 17:00 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2012-02-04 00:23 . 2012-02-04 00:23 86528 ----a-w- c:\windows\system32\iesysprep.dll

2012-02-04 00:23 . 2012-02-04 00:23 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-02-04 00:23 . 2012-02-04 00:23 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-02-04 00:23 . 2012-02-04 00:23 74752 ----a-w- c:\windows\system32\iesetup.dll

2012-02-04 00:23 . 2012-02-04 00:23 63488 ----a-w- c:\windows\system32\tdc.ocx

2012-02-04 00:23 . 2012-02-04 00:23 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-02-04 00:23 . 2012-02-04 00:23 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-02-04 00:23 . 2012-02-04 00:23 367104 ----a-w- c:\windows\system32\html.iec

2012-02-04 00:23 . 2012-02-04 00:23 23552 ----a-w- c:\windows\system32\licmgr10.dll

2012-02-04 00:23 . 2012-02-04 00:23 161792 ----a-w- c:\windows\system32\msls31.dll

2012-02-04 00:23 . 2012-02-04 00:23 152064 ----a-w- c:\windows\system32\wextract.exe

2012-02-04 00:23 . 2012-02-04 00:23 150528 ----a-w- c:\windows\system32\iexpress.exe

2012-02-04 00:23 . 2012-02-04 00:23 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-02-04 00:23 . 2012-02-04 00:23 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-02-04 00:23 . 2012-02-04 00:23 35840 ----a-w- c:\windows\system32\imgutil.dll

2012-02-04 00:23 . 2012-02-04 00:23 11776 ----a-w- c:\windows\system32\mshta.exe

2012-02-04 00:23 . 2012-02-04 00:23 101888 ----a-w- c:\windows\system32\admparse.dll

2012-02-03 14:19 . 2011-10-31 15:56 7522304 ----a-w- c:\windows\system32\drivers\NETwNs32.sys

2012-02-03 14:19 . 2010-05-18 22:31 2760704 ----a-w- c:\windows\system32\NETwNr32.dll

2012-02-03 14:19 . 2010-05-18 22:29 684032 ----a-w- c:\windows\system32\NETwNc32.dll

2012-01-31 12:44 . 2012-02-02 19:02 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-17 04:39 . 2012-02-03 14:25 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A22EA17E-FE7D-457E-8232-0352C1BAC298}\mpengine.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]

"WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2011-05-13 1449312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-01-19 1236992]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]

.

c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-6 26945440]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-2-20 603504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]

R3 CFcatchme;CFcatchme;c:\users\User\AppData\Local\Temp\CFcatchme.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-06 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 239472]

S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 97136]

S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992]

S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920]

S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2012-02-08 198136]

S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 376688]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]

S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2012-02-03 7522304]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 13167656

*NewlyCreated* - 1708232DRV

*NewlyCreated* - ASWMBR

*NewlyCreated* - KXLDAPOB

*Deregistered* - aswMBR

*Deregistered* - kxldapob

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278735001-178053511-1665522800-1000Core.job

- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:55]

.

2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278735001-178053511-1665522800-1000UA.job

- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:55]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(8048)

c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

Completion time: 2012-04-09 10:43:11

ComboFix-quarantined-files.txt 2012-04-09 09:43

ComboFix2.txt 2012-04-06 15:37

.

Pre-Run: 415,288,967,168 bytes free

Post-Run: 415,231,205,376 bytes free

.

- - End Of File - - 8929F39A66A975EBC5F2EFDC585BAB94

Link to post
Share on other sites

No, in Safe mode they not working as should.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.