Jump to content

flipper202

Members
  • Posts

    19
  • Joined

  • Last visited

Everything posted by flipper202

  1. Hey Maniac, Ran a full scan and everything looks fine. Thank you again for all your help
  2. Hey Maniac, I think it worked! I can restart Windows Security Center and Microsoft Security Essentials. Google seems to be sending me to the right place as well. Thank you! Alex
  3. Maniac, Seems like I just have to re-enable Windows Security Center. Here is the log: Farbar Service Scanner Version: 01-03-2012 Ran by User (administrator) on 11-04-2012 at 08:55:25 Running from "C:\Users\User\Downloads" Microsoft Windows 7 Home Premium Service Pack 1 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Yahoo IP is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is set to Disabled. The default start type is Auto. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcore.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log ****
  4. Google seems to be fine now. Ran a couple searches and didn't send me to some weird ad pages. Only problem is that I still can't turn on Windows Security Center and it won't let me run a scan of Microsoft Security Essentials. Should I re-install them?
  5. Maniac, Please see the log below: MiniToolBox by Farbar Version: 18-01-2012 Ran by User (administrator) on 10-04-2012 at 00:06:46 Microsoft Windows 7 Home Premium Service Pack 1 (X86) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Intel® WiFi Link 1000 BGN = Wireless Network Connection 2 (Connected) Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected) TAP-Win32 Adapter V9 = Local Area Connection 2 (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : User-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : lan Ethernet adapter Local Area Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : TAP-Win32 Adapter V9 Physical Address. . . . . . . . . : 00-FF-19-D5-15-E1 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection 2: Connection-specific DNS Suffix . : lan Description . . . . . . . . . . . : Intel® WiFi Link 1000 BGN Physical Address. . . . . . . . . : 00-1E-64-29-4E-76 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::bc1c:259c:9149:fb51%13(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.65(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 06 April 2012 19:43:37 Lease Expires . . . . . . . . . . : 10 April 2012 15:29:45 Default Gateway . . . . . . . . . : 192.168.1.254 DHCP Server . . . . . . . . . . . : 192.168.1.254 DHCPv6 IAID . . . . . . . . . . . : 335552100 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-BC-91-0E-00-26-2D-70-52-B7 DNS Servers . . . . . . . . . . . : 192.168.1.254 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) Physical Address. . . . . . . . . : 00-26-2D-70-52-B7 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{19D515E1-851B-4B8B-B932-FED1713FC829}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:1498:1d9f:a13d:9821(Preferred) Link-local IPv6 Address . . . . . : fe80::1498:1d9f:a13d:9821%12(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter isatap.lan: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : lan Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{1CAC04CD-6190-4548-83B7-7D9E69D64440}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Server: dsldevice.lan Address: 192.168.1.254 Name: google.com Addresses: 173.194.34.164 173.194.34.161 173.194.34.162 173.194.34.168 173.194.34.163 173.194.34.169 173.194.34.166 173.194.34.165 173.194.34.160 173.194.34.167 173.194.34.174 Pinging google.com [173.194.34.104] with 32 bytes of data: Reply from 173.194.34.104: bytes=32 time=23ms TTL=57 Reply from 173.194.34.104: bytes=32 time=24ms TTL=57 Ping statistics for 173.194.34.104: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 23ms, Maximum = 24ms, Average = 23ms Server: dsldevice.lan Address: 192.168.1.254 Name: yahoo.com Addresses: 98.139.183.24 209.191.122.70 72.30.38.140 Pinging yahoo.com [209.191.122.70] with 32 bytes of data: Reply from 209.191.122.70: bytes=32 time=145ms TTL=54 Reply from 209.191.122.70: bytes=32 time=145ms TTL=54 Ping statistics for 209.191.122.70: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 145ms, Maximum = 145ms, Average = 145ms Server: dsldevice.lan Address: 192.168.1.254 Name: bleepingcomputer.com Address: 208.43.87.2 Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data: Reply from 208.43.87.2: Destination host unreachable. Reply from 208.43.87.2: Destination host unreachable. Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 14...00 ff 19 d5 15 e1 ......TAP-Win32 Adapter V9 13...00 1e 64 29 4e 76 ......Intel® WiFi Link 1000 BGN 10...00 26 2d 70 52 b7 ......Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20) 1...........................Software Loopback Interface 1 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.65 26 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.65 281 192.168.1.65 255.255.255.255 On-link 192.168.1.65 281 192.168.1.255 255.255.255.255 On-link 192.168.1.65 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.65 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.65 281 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 12 58 ::/0 On-link 1 306 ::1/128 On-link 12 58 2001::/32 On-link 12 306 2001:0:5ef5:79fd:1498:1d9f:a13d:9821/128 On-link 13 281 fe80::/64 On-link 12 306 fe80::/64 On-link 12 306 fe80::1498:1d9f:a13d:9821/128 On-link 13 281 fe80::bc1c:259c:9149:fb51/128 On-link 1 306 ff00::/8 On-link 12 306 ff00::/8 On-link 13 281 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 07 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation) Catalog5 08 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation) Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (04/09/2012 11:22:25 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/09/2012 11:22:00 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/09/2012 11:21:07 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error: (04/09/2012 11:20:18 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/09/2012 11:19:25 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/07/2012 02:20:51 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error: (04/07/2012 02:20:10 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/07/2012 02:19:38 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/05/2012 11:46:37 PM) (Source: Application Error) (User: ) Description: Faulting application name: Skype.exe, version: 5.8.0.158, time stamp: 0x4f4de709 Faulting module name: Skype.exe, version: 5.8.0.158, time stamp: 0x4f4de709 Exception code: 0xc0000005 Fault offset: 0x001e4f47 Faulting process id: 0xba8 Faulting application start time: 0xSkype.exe0 Faulting application path: Skype.exe1 Faulting module path: Skype.exe2 Report Id: Skype.exe3 Error: (04/05/2012 10:31:23 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. System errors: ============= Error: (04/10/2012 00:06:35 AM) (Source: NetBT) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. Error: (04/10/2012 00:01:25 AM) (Source: NetBT) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. Error: (04/09/2012 11:56:15 PM) (Source: NetBT) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. Error: (04/09/2012 11:51:05 PM) (Source: NetBT) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. Error: (04/09/2012 11:45:55 PM) (Source: NetBT) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. Error: (04/09/2012 11:40:45 PM) (Source: NetBT) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. Error: (04/09/2012 11:35:35 PM) (Source: NetBT) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. Error: (04/09/2012 11:30:25 PM) (Source: NetBT) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. Error: (04/09/2012 11:25:15 PM) (Source: NetBT) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. Error: (04/09/2012 11:20:05 PM) (Source: NetBT) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. Microsoft Office Sessions: ========================= =========================== Installed Programs ============================ Update for Microsoft Office 2007 (KB2508958) Adobe Flash Player 11 ActiveX (Version: 11.1.102.63) Apple Software Update (Version: 2.1.1.116) BlackBerry Desktop Software 6.1 (Version: 6.1.0.36) BlackBerry Device Software Updater (Version: 6.0.1.37) Broadcom 802.11 Wireless LAN Adapter (Version: 4.10.47.0) Broadcom Wireless Utility (Version: 4.10.47.0) Cisco EAP-FAST Module (Version: 2.2.14) D3DX10 (Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DivX Setup (Version: 2.6.1.8) Dropbox (Version: 1.3.34) DVD43 v4.6.0 Google Chrome (Version: 18.0.1025.151) GStreamer WinBuilds 0.10.6 (GPL) (Version: 0.10.6) HandBrake 0.9.6 (Version: 0.9.6) HP MediaSmart Server 3.0 Update 1 (Version: 3.0.14.33080) HP Update (Version: 4.000.011.006) Java Auto Updater (Version: 2.0.7.1) Java 6 Update 31 (Version: 6.0.310) Lightworks (Version: 10.0.35.0) Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000) Mesh Runtime (Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Antimalware (Version: 3.0.8402.2) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000) Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Security Client (Version: 2.1.1116.0) Microsoft Security Essentials (Version: 2.1.1116.0) Microsoft Silverlight (Version: 4.1.10111.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) MSVCRT (Version: 15.4.2862.0708) Nitro Reader 2 (Version: 2.2.1.14) Picasa 3 (Version: 3.8) QuickTime (Version: 7.62.14.0) Skype Click to Call (Version: 5.9.9216) Skype™ 5.8 (Version: 5.8.158) Spotify (Version: 0.8.2.610.g090a06f8) TunnelBear 1.0.29 (Version: 1.0.29) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0) VLC media player 2.0.0 (Version: 2.0.0) Windows Driver Package - Intel (NETwLv32) net (10/07/2010 13.4.0.139) (Version: 10/07/2010 13.4.0.139) Windows Driver Package - Intel (NETwNs32) net (10/27/2011 14.3.0.6) (Version: 10/27/2011 14.3.0.6) Windows Home Server Connector (Version: 6.0.3436.0) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3538.0513) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Mesh (Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) ========================= Devices: ================================ Name: catchme Description: catchme Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: catchme Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ========================= Memory info: =================================== Percentage of memory in use: 39% Total physical RAM: 1978.79 MB Available physical RAM: 1198.13 MB Total Pagefile: 4212.32 MB Available Pagefile: 2832.63 MB Total Virtual: 2047.88 MB Available Virtual: 1933.21 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:465.66 GB) (Free:385.96 GB) NTFS 2 Drive d: (MTD0EUF1 ) (CDROM) (Total:6.87 GB) (Free:0 GB) UDF ========================= Users: ======================================== User accounts for \\USER-PC Administrator Guest Mcx1-USER-PC User ========================= Minidump Files ================================== No minidump file found **** End of log ****
  6. Yeah, the sneaky thing is still there. In IE, still redirects on google results and won't let me run the Windows Security Center. Would it be better to re-run some of these processes in safe mode or with RKill?
  7. Goodmorning Maniac, here is my new combofix log file: ComboFix 12-04-08.02 - User 09/04/2012 10:29:56.3.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1979.1083 [GMT 1:00] Running from: c:\users\User\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 ))))))))))))))))))))))))))))))) . . 2012-04-09 09:39 . 2012-04-09 09:39 -------- d-----w- c:\users\Mcx1-USER-PC\AppData\Local\temp 2012-04-09 09:39 . 2012-04-09 09:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-05 00:28 . 2012-04-05 00:28 -------- d-----w- c:\users\User\AppData\Roaming\QuickScan 2012-03-28 22:54 . 2012-04-09 09:07 -------- d-----w- c:\programdata\SecTaskMan 2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes 2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\programdata\Malwarebytes 2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-27 22:45 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-27 19:48 . 2012-04-04 23:30 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-03-27 19:48 . 2012-04-04 23:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-03-25 01:05 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBA6C972-5613-475A-9C65-7219A969AC74}\mpengine.dll 2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr 2012-03-17 23:01 . 2012-03-17 23:01 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys 2012-03-17 23:01 . 2012-03-17 23:01 -------- d-----w- c:\program files\dvd43 2012-03-17 20:31 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll 2012-03-17 20:31 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll 2012-03-16 20:29 . 2012-03-25 00:36 -------- d-----w- c:\users\User\AppData\Roaming\dvdcss 2012-03-16 20:28 . 2012-03-25 00:39 -------- d-----w- c:\users\User\AppData\Roaming\HandBrake 2012-03-15 03:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-15 03:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-15 01:12 . 2009-03-09 15:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2012-03-15 01:12 . 2009-03-16 14:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2012-03-15 01:12 . 2009-03-16 14:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2012-03-15 01:12 . 2009-03-16 14:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2012-03-15 01:11 . 2012-03-15 01:11 -------- d-----w- c:\program files\Lightworks 2012-03-15 00:36 . 2012-03-15 00:36 -------- d-----w- c:\program files\OSSBuild 2012-03-15 00:27 . 2012-03-15 00:41 -------- d-----w- c:\program files\Handbrake 2012-03-14 23:48 . 2012-03-14 23:48 -------- d-----w- c:\program files\Common Files\Java 2012-03-14 23:47 . 2012-03-14 23:47 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-14 23:47 . 2012-03-14 23:47 -------- d-----w- c:\program files\Java 2012-03-13 23:50 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-03-13 23:50 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-03-13 23:49 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-13 23:49 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-13 23:49 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-13 23:49 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-13 23:49 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-13 23:49 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-14 02:15 . 2012-02-05 04:33 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-03-06 23:50 . 2012-02-03 14:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-27 22:49 . 2012-02-27 22:49 53248 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe 2012-02-20 07:39 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2012-02-17 01:36 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-02-10 16:58 . 2012-02-10 17:00 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7CDCC94C-D765-4D15-8A85-B8550996959A}\gapaengine.dll 2012-02-08 22:59 . 2012-02-12 23:30 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll 2012-02-08 22:59 . 2012-02-12 23:30 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll 2012-02-06 19:23 . 2012-02-06 19:23 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-02-06 19:23 . 2012-02-06 19:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-02-06 19:22 . 2012-02-06 19:22 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-02-04 12:37 . 2012-02-10 17:00 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-02-04 00:23 . 2012-02-04 00:23 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-02-04 00:23 . 2012-02-04 00:23 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-02-04 00:23 . 2012-02-04 00:23 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-02-04 00:23 . 2012-02-04 00:23 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-02-04 00:23 . 2012-02-04 00:23 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-02-04 00:23 . 2012-02-04 00:23 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-02-04 00:23 . 2012-02-04 00:23 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-02-04 00:23 . 2012-02-04 00:23 367104 ----a-w- c:\windows\system32\html.iec 2012-02-04 00:23 . 2012-02-04 00:23 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-02-04 00:23 . 2012-02-04 00:23 161792 ----a-w- c:\windows\system32\msls31.dll 2012-02-04 00:23 . 2012-02-04 00:23 152064 ----a-w- c:\windows\system32\wextract.exe 2012-02-04 00:23 . 2012-02-04 00:23 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-02-04 00:23 . 2012-02-04 00:23 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-02-04 00:23 . 2012-02-04 00:23 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-02-04 00:23 . 2012-02-04 00:23 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-02-04 00:23 . 2012-02-04 00:23 11776 ----a-w- c:\windows\system32\mshta.exe 2012-02-04 00:23 . 2012-02-04 00:23 101888 ----a-w- c:\windows\system32\admparse.dll 2012-02-03 14:19 . 2011-10-31 15:56 7522304 ----a-w- c:\windows\system32\drivers\NETwNs32.sys 2012-02-03 14:19 . 2010-05-18 22:31 2760704 ----a-w- c:\windows\system32\NETwNr32.dll 2012-02-03 14:19 . 2010-05-18 22:29 684032 ----a-w- c:\windows\system32\NETwNc32.dll 2012-01-31 12:44 . 2012-02-02 19:02 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-17 04:39 . 2012-02-03 14:25 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A22EA17E-FE7D-457E-8232-0352C1BAC298}\mpengine.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552] "WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2011-05-13 1449312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-01-19 1236992] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904] . c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-6 26945440] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-2-20 603504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856] R3 CFcatchme;CFcatchme;c:\users\User\AppData\Local\Temp\CFcatchme.sys [x] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-06 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 239472] S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 97136] S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992] S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920] S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2012-02-08 198136] S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 376688] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688] S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2012-02-03 7522304] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 13167656 *NewlyCreated* - 1708232DRV *NewlyCreated* - ASWMBR *NewlyCreated* - KXLDAPOB *Deregistered* - aswMBR *Deregistered* - kxldapob . Contents of the 'Scheduled Tasks' folder . 2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278735001-178053511-1665522800-1000Core.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:55] . 2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278735001-178053511-1665522800-1000UA.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:55] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(8048) c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . Completion time: 2012-04-09 10:43:11 ComboFix-quarantined-files.txt 2012-04-09 09:43 ComboFix2.txt 2012-04-06 15:37 . Pre-Run: 415,288,967,168 bytes free Post-Run: 415,231,205,376 bytes free . - - End Of File - - 8929F39A66A975EBC5F2EFDC585BAB94
  8. <p> </p> <div>Status: Disinfected (events: 1)<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>08/04/2012 17:18:36<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program HEUR:Trojan.Win32.Generic<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\User\Downloads\google_.zip<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>Status: Quarantined (events: 2)<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>08/04/2012 17:18:36<span class="Apple-tab-span" style="white-space:pre"> </span>Quarantined<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program HEUR:Trojan.Win32.Generic<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\User\Downloads\google_.zip/google_.exe<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>08/04/2012 17:18:36<span class="Apple-tab-span" style="white-space:pre"> </span>Quarantined<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program HEUR:Trojan.Win32.Generic<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\User\Downloads\google_.zip/google_.exe//UPX<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div> </div>
  9. <p>Maniac,</p> <p> </p> <p>See below the log:</p> <p> </p> <p> </p> <div>Status: Disinfected (events: 1)<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>08/04/2012 17:18:36<span class="Apple-tab-span" style="white-space:pre"> </span>Disinfected<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program HEUR:Trojan.Win32.Generic<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\User\Downloads\google_.zip<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>Status: Quarantined (events: 2)<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>08/04/2012 17:18:36<span class="Apple-tab-span" style="white-space:pre"> </span>Quarantined<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program HEUR:Trojan.Win32.Generic<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\User\Downloads\google_.zip/google_.exe<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div>08/04/2012 17:18:36<span class="Apple-tab-span" style="white-space:pre"> </span>Quarantined<span class="Apple-tab-span" style="white-space:pre"> </span>Trojan program HEUR:Trojan.Win32.Generic<span class="Apple-tab-span" style="white-space:pre"> </span>C:\Documents and Settings\User\Downloads\google_.zip/google_.exe//UPX<span class="Apple-tab-span" style="white-space:pre"> </span>High<span class="Apple-tab-span" style="white-space:pre"> </span></div> <div> </div>
  10. Maniac, I ran the scan again..this was the file that was in the threat quarantine: C:\\Windows\System32\C_20297U.dll thanks! Let me know what else I can do.
  11. <p>Hmmm not sure if this log correct:</p> <p> </p> <p> </p> <div>ESETSmartInstaller@High as CAB hook log:</div> <div>OnlineScanner.ocx - registred OK</div> <div> </div> <div>I did a scan and it came out that there was a threat that was quarantined. Let me know if I need to re-run.</div>
  12. Maniac, I think I did this right. Here is the log file for GMER GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-07 14:14:24 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 ST9500325AS rev.0001SDM1 Running: m0ic33pn.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 82A933D9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82ACCD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? C:\Users\User\AppData\Local\Temp\aswMBR.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtCreateFile + 6 77CA55CE 4 Bytes [28, 00, 2D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtCreateFile + B 77CA55D3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 1 Byte [28] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 4 Bytes [28, 03, 2D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtMapViewOfSection + B 77CA5C33 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenFile + 6 77CA5CDE 4 Bytes [68, 00, 2D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenFile + B 77CA5CE3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenProcess + 6 77CA5D8E 4 Bytes [A8, 01, 2D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenProcess + B 77CA5D93 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenProcessToken + 6 77CA5D9E 4 Bytes CALL 76CA8AA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenProcessToken + B 77CA5DA3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenProcessTokenEx + 6 77CA5DAE 4 Bytes [A8, 02, 2D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenProcessTokenEx + B 77CA5DB3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenThread + 6 77CA5E0E 4 Bytes [68, 01, 2D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenThread + B 77CA5E13 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenThreadToken + 6 77CA5E1E 4 Bytes [68, 02, 2D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenThreadToken + B 77CA5E23 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenThreadTokenEx + 6 77CA5E2E 4 Bytes CALL 76CA8B35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtOpenThreadTokenEx + B 77CA5E33 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtQueryAttributesFile + 6 77CA5F3E 4 Bytes [A8, 00, 2D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtQueryAttributesFile + B 77CA5F43 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtQueryFullAttributesFile + 6 77CA5FEE 4 Bytes CALL 76CA8CF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtQueryFullAttributesFile + B 77CA5FF3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtSetInformationFile + 6 77CA663E 4 Bytes [28, 01, 2D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtSetInformationFile + B 77CA6643 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtSetInformationThread + 6 77CA669E 4 Bytes [28, 02, 2D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtSetInformationThread + B 77CA66A3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 1 Byte [68] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 4 Bytes [68, 03, 2D, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[260] ntdll.dll!NtUnmapViewOfSection + B 77CA69C3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtCreateFile + 6 77CA55CE 4 Bytes [28, 00, 13, 00] {SUB [EAX], AL; ADC EAX, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtCreateFile + B 77CA55D3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 1 Byte [28] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 4 Bytes [28, 03, 13, 00] {SUB [EBX], AL; ADC EAX, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtMapViewOfSection + B 77CA5C33 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenFile + 6 77CA5CDE 4 Bytes [68, 00, 13, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenFile + B 77CA5CE3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcess + 6 77CA5D8E 4 Bytes [A8, 01, 13, 00] {TEST AL, 0x1; ADC EAX, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcess + B 77CA5D93 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcessToken + 6 77CA5D9E 4 Bytes CALL 76CA70A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcessToken + B 77CA5DA3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcessTokenEx + 6 77CA5DAE 4 Bytes [A8, 02, 13, 00] {TEST AL, 0x2; ADC EAX, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenProcessTokenEx + B 77CA5DB3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThread + 6 77CA5E0E 4 Bytes [68, 01, 13, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThread + B 77CA5E13 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThreadToken + 6 77CA5E1E 4 Bytes [68, 02, 13, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThreadToken + B 77CA5E23 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThreadTokenEx + 6 77CA5E2E 4 Bytes CALL 76CA7135 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtOpenThreadTokenEx + B 77CA5E33 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtQueryAttributesFile + 6 77CA5F3E 4 Bytes [A8, 00, 13, 00] {TEST AL, 0x0; ADC EAX, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtQueryAttributesFile + B 77CA5F43 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtQueryFullAttributesFile + 6 77CA5FEE 4 Bytes CALL 76CA72F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtQueryFullAttributesFile + B 77CA5FF3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtSetInformationFile + 6 77CA663E 4 Bytes [28, 01, 13, 00] {SUB [ECX], AL; ADC EAX, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtSetInformationFile + B 77CA6643 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtSetInformationThread + 6 77CA669E 4 Bytes [28, 02, 13, 00] {SUB [EDX], AL; ADC EAX, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtSetInformationThread + B 77CA66A3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 1 Byte [68] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 4 Bytes [68, 03, 13, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[308] ntdll.dll!NtUnmapViewOfSection + B 77CA69C3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] ntdll.dll!NtQueryInformationProcess 77CA6048 5 Bytes JMP 027B5A3A .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] GDI32.dll!ExtTextOutW 77398192 5 Bytes JMP 0279F09E .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] GDI32.dll!GetGlyphIndicesW 7739B78F 5 Bytes JMP 0279F52B .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] GDI32.dll!TextOutW 7739FDE4 5 Bytes JMP 0279EB6A .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] GDI32.dll!ExtTextOutA 773A03F9 5 Bytes JMP 0279EFBA .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] GDI32.dll!TextOutA 773A077D 5 Bytes JMP 0279EA9E .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] GDI32.dll!GetGlyphIndicesA 773BBB6A 5 Bytes JMP 0279F45E .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!DrawTextExW 775D5894 5 Bytes JMP 0279EED3 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!DrawTextW 775D5B6A 5 Bytes JMP 0279ED11 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!SetClipboardData 775E2962 5 Bytes JMP 0279E987 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!DialogBoxParamW 775E3B9B 5 Bytes JMP 0279DC86 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!DrawTextA 775EAE29 5 Bytes JMP 0279EC36 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] USER32.dll!DrawTextExA 775EAE60 5 Bytes JMP 0279EDEC .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!closesocket 77DB3918 5 Bytes JMP 0279E8E0 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!getaddrinfo 77DB4296 5 Bytes JMP 0279D7D7 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!WSASend 77DB4406 5 Bytes JMP 0279E5A8 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!GetAddrInfoW 77DB4889 5 Bytes JMP 0279D8B7 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!recv 77DB6B0E 5 Bytes JMP 0279E4FA .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!send 77DB6F01 5 Bytes JMP 0279E455 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!WSARecv 77DB7089 5 Bytes JMP 0279E67C .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!WSAGetOverlappedResult 77DB7489 5 Bytes JMP 0279E7C0 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!WSAAsyncGetHostByName 77DC726A 5 Bytes JMP 0279DBA7 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WS2_32.dll!gethostbyname 77DC7673 5 Bytes JMP 0279D716 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WININET.dll!InternetCrackUrlA 77710326 5 Bytes JMP 0279F7F1 .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[1752] WININET.dll!InternetCrackUrlW 77723129 5 Bytes JMP 0279F93A .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtCreateFile + 6 77CA55CE 4 Bytes [28, 00, 0A, 00] {SUB [EAX], AL; OR AL, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtCreateFile + B 77CA55D3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 1 Byte [28] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 4 Bytes [28, 03, 0A, 00] {SUB [EBX], AL; OR AL, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtMapViewOfSection + B 77CA5C33 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenFile + 6 77CA5CDE 4 Bytes [68, 00, 0A, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenFile + B 77CA5CE3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcess + 6 77CA5D8E 4 Bytes [A8, 01, 0A, 00] {TEST AL, 0x1; OR AL, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcess + B 77CA5D93 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessToken + 6 77CA5D9E 4 Bytes CALL 76CA67A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessToken + B 77CA5DA3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessTokenEx + 6 77CA5DAE 4 Bytes [A8, 02, 0A, 00] {TEST AL, 0x2; OR AL, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessTokenEx + B 77CA5DB3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThread + 6 77CA5E0E 4 Bytes [68, 01, 0A, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThread + B 77CA5E13 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadToken + 6 77CA5E1E 4 Bytes [68, 02, 0A, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadToken + B 77CA5E23 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadTokenEx + 6 77CA5E2E 4 Bytes CALL 76CA6835 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadTokenEx + B 77CA5E33 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryAttributesFile + 6 77CA5F3E 4 Bytes [A8, 00, 0A, 00] {TEST AL, 0x0; OR AL, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryAttributesFile + B 77CA5F43 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryFullAttributesFile + 6 77CA5FEE 4 Bytes CALL 76CA69F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryFullAttributesFile + B 77CA5FF3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationFile + 6 77CA663E 4 Bytes [28, 01, 0A, 00] {SUB [ECX], AL; OR AL, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationFile + B 77CA6643 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationThread + 6 77CA669E 4 Bytes [28, 02, 0A, 00] {SUB [EDX], AL; OR AL, [EAX]} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationThread + B 77CA66A3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 1 Byte [68] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 4 Bytes [68, 03, 0A, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtUnmapViewOfSection + B 77CA69C3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtCreateFile + 6 77CA55CE 4 Bytes [28, 00, 48, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtCreateFile + B 77CA55D3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 1 Byte [28] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 4 Bytes [28, 03, 48, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtMapViewOfSection + B 77CA5C33 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenFile + 6 77CA5CDE 4 Bytes [68, 00, 48, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenFile + B 77CA5CE3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcess + 6 77CA5D8E 4 Bytes [A8, 01, 48, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcess + B 77CA5D93 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcessToken + 6 77CA5D9E 4 Bytes CALL 76CAA5A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcessToken + B 77CA5DA3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcessTokenEx + 6 77CA5DAE 4 Bytes [A8, 02, 48, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenProcessTokenEx + B 77CA5DB3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThread + 6 77CA5E0E 4 Bytes [68, 01, 48, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThread + B 77CA5E13 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThreadToken + 6 77CA5E1E 4 Bytes [68, 02, 48, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThreadToken + B 77CA5E23 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThreadTokenEx + 6 77CA5E2E 4 Bytes CALL 76CAA635 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtOpenThreadTokenEx + B 77CA5E33 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtQueryAttributesFile + 6 77CA5F3E 4 Bytes [A8, 00, 48, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtQueryAttributesFile + B 77CA5F43 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtQueryFullAttributesFile + 6 77CA5FEE 4 Bytes CALL 76CAA7F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtQueryFullAttributesFile + B 77CA5FF3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtSetInformationFile + 6 77CA663E 4 Bytes [28, 01, 48, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtSetInformationFile + B 77CA6643 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtSetInformationThread + 6 77CA669E 4 Bytes [28, 02, 48, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtSetInformationThread + B 77CA66A3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 1 Byte [68] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 4 Bytes [68, 03, 48, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5704] ntdll.dll!NtUnmapViewOfSection + B 77CA69C3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtCreateFile + 6 77CA55CE 4 Bytes [28, 00, 31, 00] {SUB [EAX], AL; XOR [EAX], EAX} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtCreateFile + B 77CA55D3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 1 Byte [28] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtMapViewOfSection + 6 77CA5C2E 4 Bytes [28, 03, 31, 00] {SUB [EBX], AL; XOR [EAX], EAX} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtMapViewOfSection + B 77CA5C33 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenFile + 6 77CA5CDE 4 Bytes [68, 00, 31, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenFile + B 77CA5CE3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcess + 6 77CA5D8E 4 Bytes [A8, 01, 31, 00] {TEST AL, 0x1; XOR [EAX], EAX} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcess + B 77CA5D93 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcessToken + 6 77CA5D9E 4 Bytes CALL 76CA8EA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcessToken + B 77CA5DA3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcessTokenEx + 6 77CA5DAE 4 Bytes [A8, 02, 31, 00] {TEST AL, 0x2; XOR [EAX], EAX} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenProcessTokenEx + B 77CA5DB3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThread + 6 77CA5E0E 4 Bytes [68, 01, 31, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThread + B 77CA5E13 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThreadToken + 6 77CA5E1E 4 Bytes [68, 02, 31, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThreadToken + B 77CA5E23 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThreadTokenEx + 6 77CA5E2E 4 Bytes CALL 76CA8F35 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtOpenThreadTokenEx + B 77CA5E33 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtQueryAttributesFile + 6 77CA5F3E 4 Bytes [A8, 00, 31, 00] {TEST AL, 0x0; XOR [EAX], EAX} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtQueryAttributesFile + B 77CA5F43 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtQueryFullAttributesFile + 6 77CA5FEE 4 Bytes CALL 76CA90F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation) .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtQueryFullAttributesFile + B 77CA5FF3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtSetInformationFile + 6 77CA663E 4 Bytes [28, 01, 31, 00] {SUB [ECX], AL; XOR [EAX], EAX} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtSetInformationFile + B 77CA6643 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtSetInformationThread + 6 77CA669E 4 Bytes [28, 02, 31, 00] {SUB [EDX], AL; XOR [EAX], EAX} .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtSetInformationThread + B 77CA66A3 1 Byte [E2] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 1 Byte [68] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtUnmapViewOfSection + 6 77CA69BE 4 Bytes [68, 03, 31, 00] .text C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe[5820] ntdll.dll!NtUnmapViewOfSection + B 77CA69C3 1 Byte [E2] ---- EOF - GMER 1.0.15 ----
  13. Maniac, here is the log aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-04-07 02:57:22 ----------------------------- 02:57:22.903 OS Version: Windows 6.1.7601 Service Pack 1 02:57:22.903 Number of processors: 2 586 0x170A 02:57:22.903 ComputerName: USER-PC UserName: User 02:57:24.385 Initialize success 02:58:17.854 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 02:58:17.858 Disk 0 Vendor: ST9500325AS 0001SDM1 Size: 476940MB BusType: 11 02:58:17.870 Disk 0 MBR read successfully 02:58:17.875 Disk 0 MBR scan 02:58:17.879 Disk 0 Windows 7 default MBR code 02:58:17.892 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 02:58:17.907 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848 02:58:17.915 Disk 0 scanning sectors +976771072 02:58:18.006 Disk 0 scanning C:\Windows\system32\drivers 02:58:25.033 Service scanning 02:58:40.378 Modules scanning 02:58:49.340 Disk 0 trace - called modules: 02:58:49.372 ntkrnlpa.exe CLASSPNP.SYS disk.sys dvd43llh.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 02:58:49.372 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8562f7d0] 02:58:49.902 3 CLASSPNP.SYS[8898159e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x847ba030] 02:58:49.902 \Driver\atapi[0x85137f38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> dvd43llh.sys[0x945c7b20] 02:58:49.918 Scan finished successfully 02:59:05.973 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat" 02:59:05.989 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"
  14. Maniac, Ok I've done that. See below: ComboFix 12-04-06.02 - User 06/04/2012 16:21:51.2.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1979.1260 [GMT 1:00] Running from: c:\users\User\Desktop\ComboFix.exe Command switches used :: c:\users\User\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . file zipped: c:\windows\system32\C_20297U.dll file zipped: c:\windows\Tasks\MQZBYM.job . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_69743802 . . ((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 ))))))))))))))))))))))))))))))) . . 2012-04-06 15:30 . 2012-04-06 15:30 -------- d-----w- c:\users\Mcx1-USER-PC\AppData\Local\temp 2012-04-06 15:30 . 2012-04-06 15:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-05 00:28 . 2012-04-05 00:28 -------- d-----w- c:\users\User\AppData\Roaming\QuickScan 2012-03-28 22:54 . 2012-03-28 22:57 -------- d-----w- c:\programdata\SecTaskMan 2012-03-28 22:54 . 2012-03-28 22:54 -------- d-----w- c:\program files\Security Task Manager 2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes 2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\programdata\Malwarebytes 2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-27 22:45 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-27 19:48 . 2012-04-04 23:30 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-03-27 19:48 . 2012-04-04 23:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-03-25 13:26 . 2012-03-25 13:26 102912 --sha-r- c:\windows\system32\C_20297U.dll 2012-03-25 01:05 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBA6C972-5613-475A-9C65-7219A969AC74}\mpengine.dll 2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr 2012-03-17 23:01 . 2012-03-17 23:01 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys 2012-03-17 23:01 . 2012-03-17 23:01 -------- d-----w- c:\program files\dvd43 2012-03-17 20:31 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll 2012-03-17 20:31 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll 2012-03-16 20:29 . 2012-03-25 00:36 -------- d-----w- c:\users\User\AppData\Roaming\dvdcss 2012-03-16 20:28 . 2012-03-25 00:39 -------- d-----w- c:\users\User\AppData\Roaming\HandBrake 2012-03-15 03:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-15 03:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-15 01:12 . 2009-03-09 15:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2012-03-15 01:12 . 2009-03-16 14:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2012-03-15 01:12 . 2009-03-16 14:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2012-03-15 01:12 . 2009-03-16 14:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2012-03-15 01:11 . 2012-03-15 01:11 -------- d-----w- c:\program files\Lightworks 2012-03-15 00:36 . 2012-03-15 00:36 -------- d-----w- c:\program files\OSSBuild 2012-03-15 00:27 . 2012-03-15 00:41 -------- d-----w- c:\program files\Handbrake 2012-03-14 23:48 . 2012-03-14 23:48 -------- d-----w- c:\program files\Common Files\Java 2012-03-14 23:47 . 2012-03-14 23:47 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-14 23:47 . 2012-03-14 23:47 -------- d-----w- c:\program files\Java 2012-03-13 23:50 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-03-13 23:50 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-03-13 23:49 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-13 23:49 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-13 23:49 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-13 23:49 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-13 23:49 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-13 23:49 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-09 22:15 . 2012-04-05 22:26 -------- d-----w- c:\users\User\AppData\Roaming\vlc 2012-03-09 22:12 . 2012-03-09 22:12 -------- d-----w- c:\program files\VideoLAN . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-14 02:15 . 2012-02-05 04:33 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-03-06 23:50 . 2012-02-03 14:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-27 22:49 . 2012-02-27 22:49 53248 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe 2012-02-20 07:39 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2012-02-17 01:36 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-02-10 16:58 . 2012-02-10 17:00 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7CDCC94C-D765-4D15-8A85-B8550996959A}\gapaengine.dll 2012-02-08 22:59 . 2012-02-12 23:30 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll 2012-02-08 22:59 . 2012-02-12 23:30 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll 2012-02-06 19:23 . 2012-02-06 19:23 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-02-06 19:23 . 2012-02-06 19:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-02-06 19:22 . 2012-02-06 19:22 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-02-04 12:37 . 2012-02-10 17:00 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-02-04 00:23 . 2012-02-04 00:23 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-02-04 00:23 . 2012-02-04 00:23 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-02-04 00:23 . 2012-02-04 00:23 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-02-04 00:23 . 2012-02-04 00:23 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-02-04 00:23 . 2012-02-04 00:23 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-02-04 00:23 . 2012-02-04 00:23 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-02-04 00:23 . 2012-02-04 00:23 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-02-04 00:23 . 2012-02-04 00:23 367104 ----a-w- c:\windows\system32\html.iec 2012-02-04 00:23 . 2012-02-04 00:23 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-02-04 00:23 . 2012-02-04 00:23 161792 ----a-w- c:\windows\system32\msls31.dll 2012-02-04 00:23 . 2012-02-04 00:23 152064 ----a-w- c:\windows\system32\wextract.exe 2012-02-04 00:23 . 2012-02-04 00:23 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-02-04 00:23 . 2012-02-04 00:23 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-02-04 00:23 . 2012-02-04 00:23 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-02-04 00:23 . 2012-02-04 00:23 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-02-04 00:23 . 2012-02-04 00:23 11776 ----a-w- c:\windows\system32\mshta.exe 2012-02-04 00:23 . 2012-02-04 00:23 101888 ----a-w- c:\windows\system32\admparse.dll 2012-02-03 14:19 . 2011-10-31 15:56 7522304 ----a-w- c:\windows\system32\drivers\NETwNs32.sys 2012-02-03 14:19 . 2010-05-18 22:31 2760704 ----a-w- c:\windows\system32\NETwNr32.dll 2012-02-03 14:19 . 2010-05-18 22:29 684032 ----a-w- c:\windows\system32\NETwNc32.dll 2012-01-31 12:44 . 2012-02-02 19:02 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-17 04:39 . 2012-02-03 14:25 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A22EA17E-FE7D-457E-8232-0352C1BAC298}\mpengine.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552] "WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2011-05-13 1449312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-01-19 1236992] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904] . c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-6 26945440] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-2-20 603504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856] R3 CFcatchme;CFcatchme;c:\users\User\AppData\Local\Temp\CFcatchme.sys [x] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-06 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 239472] S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 97136] S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992] S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920] S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2012-02-08 198136] S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 376688] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688] S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2012-02-03 7522304] . . Contents of the 'Scheduled Tasks' folder . 2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278735001-178053511-1665522800-1000Core.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:55] . 2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278735001-178053511-1665522800-1000UA.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:55] . 2012-04-06 c:\windows\Tasks\MQZBYM.job - c:\windows\system32\C_20297U.dll [2012-03-25 13:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(4040) c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\windows\system32\rundll32.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\conhost.exe c:\windows\system32\DllHost.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Completion time: 2012-04-06 16:36:48 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-06 15:36 ComboFix2.txt 2012-04-06 14:04 . Pre-Run: 415,926,677,504 bytes free Post-Run: 415,690,604,544 bytes free . - - End Of File - - 8DF30253AE9173FEF3D7F33E2CC71704 Upload was successful
  15. Hey Maniac, Here is my combofix file log: ComboFix 12-04-06.02 - User 06/04/2012 14:52:29.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1979.1210 [GMT 1:00] Running from: c:\users\User\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe . . ((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 ))))))))))))))))))))))))))))))) . . 2012-04-06 14:00 . 2012-04-06 14:00 -------- d-----w- c:\users\Mcx1-USER-PC\AppData\Local\temp 2012-04-06 14:00 . 2012-04-06 14:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-05 00:28 . 2012-04-05 00:28 -------- d-----w- c:\users\User\AppData\Roaming\QuickScan 2012-03-28 22:54 . 2012-03-28 22:57 -------- d-----w- c:\programdata\SecTaskMan 2012-03-28 22:54 . 2012-03-28 22:54 -------- d-----w- c:\program files\Security Task Manager 2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes 2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\programdata\Malwarebytes 2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-27 22:45 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-27 19:48 . 2012-04-04 23:30 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-03-27 19:48 . 2012-04-04 23:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-03-25 13:26 . 2012-03-25 13:26 102912 --sha-r- c:\windows\system32\C_20297U.dll 2012-03-25 01:05 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBA6C972-5613-475A-9C65-7219A969AC74}\mpengine.dll 2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr 2012-03-17 23:01 . 2012-03-17 23:01 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys 2012-03-17 23:01 . 2012-03-17 23:01 -------- d-----w- c:\program files\dvd43 2012-03-17 20:31 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll 2012-03-17 20:31 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll 2012-03-16 20:29 . 2012-03-25 00:36 -------- d-----w- c:\users\User\AppData\Roaming\dvdcss 2012-03-16 20:28 . 2012-03-25 00:39 -------- d-----w- c:\users\User\AppData\Roaming\HandBrake 2012-03-15 03:01 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-15 03:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-15 01:12 . 2009-03-09 15:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2012-03-15 01:12 . 2009-03-16 14:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2012-03-15 01:12 . 2009-03-16 14:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2012-03-15 01:12 . 2009-03-16 14:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2012-03-15 01:11 . 2012-03-15 01:11 -------- d-----w- c:\program files\Lightworks 2012-03-15 00:36 . 2012-03-15 00:36 -------- d-----w- c:\program files\OSSBuild 2012-03-15 00:27 . 2012-03-15 00:41 -------- d-----w- c:\program files\Handbrake 2012-03-14 23:48 . 2012-03-14 23:48 -------- d-----w- c:\program files\Common Files\Java 2012-03-14 23:47 . 2012-03-14 23:47 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-14 23:47 . 2012-03-14 23:47 -------- d-----w- c:\program files\Java 2012-03-13 23:50 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-03-13 23:50 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-03-13 23:49 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-13 23:49 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-13 23:49 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-13 23:49 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-13 23:49 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-13 23:49 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-09 22:15 . 2012-04-05 22:26 -------- d-----w- c:\users\User\AppData\Roaming\vlc 2012-03-09 22:12 . 2012-03-09 22:12 -------- d-----w- c:\program files\VideoLAN . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-14 02:15 . 2012-02-05 04:33 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-03-06 23:50 . 2012-02-03 14:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-27 22:49 . 2012-02-27 22:49 53248 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe 2012-02-20 07:39 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2012-02-17 01:36 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-02-10 16:58 . 2012-02-10 17:00 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7CDCC94C-D765-4D15-8A85-B8550996959A}\gapaengine.dll 2012-02-08 22:59 . 2012-02-12 23:30 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll 2012-02-08 22:59 . 2012-02-12 23:30 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll 2012-02-06 19:23 . 2012-02-06 19:23 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-02-06 19:23 . 2012-02-06 19:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-02-06 19:22 . 2012-02-06 19:22 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-02-04 12:37 . 2012-02-10 17:00 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-02-04 00:23 . 2012-02-04 00:23 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-02-04 00:23 . 2012-02-04 00:23 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-02-04 00:23 . 2012-02-04 00:23 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-02-04 00:23 . 2012-02-04 00:23 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-02-04 00:23 . 2012-02-04 00:23 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-02-04 00:23 . 2012-02-04 00:23 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-02-04 00:23 . 2012-02-04 00:23 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-02-04 00:23 . 2012-02-04 00:23 367104 ----a-w- c:\windows\system32\html.iec 2012-02-04 00:23 . 2012-02-04 00:23 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-02-04 00:23 . 2012-02-04 00:23 161792 ----a-w- c:\windows\system32\msls31.dll 2012-02-04 00:23 . 2012-02-04 00:23 152064 ----a-w- c:\windows\system32\wextract.exe 2012-02-04 00:23 . 2012-02-04 00:23 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-02-04 00:23 . 2012-02-04 00:23 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-02-04 00:23 . 2012-02-04 00:23 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-02-04 00:23 . 2012-02-04 00:23 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-02-04 00:23 . 2012-02-04 00:23 11776 ----a-w- c:\windows\system32\mshta.exe 2012-02-04 00:23 . 2012-02-04 00:23 101888 ----a-w- c:\windows\system32\admparse.dll 2012-02-03 14:19 . 2011-10-31 15:56 7522304 ----a-w- c:\windows\system32\drivers\NETwNs32.sys 2012-02-03 14:19 . 2010-05-18 22:31 2760704 ----a-w- c:\windows\system32\NETwNr32.dll 2012-02-03 14:19 . 2010-05-18 22:29 684032 ----a-w- c:\windows\system32\NETwNc32.dll 2012-01-31 12:44 . 2012-02-02 19:02 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-17 04:39 . 2012-02-03 14:25 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A22EA17E-FE7D-457E-8232-0352C1BAC298}\mpengine.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552] "WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2011-05-13 1449312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-01-19 1236992] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904] . c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-4-6 26945440] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-2-20 603504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-06 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 239472] S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 97136] S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992] S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920] S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2012-02-08 198136] S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 376688] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688] S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2012-02-03 7522304] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 69743802 *NewlyCreated* - FIXTDSS *Deregistered* - 69743802 *Deregistered* - FixTDSS . Contents of the 'Scheduled Tasks' folder . 2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278735001-178053511-1665522800-1000Core.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:55] . 2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4278735001-178053511-1665522800-1000UA.job - c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-03 20:55] . 2012-04-06 c:\windows\Tasks\MQZBYM.job - c:\windows\system32\C_20297U.dll [2012-03-25 13:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file) WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file) AddRemove-2364577090.go.sky.com - c:\program files\Microsoft Silverlight\4.0.60831.0\Silverlight.Configuration.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-04-06 15:04:21 ComboFix-quarantined-files.txt 2012-04-06 14:04 . Pre-Run: 415,705,190,400 bytes free Post-Run: 415,864,659,968 bytes free . - - End Of File - - A89DC5B946FE08110A794195A68C6F99
  16. hmm.. gonna try again to see if i can get rid of the html stuff. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by User at 23:54:12 on 2012-04-05 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1979.614 [GMT 1:00] . AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\rundll32.exe C:\Program Files\Windows Home Server\esClient.exe C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Windows Home Server\WHSConnector.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\rundll32.exe C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\dvd43\DVD43_Tray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Live\Mesh\WLSync.exe C:\Program Files\Windows Home Server\WHSTrayApp.exe C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Users\User\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe C:\Program Files\Windows Live\Mesh\MOE.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\notepad.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\notepad.exe C:\Windows\system32\WerFault.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.uk/ BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun uRun: [WLSync] "c:\program files\windows live\mesh\WLSync.exe" /background mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{19D515E1-851B-4B8B-B932-FED1713FC829} : DhcpNameServer = 8.8.8.8 TCP: Interfaces\{1CAC04CD-6190-4548-83B7-7D9E69D64440} : DhcpNameServer = 192.168.2.254 TCP: Interfaces\{24361609-8878-4E49-81C8-CAEC513AF1CE} : DhcpNameServer = 192.168.22.1 TCP: Interfaces\{9ECA6236-A346-4024-AD93-2F771B7C5548} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{9ECA6236-A346-4024-AD93-2F771B7C5548}\D49616F6 : DhcpNameServer = 192.168.22.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 239472] R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2011-1-10 97136] R2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\hewlett-packard\hp mediasmart server\MSSConnectorService.exe [2009-10-5 20992] R2 MediaCollectorService;MediaCollectorService;c:\program files\hewlett-packard\hp mediasmart server\MediaCollectorClient.exe [2009-10-5 81920] R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-2-9 198136] R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-5 40776] R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-10-31 7522304] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392] S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-2-4 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-2-6 1343400] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-04-05 22:33:59 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-04-05 00:28:11 -------- d-----w- c:\users\user\appdata\roaming\QuickScan 2012-04-04 23:48:10 -------- d-----w- c:\users\user\appdata\local\{DA52D89C-6741-48D5-BEF0-C77F65DF6450} 2012-04-04 23:47:55 -------- d-----w- c:\users\user\appdata\local\{44EFC2E9-F48E-4579-8084-3BCF813A67FD} 2012-04-04 23:37:45 -------- d-----w- c:\users\user\appdata\local\{11AC4AD2-9364-4E52-87CD-A62C97BA2558} 2012-04-04 23:37:34 -------- d-----w- c:\users\user\appdata\local\{C77C6E00-5A1F-47B3-B81D-87CDF094698C} 2012-04-04 23:32:11 -------- d-----w- c:\users\user\appdata\local\{AD0C51B0-A32B-452C-8F86-9E970B449E8E} 2012-04-04 23:31:29 -------- d-----w- c:\users\user\appdata\local\{E25260D0-4336-4241-B68C-10D2BCF8BE80} 2012-04-04 08:04:18 -------- d-----w- c:\users\user\appdata\local\{F571CE18-FA07-4926-AEAD-3DBF2DE175B3} 2012-04-03 19:29:07 -------- d-----w- c:\users\user\appdata\local\{1950F180-56CF-485B-B3D4-EB440FB85E05} 2012-04-01 19:28:05 -------- d-----w- c:\users\user\appdata\local\{2431BC81-0526-4D96-8574-9EAE2D83692C} 2012-03-28 22:54:20 -------- d-----w- c:\programdata\SecTaskMan 2012-03-28 22:54:16 -------- d-----w- c:\program files\Security Task Manager 2012-03-28 16:16:37 -------- d-----w- c:\users\user\appdata\local\{F8E314AA-5136-4E11-8847-481E2AA13915} 2012-03-28 04:16:12 -------- d-----w- c:\users\user\appdata\local\{52F97560-D165-4FC6-83E9-ED88F069CEFB} 2012-03-28 04:15:58 -------- d-----w- c:\users\user\appdata\local\{E1C90403-E9FD-48BB-8313-5803E8CE120B} 2012-03-27 22:45:09 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes 2012-03-27 22:45:03 -------- d-----w- c:\programdata\Malwarebytes 2012-03-27 22:45:02 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-27 22:45:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-27 19:48:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-03-27 19:48:46 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-03-27 11:09:14 -------- d-----w- c:\users\user\appdata\local\{FF22158D-3FF5-4CCE-BFB0-D569907047BD} 2012-03-27 11:09:04 -------- d-----w- c:\users\user\appdata\local\{37C44D95-1D83-42EE-BBE0-3E44FEB51D8A} 2012-03-26 23:08:34 -------- d-----w- c:\users\user\appdata\local\{B637B6DC-B05A-45CD-BBC8-753CF7300655} 2012-03-26 23:08:20 -------- d-----w- c:\users\user\appdata\local\{AA8F9A57-F2FB-4569-A28D-5C15ED615A08} 2012-03-26 11:07:44 -------- d-----w- c:\users\user\appdata\local\{795B9476-D3FB-4458-90F8-C241E694ABCF} 2012-03-25 23:07:17 -------- d-----w- c:\users\user\appdata\local\{E2CB7C1A-C337-48AB-83BF-F2741DCB17A3} 2012-03-25 13:26:41 102912 --sha-r- c:\windows\system32\C_20297U.dll 2012-03-25 11:06:51 -------- d-----w- c:\users\user\appdata\local\{F349DA42-595E-46D9-B57D-EBAD44176A65} 2012-03-25 01:05:19 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bba6c972-5613-475a-9c65-7219a969ac74}\mpengine.dll 2012-03-24 21:48:33 -------- d-----w- c:\users\user\appdata\local\{CC281EF0-D0FC-4579-9C6D-77C5356DF509} 2012-03-24 09:48:07 -------- d-----w- c:\users\user\appdata\local\{C865FA18-6A64-4740-9F38-BED6A86621AA} 2012-03-23 21:47:40 -------- d-----w- c:\users\user\appdata\local\{629F079B-0C10-465C-8965-637A0AE91915} 2012-03-23 21:47:28 -------- d-----w- c:\users\user\appdata\local\{CDFBF0BE-AD29-4437-9238-B502DB1E9A05} 2012-03-23 09:46:58 -------- d-----w- c:\users\user\appdata\local\{4218EA18-EC41-465E-9CA5-F92081AB2124} 2012-03-22 21:46:28 -------- d-----w- c:\users\user\appdata\local\{852A4EE3-F1A8-4845-912E-C91D2BDD9536} 2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr 2012-03-22 09:45:54 -------- d-----w- c:\users\user\appdata\local\{5F780C63-EE79-47A4-8AEA-2E16D1D75228} 2012-03-22 09:45:36 -------- d-----w- c:\users\user\appdata\local\{8367E30D-0F5A-4E08-A325-D63C897C3DDB} 2012-03-21 21:45:05 -------- d-----w- c:\users\user\appdata\local\{CEFB68C2-23D5-4038-A94E-4B4ED71A83EC} 2012-03-21 21:44:43 -------- d-----w- c:\users\user\appdata\local\{5DD56B2D-DFBA-4616-8574-3BE951BD8015} 2012-03-21 09:44:13 -------- d-----w- c:\users\user\appdata\local\{F789D451-EA24-4037-BF34-801DA4879F30} 2012-03-20 21:30:35 -------- d-----w- c:\users\user\appdata\local\{722B28B7-19E0-45BB-BB95-A8BE7ABC7EB9} 2012-03-20 21:30:23 -------- d-----w- c:\users\user\appdata\local\{1A6BEE46-9917-4D9A-9A4D-B4277ABAFAA5} 2012-03-20 09:29:57 -------- d-----w- c:\users\user\appdata\local\{9F3F579A-6746-49E8-89C0-46C3FEF906E8} 2012-03-19 21:29:30 -------- d-----w- c:\users\user\appdata\local\{0EFA30F7-A5FE-4F85-8EF1-7EBB5366C853} 2012-03-19 09:29:03 -------- d-----w- c:\users\user\appdata\local\{F166E2AC-7C9F-4CCE-8C99-A1254B5B176B} 2012-03-18 20:09:20 -------- d-----w- c:\users\user\appdata\local\{A9EC69F8-FC0D-493E-B3AD-ACDB04EBD70F} 2012-03-18 20:09:08 -------- d-----w- c:\users\user\appdata\local\{9BDD5B82-0F6D-45C0-A681-28E4FDC96E2D} 2012-03-18 15:49:27 -------- d-----w- c:\users\user\appdata\local\{F906A9B5-7673-453A-881B-7EC6B8954807} 2012-03-18 08:45:25 -------- d-----w- c:\users\user\appdata\local\{75839C79-D634-4E71-8633-9B02D81DC1D2} 2012-03-18 08:31:08 -------- d-----w- c:\users\user\appdata\local\{4D06B50E-49B6-4BBF-A2BE-2DE1F7D83154} 2012-03-17 23:01:22 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys 2012-03-17 23:01:17 -------- d-----w- c:\program files\dvd43 2012-03-17 20:31:20 805376 ----a-w- c:\windows\system32\FntCache.dll 2012-03-17 20:31:19 739840 ----a-w- c:\windows\system32\d2d1.dll 2012-03-17 11:27:44 -------- d-----w- c:\users\user\appdata\local\{9FFEFE9A-B81E-43F5-88E3-04014EBFD7A3} 2012-03-17 09:10:42 -------- d-----w- c:\users\user\appdata\local\{936F39CE-C69D-44BA-8703-52FF3AA00D1C} 2012-03-16 21:10:13 -------- d-----w- c:\users\user\appdata\local\{1393C591-581C-42D4-AABB-1208842CBD23} 2012-03-16 21:10:00 -------- d-----w- c:\users\user\appdata\local\{146BB4C5-3001-407A-AF2A-B9C5D067035C} 2012-03-16 20:28:14 -------- d-----w- c:\users\user\appdata\roaming\HandBrake 2012-03-16 09:09:31 -------- d-----w- c:\users\user\appdata\local\{BF2C2B0B-7AB4-41B5-A73B-A9AC64978C63} 2012-03-15 21:09:04 -------- d-----w- c:\users\user\appdata\local\{48A62693-A3C8-4949-B350-2385A212789A} 2012-03-15 21:08:52 -------- d-----w- c:\users\user\appdata\local\{E1316B6B-1B84-453F-8F8E-AC1D704DA27E} 2012-03-15 09:08:25 -------- d-----w- c:\users\user\appdata\local\{59D2290D-56E5-468C-A3E9-2567C89BF080} 2012-03-15 09:08:14 -------- d-----w- c:\users\user\appdata\local\{E8A68F7C-1DF5-40BD-8493-8952C151259E} 2012-03-15 03:01:06 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-15 03:01:05 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-15 01:12:08 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2012-03-15 01:12:05 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2012-03-15 01:12:05 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2012-03-15 01:12:04 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2012-03-15 01:11:04 -------- d-----w- c:\program files\Lightworks 2012-03-15 00:36:48 -------- d-----w- c:\program files\OSSBuild 2012-03-15 00:27:21 -------- d-----w- c:\program files\Handbrake 2012-03-14 23:47:46 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-14 21:07:46 -------- d-----w- c:\users\user\appdata\local\{43578E7F-D5CC-4FC5-B819-02D9D47D5D20} 2012-03-13 23:50:39 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-03-13 23:50:37 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-03-13 23:49:24 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-13 23:49:23 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-13 23:49:23 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-13 23:49:21 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-13 23:49:20 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-13 23:49:19 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-13 20:22:48 -------- d-----w- c:\users\user\appdata\local\{5D7B04F4-5FB9-4BB9-A66B-B4A578C1CC9D} 2012-03-13 08:22:20 -------- d-----w- c:\users\user\appdata\local\{DB1719BD-9B99-42D8-9031-6FB64503AB3B} 2012-03-12 20:21:46 -------- d-----w- c:\users\user\appdata\local\{CE7555EE-3551-4017-917A-1B0808DD06EB} 2012-03-12 08:21:12 -------- d-----w- c:\users\user\appdata\local\{9696A130-C1A8-4369-A31F-6787DE0B378E} 2012-03-12 08:21:02 -------- d-----w- c:\users\user\appdata\local\{CED101E3-826E-4181-B41F-4947A36FC8A4} 2012-03-11 20:20:31 -------- d-----w- c:\users\user\appdata\local\{7837F59C-BACA-4631-8AFD-F012B59617D3} 2012-03-11 08:19:57 -------- d-----w- c:\users\user\appdata\local\{7535A5FB-41B6-433D-B6B9-EFFD5334ABF8} 2012-03-10 20:19:30 -------- d-----w- c:\users\user\appdata\local\{56B0F915-841B-4C47-81BD-A564B58E3A3F} 2012-03-10 08:19:03 -------- d-----w- c:\users\user\appdata\local\{04280C3C-899F-4FA4-85B2-173FAEB0D86F} 2012-03-09 22:12:37 -------- d-----w- c:\program files\VideoLAN 2012-03-09 20:18:38 -------- d-----w- c:\users\user\appdata\local\{40052EF2-FE70-42E2-A90C-F299ABF49A13} 2012-03-09 08:18:14 -------- d-----w- c:\users\user\appdata\local\{B7BEEB4C-CCB1-4679-86AD-2742B8F08ECE} 2012-03-09 08:18:03 -------- d-----w- c:\users\user\appdata\local\{7E75D24E-D88D-412D-87BC-B794ADD52A6D} 2012-03-08 20:17:36 -------- d-----w- c:\users\user\appdata\local\{474D65CB-6EE1-47C7-A169-97DE22301D52} 2012-03-08 08:17:11 -------- d-----w- c:\users\user\appdata\local\{B1EDEABF-3305-458B-819F-4A4294F313AC} 2012-03-07 20:16:47 -------- d-----w- c:\users\user\appdata\local\{AAE87A0B-AF35-492E-BA52-5CB2465F1256} 2012-03-07 20:16:36 -------- d-----w- c:\users\user\appdata\local\{72A8F409-8774-462D-9B65-1DFA7AE24B4A} 2012-03-07 08:16:08 -------- d-----w- c:\users\user\appdata\local\{3768BCE2-30F8-4F8B-84CD-9BF63B68E5FB} 2012-03-07 08:15:57 -------- d-----w- c:\users\user\appdata\local\{83B6C3A2-F141-4AE1-94D8-E2C3427567A5} . ==================== Find3M ==================== . 2012-03-06 23:50:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-20 07:39:41 152576 ----a-w- c:\windows\system32\msclmd.dll 2012-02-08 22:59:54 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll 2012-02-08 22:59:54 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll 2012-02-03 14:19:35 7522304 ----a-w- c:\windows\system32\drivers\NETwNs32.sys 2012-02-03 14:19:34 684032 ----a-w- c:\windows\system32\NETwNc32.dll 2012-02-03 14:19:34 2760704 ----a-w- c:\windows\system32\NETwNr32.dll 2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 23:54:59.96 =============== VC80CRTRedist - 8.0.50727.6195 VLC media player 2.0.0 Windows Driver Package - Intel (NETwLv32) net (10/07/2010 13.4.0.139) Windows Driver Package - Intel (NETwNs32) net (10/27/2011 14.3.0.6) Windows Home Server Connector Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack . ==== Event Viewer Messages From Past Week ======== . 29/03/2012 21:01:24, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user User-PC\User SID (S-1-5-21-4278735001-178053511-1665522800-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 29/03/2012 21:01:24, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user User-PC\User SID (S-1-5-21-4278735001-178053511-1665522800-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 05/04/2012 23:51:52, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. 05/04/2012 10:36:11, Error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer. 05/04/2012 09:18:41, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown. 05/04/2012 01:05:09, Error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is TOKOTASIK. 04/04/2012 08:18:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 04/04/2012 08:18:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 04/04/2012 00:45:00, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 04/04/2012 00:43:21, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 04/04/2012 00:43:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 04/04/2012 00:43:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 04/04/2012 00:43:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 04/04/2012 00:43:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 04/04/2012 00:43:00, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6 04/04/2012 00:43:00, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 04/04/2012 00:43:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 04/04/2012 00:42:56, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 04/04/2012 00:42:56, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. . ==== End Of File ===========================
  17. <p>And here is my new DDS log:</p> <p> </p> <p> </p> <div>.</div> <div>DDS (Ver_2011-08-26.01) - NTFSx86 </div> <div>Internet Explorer: 9.0.8112.16421</div> <div>Run by User at 23:54:12 on 2012-04-05</div> <div>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1979.614 [GMT 1:00]</div> <div>.</div> <div>AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}</div> <div>SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}</div> <div>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div> <div>.</div> <div>============== Running Processes ===============</div> <div>.</div> <div>C:\Windows\system32\wininit.exe</div> <div>C:\Windows\system32\lsm.exe</div> <div>C:\Windows\system32\svchost.exe -k DcomLaunch</div> <div>C:\Windows\system32\svchost.exe -k RPCSS</div> <div>C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted</div> <div>C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted</div> <div>C:\Windows\system32\svchost.exe -k netsvcs</div> <div>C:\Windows\system32\svchost.exe -k LocalService</div> <div>C:\Windows\system32\svchost.exe -k NetworkService</div> <div>C:\Windows\System32\WLTRYSVC.EXE</div> <div>C:\Windows\System32\bcmwltry.exe</div> <div>C:\Windows\system32\taskeng.exe</div> <div>C:\Windows\System32\spoolsv.exe</div> <div>C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork</div> <div>C:\Windows\system32\rundll32.exe</div> <div>C:\Program Files\Windows Home Server\esClient.exe</div> <div>C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe</div> <div>C:\Windows\system32\taskhost.exe</div> <div>C:\Windows\system32\Dwm.exe</div> <div>C:\Windows\Explorer.EXE</div> <div>C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe</div> <div>C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation</div> <div>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE</div> <div>C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe</div> <div>C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe</div> <div>C:\Program Files\Windows Home Server\WHSConnector.exe</div> <div>C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted</div> <div>C:\Windows\System32\rundll32.exe</div> <div>C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe</div> <div>C:\Program Files\Windows Media Player\wmpnetwk.exe</div> <div>C:\Windows\system32\SearchIndexer.exe</div> <div>C:\Windows\System32\igfxtray.exe</div> <div>C:\Windows\System32\hkcmd.exe</div> <div>C:\Windows\System32\igfxpers.exe</div> <div>C:\Windows\System32\WLTRAY.EXE</div> <div>C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe</div> <div>C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe</div> <div>C:\Program Files\DivX\DivX Update\DivXUpdate.exe</div> <div>C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe</div> <div>C:\Program Files\Common Files\Java\Java Update\jusched.exe</div> <div>C:\Program Files\dvd43\DVD43_Tray.exe</div> <div>C:\Program Files\Windows Sidebar\sidebar.exe</div> <div>C:\Program Files\Skype\Phone\Skype.exe</div> <div>C:\Program Files\Windows Live\Mesh\WLSync.exe</div> <div>C:\Program Files\Windows Home Server\WHSTrayApp.exe</div> <div>C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe</div> <div>C:\Users\User\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe</div> <div>C:\Program Files\Windows Live\Mesh\MOE.exe</div> <div>C:\Program Files\Windows Live\Contacts\wlcomm.exe</div> <div>C:\Windows\System32\svchost.exe -k LocalServicePeerNet</div> <div>C:\Windows\system32\DllHost.exe</div> <div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div> <div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div> <div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div> <div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div> <div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div> <div>C:\Windows\system32\rundll32.exe</div> <div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div> <div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div> <div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div> <div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div> <div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div> <div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div> <div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div> <div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div> <div>C:\Windows\system32\notepad.exe</div> <div>C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe</div> <div>C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe</div> <div>C:\Windows\notepad.exe</div> <div>C:\Windows\system32\WerFault.exe</div> <div>C:\Windows\system32\SearchProtocolHost.exe</div> <div>C:\Windows\system32\SearchFilterHost.exe</div> <div>C:\Windows\system32\DllHost.exe</div> <div>C:\Windows\system32\DllHost.exe</div> <div>C:\Windows\system32\conhost.exe</div> <div>C:\Windows\system32\wbem\wmiprvse.exe</div> <div>.</div> <div>============== Pseudo HJT Report ===============</div> <div>.</div> <div>uStart Page = hxxp://www.google.co.uk/</div> <div>BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll</div> <div>BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll</div> <div>BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll</div> <div>BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll</div> <div>BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll</div> <div>BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll</div> <div>BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL</div> <div>BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll</div> <div>TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll</div> <div>uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c</div> <div>uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun</div> <div>uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun</div> <div>uRun: [WLSync] "c:\program files\windows live\mesh\WLSync.exe" /background</div> <div>mRun: [igfxTray] c:\windows\system32\igfxtray.exe</div> <div>mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe</div> <div>mRun: [Persistence] c:\windows\system32\igfxpers.exe</div> <div>mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe</div> <div>mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"</div> <div>mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey</div> <div>mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe</div> <div>mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW</div> <div>mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe</div> <div>mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime</div> <div>mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"</div> <div>mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe</div> <div>StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exe</div> <div>StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe</div> <div>mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)</div> <div>mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)</div> <div>mPolicies-system: EnableUIADesktopToggle = 0 (0x0)</div> <div>IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200</div> <div>IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000</div> <div>IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105</div> <div>IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll</div> <div>IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll</div> <div>IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll</div> <div>IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL</div> <div>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab</div> <div>DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab</div> <div>DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab</div> <div>DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab</div> <div>TCP: DhcpNameServer = 192.168.1.254</div> <div>TCP: Interfaces\{19D515E1-851B-4B8B-B932-FED1713FC829} : DhcpNameServer = 8.8.8.8</div> <div>TCP: Interfaces\{1CAC04CD-6190-4548-83B7-7D9E69D64440} : DhcpNameServer = 192.168.2.254</div> <div>TCP: Interfaces\{24361609-8878-4E49-81C8-CAEC513AF1CE} : DhcpNameServer = 192.168.22.1</div> <div>TCP: Interfaces\{9ECA6236-A346-4024-AD93-2F771B7C5548} : DhcpNameServer = 192.168.1.254</div> <div>TCP: Interfaces\{9ECA6236-A346-4024-AD93-2F771B7C5548}\D49616F6 : DhcpNameServer = 192.168.22.1</div> <div>Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll</div> <div>Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll</div> <div>Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL</div> <div>Notify: igfxcui - igfxdev.dll</div> <div>SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll</div> <div>.</div> <div>============= SERVICES / DRIVERS ===============</div> <div>.</div> <div>R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]</div> <div>R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]</div> <div>R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 239472]</div> <div>R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2011-1-10 97136]</div> <div>R2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\hewlett-packard\hp mediasmart server\MSSConnectorService.exe [2009-10-5 20992]</div> <div>R2 MediaCollectorService;MediaCollectorService;c:\program files\hewlett-packard\hp mediasmart server\MediaCollectorClient.exe [2009-10-5 81920]</div> <div>R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-2-9 198136]</div> <div>R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688]</div> <div>R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]</div> <div>R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-5 40776]</div> <div>R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-10-31 7522304]</div> <div>S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]</div> <div>S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]</div> <div>S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]</div> <div>S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]</div> <div>S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]</div> <div>S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]</div> <div>S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]</div> <div>S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]</div> <div>S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-2-4 52224]</div> <div>S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-2-6 1343400]</div> <div>S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]</div> <div>.</div> <div>=============== Created Last 30 ================</div> <div>.</div> <div>2012-04-05 22:33:59<span class="Apple-tab-span" style="white-space:pre"> </span>40776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbamswissarmy.sys</div> <div>2012-04-05 00:28:11<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\roaming\QuickScan</div> <div>2012-04-04 23:48:10<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{DA52D89C-6741-48D5-BEF0-C77F65DF6450}</div> <div>2012-04-04 23:47:55<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{44EFC2E9-F48E-4579-8084-3BCF813A67FD}</div> <div>2012-04-04 23:37:45<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{11AC4AD2-9364-4E52-87CD-A62C97BA2558}</div> <div>2012-04-04 23:37:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{C77C6E00-5A1F-47B3-B81D-87CDF094698C}</div> <div>2012-04-04 23:32:11<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{AD0C51B0-A32B-452C-8F86-9E970B449E8E}</div> <div>2012-04-04 23:31:29<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{E25260D0-4336-4241-B68C-10D2BCF8BE80}</div> <div>2012-04-04 08:04:18<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{F571CE18-FA07-4926-AEAD-3DBF2DE175B3}</div> <div>2012-04-03 19:29:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{1950F180-56CF-485B-B3D4-EB440FB85E05}</div> <div>2012-04-01 19:28:05<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{2431BC81-0526-4D96-8574-9EAE2D83692C}</div> <div>2012-03-28 22:54:20<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\SecTaskMan</div> <div>2012-03-28 22:54:16<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Security Task Manager</div> <div>2012-03-28 16:16:37<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{F8E314AA-5136-4E11-8847-481E2AA13915}</div> <div>2012-03-28 04:16:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{52F97560-D165-4FC6-83E9-ED88F069CEFB}</div> <div>2012-03-28 04:15:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{E1C90403-E9FD-48BB-8313-5803E8CE120B}</div> <div>2012-03-27 22:45:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\roaming\Malwarebytes</div> <div>2012-03-27 22:45:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Malwarebytes</div> <div>2012-03-27 22:45:02<span class="Apple-tab-span" style="white-space:pre"> </span>20464<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div> <div>2012-03-27 22:45:02<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Malwarebytes' Anti-Malware</div> <div>2012-03-27 19:48:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Spybot - Search & Destroy</div> <div>2012-03-27 19:48:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Spybot - Search & Destroy</div> <div>2012-03-27 11:09:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{FF22158D-3FF5-4CCE-BFB0-D569907047BD}</div> <div>2012-03-27 11:09:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{37C44D95-1D83-42EE-BBE0-3E44FEB51D8A}</div> <div>2012-03-26 23:08:34<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{B637B6DC-B05A-45CD-BBC8-753CF7300655}</div> <div>2012-03-26 23:08:20<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{AA8F9A57-F2FB-4569-A28D-5C15ED615A08}</div> <div>2012-03-26 11:07:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{795B9476-D3FB-4458-90F8-C241E694ABCF}</div> <div>2012-03-25 23:07:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{E2CB7C1A-C337-48AB-83BF-F2741DCB17A3}</div> <div>2012-03-25 13:26:41<span class="Apple-tab-span" style="white-space:pre"> </span>102912<span class="Apple-tab-span" style="white-space:pre"> </span>--sha-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\C_20297U.dll</div> <div>2012-03-25 11:06:51<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{F349DA42-595E-46D9-B57D-EBAD44176A65}</div> <div>2012-03-25 01:05:19<span class="Apple-tab-span" style="white-space:pre"> </span>6582328<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\microsoft\microsoft antimalware\definition updates\{bba6c972-5613-475a-9c65-7219a969ac74}\mpengine.dll</div> <div>2012-03-24 21:48:33<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{CC281EF0-D0FC-4579-9C6D-77C5356DF509}</div> <div>2012-03-24 09:48:07<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{C865FA18-6A64-4740-9F38-BED6A86621AA}</div> <div>2012-03-23 21:47:40<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{629F079B-0C10-465C-8965-637A0AE91915}</div> <div>2012-03-23 21:47:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{CDFBF0BE-AD29-4437-9238-B502DB1E9A05}</div> <div>2012-03-23 09:46:58<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{4218EA18-EC41-465E-9CA5-F92081AB2124}</div> <div>2012-03-22 21:46:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{852A4EE3-F1A8-4845-912E-C91D2BDD9536}</div> <div>2012-03-22 19:12:12<span class="Apple-tab-span" style="white-space:pre"> </span>4435968<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\GPhotos.scr</div> <div>2012-03-22 09:45:54<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{5F780C63-EE79-47A4-8AEA-2E16D1D75228}</div> <div>2012-03-22 09:45:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{8367E30D-0F5A-4E08-A325-D63C897C3DDB}</div> <div>2012-03-21 21:45:05<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{CEFB68C2-23D5-4038-A94E-4B4ED71A83EC}</div> <div>2012-03-21 21:44:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{5DD56B2D-DFBA-4616-8574-3BE951BD8015}</div> <div>2012-03-21 09:44:13<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{F789D451-EA24-4037-BF34-801DA4879F30}</div> <div>2012-03-20 21:30:35<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{722B28B7-19E0-45BB-BB95-A8BE7ABC7EB9}</div> <div>2012-03-20 21:30:23<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{1A6BEE46-9917-4D9A-9A4D-B4277ABAFAA5}</div> <div>2012-03-20 09:29:57<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{9F3F579A-6746-49E8-89C0-46C3FEF906E8}</div> <div>2012-03-19 21:29:30<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{0EFA30F7-A5FE-4F85-8EF1-7EBB5366C853}</div> <div>2012-03-19 09:29:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{F166E2AC-7C9F-4CCE-8C99-A1254B5B176B}</div> <div>2012-03-18 20:09:20<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{A9EC69F8-FC0D-493E-B3AD-ACDB04EBD70F}</div> <div>2012-03-18 20:09:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{9BDD5B82-0F6D-45C0-A681-28E4FDC96E2D}</div> <div>2012-03-18 15:49:27<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{F906A9B5-7673-453A-881B-7EC6B8954807}</div> <div>2012-03-18 08:45:25<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{75839C79-D634-4E71-8633-9B02D81DC1D2}</div> <div>2012-03-18 08:31:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{4D06B50E-49B6-4BBF-A2BE-2DE1F7D83154}</div> <div>2012-03-17 23:01:22<span class="Apple-tab-span" style="white-space:pre"> </span>18816<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\dvd43llh.sys</div> <div>2012-03-17 23:01:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\dvd43</div> <div>2012-03-17 20:31:20<span class="Apple-tab-span" style="white-space:pre"> </span>805376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FntCache.dll</div> <div>2012-03-17 20:31:19<span class="Apple-tab-span" style="white-space:pre"> </span>739840<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\d2d1.dll</div> <div>2012-03-17 11:27:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{9FFEFE9A-B81E-43F5-88E3-04014EBFD7A3}</div> <div>2012-03-17 09:10:42<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{936F39CE-C69D-44BA-8703-52FF3AA00D1C}</div> <div>2012-03-16 21:10:13<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{1393C591-581C-42D4-AABB-1208842CBD23}</div> <div>2012-03-16 21:10:00<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{146BB4C5-3001-407A-AF2A-B9C5D067035C}</div> <div>2012-03-16 20:28:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\roaming\HandBrake</div> <div>2012-03-16 09:09:31<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{BF2C2B0B-7AB4-41B5-A73B-A9AC64978C63}</div> <div>2012-03-15 21:09:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{48A62693-A3C8-4949-B350-2385A212789A}</div> <div>2012-03-15 21:08:52<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{E1316B6B-1B84-453F-8F8E-AC1D704DA27E}</div> <div>2012-03-15 09:08:25<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{59D2290D-56E5-468C-A3E9-2567C89BF080}</div> <div>2012-03-15 09:08:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{E8A68F7C-1DF5-40BD-8493-8952C151259E}</div> <div>2012-03-15 03:01:06<span class="Apple-tab-span" style="white-space:pre"> </span>3968368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntkrnlpa.exe</div> <div>2012-03-15 03:01:05<span class="Apple-tab-span" style="white-space:pre"> </span>3913584<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntoskrnl.exe</div> <div>2012-03-15 01:12:08<span class="Apple-tab-span" style="white-space:pre"> </span>4178264<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\D3DX9_41.dll</div> <div>2012-03-15 01:12:05<span class="Apple-tab-span" style="white-space:pre"> </span>69448<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\XAPOFX1_3.dll</div> <div>2012-03-15 01:12:05<span class="Apple-tab-span" style="white-space:pre"> </span>517448<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\XAudio2_4.dll</div> <div>2012-03-15 01:12:04<span class="Apple-tab-span" style="white-space:pre"> </span>22360<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\X3DAudio1_6.dll</div> <div>2012-03-15 01:11:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Lightworks</div> <div>2012-03-15 00:36:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\OSSBuild</div> <div>2012-03-15 00:27:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Handbrake</div> <div>2012-03-14 23:47:46<span class="Apple-tab-span" style="white-space:pre"> </span>472808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\deployJava1.dll</div> <div>2012-03-14 21:07:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{43578E7F-D5CC-4FC5-B819-02D9D47D5D20}</div> <div>2012-03-13 23:50:39<span class="Apple-tab-span" style="white-space:pre"> </span>2343424<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\win32k.sys</div> <div>2012-03-13 23:50:37<span class="Apple-tab-span" style="white-space:pre"> </span>1077248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\DWrite.dll</div> <div>2012-03-13 23:49:24<span class="Apple-tab-span" style="white-space:pre"> </span>8192<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\rdrmemptylst.exe</div> <div>2012-03-13 23:49:23<span class="Apple-tab-span" style="white-space:pre"> </span>58880<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\rdpwsx.dll</div> <div>2012-03-13 23:49:23<span class="Apple-tab-span" style="white-space:pre"> </span>129536<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\rdpcorekmts.dll</div> <div>2012-03-13 23:49:21<span class="Apple-tab-span" style="white-space:pre"> </span>826880<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\rdpcore.dll</div> <div>2012-03-13 23:49:20<span class="Apple-tab-span" style="white-space:pre"> </span>24576<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\tdtcp.sys</div> <div>2012-03-13 23:49:19<span class="Apple-tab-span" style="white-space:pre"> </span>183808<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\rdpwd.sys</div> <div>2012-03-13 20:22:48<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{5D7B04F4-5FB9-4BB9-A66B-B4A578C1CC9D}</div> <div>2012-03-13 08:22:20<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{DB1719BD-9B99-42D8-9031-6FB64503AB3B}</div> <div>2012-03-12 20:21:46<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{CE7555EE-3551-4017-917A-1B0808DD06EB}</div> <div>2012-03-12 08:21:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{9696A130-C1A8-4369-A31F-6787DE0B378E}</div> <div>2012-03-12 08:21:02<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{CED101E3-826E-4181-B41F-4947A36FC8A4}</div> <div>2012-03-11 20:20:31<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{7837F59C-BACA-4631-8AFD-F012B59617D3}</div> <div>2012-03-11 08:19:57<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{7535A5FB-41B6-433D-B6B9-EFFD5334ABF8}</div> <div>2012-03-10 20:19:30<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{56B0F915-841B-4C47-81BD-A564B58E3A3F}</div> <div>2012-03-10 08:19:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{04280C3C-899F-4FA4-85B2-173FAEB0D86F}</div> <div>2012-03-09 22:12:37<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\VideoLAN</div> <div>2012-03-09 20:18:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{40052EF2-FE70-42E2-A90C-F299ABF49A13}</div> <div>2012-03-09 08:18:14<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{B7BEEB4C-CCB1-4679-86AD-2742B8F08ECE}</div> <div>2012-03-09 08:18:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{7E75D24E-D88D-412D-87BC-B794ADD52A6D}</div> <div>2012-03-08 20:17:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{474D65CB-6EE1-47C7-A169-97DE22301D52}</div> <div>2012-03-08 08:17:11<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{B1EDEABF-3305-458B-819F-4A4294F313AC}</div> <div>2012-03-07 20:16:47<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{AAE87A0B-AF35-492E-BA52-5CB2465F1256}</div> <div>2012-03-07 20:16:36<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{72A8F409-8774-462D-9B65-1DFA7AE24B4A}</div> <div>2012-03-07 08:16:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{3768BCE2-30F8-4F8B-84CD-9BF63B68E5FB}</div> <div>2012-03-07 08:15:57<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\user\appdata\local\{83B6C3A2-F141-4AE1-94D8-E2C3427567A5}</div> <div>.</div> <div>==================== Find3M ====================</div> <div>.</div> <div>2012-03-06 23:50:08<span class="Apple-tab-span" style="white-space:pre"> </span>414368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerCPLApp.cpl</div> <div>2012-02-20 07:39:41<span class="Apple-tab-span" style="white-space:pre"> </span>152576<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msclmd.dll</div> <div>2012-02-08 22:59:54<span class="Apple-tab-span" style="white-space:pre"> </span>27640<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nitrolocalmon2.dll</div> <div>2012-02-08 22:59:54<span class="Apple-tab-span" style="white-space:pre"> </span>18936<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\nitrolocalui2.dll</div> <div>2012-02-03 14:19:35<span class="Apple-tab-span" style="white-space:pre"> </span>7522304<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\NETwNs32.sys</div> <div>2012-02-03 14:19:34<span class="Apple-tab-span" style="white-space:pre"> </span>684032<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\NETwNc32.dll</div> <div>2012-02-03 14:19:34<span class="Apple-tab-span" style="white-space:pre"> </span>2760704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\NETwNr32.dll</div> <div>2012-01-31 12:44:05<span class="Apple-tab-span" style="white-space:pre"> </span>237072<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MpSigStub.exe</div> <div>.</div> <div>============= FINISH: 23:54:59.96 ===============</div> <div> </div> <div> <div> </div> <div>VC80CRTRedist - 8.0.50727.6195</div> <div>VLC media player 2.0.0</div> <div>Windows Driver Package - Intel (NETwLv32) net (10/07/2010 13.4.0.139)</div> <div>Windows Driver Package - Intel (NETwNs32) net (10/27/2011 14.3.0.6)</div> <div>Windows Home Server Connector</div> <div>Windows Live Communications Platform</div> <div>Windows Live Essentials</div> <div>Windows Live ID Sign-in Assistant</div> <div>Windows Live Installer</div> <div>Windows Live Mesh</div> <div>Windows Live Mesh ActiveX Control for Remote Connections</div> <div>Windows Live PIMT Platform</div> <div>Windows Live Remote Client</div> <div>Windows Live Remote Client Resources</div> <div>Windows Live Remote Service</div> <div>Windows Live Remote Service Resources</div> <div>Windows Live SOXE</div> <div>Windows Live SOXE Definitions</div> <div>Windows Live UX Platform</div> <div>Windows Live UX Platform Language Pack</div> <div>.</div> <div>==== Event Viewer Messages From Past Week ========</div> <div>.</div> <div>29/03/2012 21:01:24, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user User-PC\User SID (S-1-5-21-4278735001-178053511-1665522800-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.</div> <div>29/03/2012 21:01:24, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user User-PC\User SID (S-1-5-21-4278735001-178053511-1665522800-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.</div> <div>05/04/2012 23:51:52, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer.</div> <div>05/04/2012 10:36:11, Error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.</div> <div>05/04/2012 09:18:41, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.</div> <div>05/04/2012 01:05:09, Error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is TOKOTASIK.</div> <div>04/04/2012 08:18:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}</div> <div>04/04/2012 08:18:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}</div> <div>04/04/2012 00:45:00, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.</div> <div>04/04/2012 00:43:21, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.</div> <div>04/04/2012 00:43:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}</div> <div>04/04/2012 00:43:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}</div> <div>04/04/2012 00:43:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}</div> <div>04/04/2012 00:43:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}</div> <div>04/04/2012 00:43:00, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6</div> <div>04/04/2012 00:43:00, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.</div> <div>04/04/2012 00:43:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}</div> <div>04/04/2012 00:42:56, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.</div> <div>04/04/2012 00:42:56, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.</div> <div>.</div> <div>==== End Of File ===========================</div> <div> </div> </div> <div> </div>
  18. Hey Maniac, Thank you for helping me out. Please see below the report from TDSSKiller log 23:29:07.0892 5660 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02 23:29:08.0027 5660 ============================================================ 23:29:08.0027 5660 Current date / time: 2012/04/05 23:29:08.0027 23:29:08.0027 5660 SystemInfo: 23:29:08.0027 5660 23:29:08.0028 5660 OS Version: 6.1.7601 ServicePack: 1.0 23:29:08.0028 5660 Product type: Workstation 23:29:08.0028 5660 ComputerName: USER-PC 23:29:08.0028 5660 UserName: User 23:29:08.0028 5660 Windows directory: C:\Windows 23:29:08.0028 5660 System windows directory: C:\Windows 23:29:08.0028 5660 Processor architecture: Intel x86 23:29:08.0028 5660 Number of processors: 2 23:29:08.0028 5660 Page size: 0x1000 23:29:08.0028 5660 Boot type: Normal boot 23:29:08.0028 5660 ============================================================ 23:29:09.0873 5660 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 23:29:09.0937 5660 \Device\Harddisk0\DR0: 23:29:09.0937 5660 MBR used 23:29:09.0937 5660 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 23:29:09.0937 5660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000 23:29:09.0979 5660 Initialize success 23:29:09.0979 5660 ============================================================ 23:30:25.0602 3144 ============================================================ 23:30:25.0602 3144 Scan started 23:30:25.0602 3144 Mode: Manual; SigCheck; TDLFS; 23:30:25.0602 3144 ============================================================ 23:30:28.0273 3144 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 23:30:28.0433 3144 1394ohci - ok 23:30:28.0572 3144 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 23:30:28.0602 3144 ACPI - ok 23:30:28.0654 3144 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 23:30:28.0736 3144 AcpiPmi - ok 23:30:28.0848 3144 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 23:30:28.0886 3144 adp94xx - ok 23:30:28.0923 3144 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 23:30:28.0953 3144 adpahci - ok 23:30:28.0996 3144 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 23:30:29.0016 3144 adpu320 - ok 23:30:29.0066 3144 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll 23:30:29.0158 3144 AeLookupSvc - ok 23:30:29.0272 3144 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 23:30:29.0354 3144 AFD - ok 23:30:29.0448 3144 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 23:30:29.0472 3144 agp440 - ok 23:30:29.0538 3144 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 23:30:29.0559 3144 aic78xx - ok 23:30:29.0666 3144 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe 23:30:29.0716 3144 ALG - ok 23:30:29.0788 3144 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 23:30:29.0807 3144 aliide - ok 23:30:29.0844 3144 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 23:30:29.0865 3144 amdagp - ok 23:30:29.0900 3144 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 23:30:29.0920 3144 amdide - ok 23:30:29.0986 3144 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 23:30:30.0038 3144 AmdK8 - ok 23:30:30.0139 3144 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 23:30:30.0199 3144 AmdPPM - ok 23:30:30.0311 3144 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 23:30:30.0333 3144 amdsata - ok 23:30:30.0397 3144 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 23:30:30.0422 3144 amdsbs - ok 23:30:30.0472 3144 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 23:30:30.0492 3144 amdxata - ok 23:30:30.0544 3144 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 23:30:30.0603 3144 AppID - ok 23:30:30.0682 3144 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll 23:30:30.0752 3144 AppIDSvc - ok 23:30:30.0802 3144 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll 23:30:30.0902 3144 Appinfo - ok 23:30:30.0982 3144 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 23:30:31.0002 3144 arc - ok 23:30:31.0042 3144 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 23:30:31.0062 3144 arcsas - ok 23:30:31.0131 3144 arXfrSvc (0ef69443881cde7d8354408f05cf23df) C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe 23:30:31.0155 3144 arXfrSvc - ok 23:30:31.0257 3144 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 23:30:31.0363 3144 AsyncMac - ok 23:30:31.0467 3144 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 23:30:31.0485 3144 atapi - ok 23:30:31.0549 3144 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 23:30:31.0617 3144 AudioEndpointBuilder - ok 23:30:31.0633 3144 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 23:30:31.0682 3144 Audiosrv - ok 23:30:31.0751 3144 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll 23:30:31.0831 3144 AxInstSV - ok 23:30:31.0933 3144 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 23:30:32.0006 3144 b06bdrv - ok 23:30:32.0108 3144 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 23:30:32.0172 3144 b57nd60x - ok 23:30:32.0275 3144 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll 23:30:32.0368 3144 BDESVC - ok 23:30:32.0469 3144 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 23:30:32.0526 3144 Beep - ok 23:30:32.0637 3144 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll 23:30:32.0710 3144 BFE - ok 23:30:32.0799 3144 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll 23:30:32.0879 3144 BITS - ok 23:30:32.0934 3144 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 23:30:32.0970 3144 blbdrive - ok 23:30:33.0048 3144 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 23:30:33.0090 3144 bowser - ok 23:30:33.0167 3144 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 23:30:33.0214 3144 BrFiltLo - ok 23:30:33.0251 3144 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 23:30:33.0293 3144 BrFiltUp - ok 23:30:33.0370 3144 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll 23:30:33.0430 3144 Browser - ok 23:30:33.0481 3144 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 23:30:33.0543 3144 Brserid - ok 23:30:33.0635 3144 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 23:30:33.0676 3144 BrSerWdm - ok 23:30:33.0705 3144 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 23:30:33.0747 3144 BrUsbMdm - ok 23:30:33.0833 3144 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 23:30:33.0883 3144 BrUsbSer - ok 23:30:33.0978 3144 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 23:30:34.0016 3144 BTHMODEM - ok 23:30:34.0100 3144 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll 23:30:34.0152 3144 bthserv - ok 23:30:34.0210 3144 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 23:30:34.0276 3144 cdfs - ok 23:30:34.0381 3144 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys 23:30:34.0415 3144 cdrom - ok 23:30:34.0489 3144 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 23:30:34.0546 3144 CertPropSvc - ok 23:30:34.0590 3144 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 23:30:34.0627 3144 circlass - ok 23:30:34.0703 3144 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 23:30:34.0732 3144 CLFS - ok 23:30:34.0812 3144 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 23:30:34.0832 3144 clr_optimization_v2.0.50727_32 - ok 23:30:34.0931 3144 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 23:30:34.0990 3144 clr_optimization_v4.0.30319_32 - ok 23:30:35.0094 3144 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 23:30:35.0125 3144 CmBatt - ok 23:30:35.0205 3144 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 23:30:35.0225 3144 cmdide - ok 23:30:35.0279 3144 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys 23:30:35.0325 3144 CNG - ok 23:30:35.0446 3144 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 23:30:35.0466 3144 Compbatt - ok 23:30:35.0604 3144 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 23:30:35.0642 3144 CompositeBus - ok 23:30:35.0716 3144 COMSysApp - ok 23:30:35.0771 3144 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 23:30:35.0791 3144 crcdisk - ok 23:30:35.0870 3144 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll 23:30:35.0927 3144 CryptSvc - ok 23:30:35.0976 3144 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 23:30:36.0046 3144 DcomLaunch - ok 23:30:36.0132 3144 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll 23:30:36.0192 3144 defragsvc - ok 23:30:36.0255 3144 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 23:30:36.0310 3144 DfsC - ok 23:30:36.0392 3144 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll 23:30:36.0454 3144 Dhcp - ok 23:30:36.0511 3144 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 23:30:36.0567 3144 discache - ok 23:30:36.0671 3144 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 23:30:36.0696 3144 Disk - ok 23:30:36.0729 3144 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll 23:30:36.0796 3144 Dnscache - ok 23:30:36.0886 3144 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll 23:30:36.0951 3144 dot3svc - ok 23:30:37.0050 3144 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll 23:30:37.0254 3144 DPS - ok 23:30:37.0351 3144 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 23:30:37.0391 3144 drmkaud - ok 23:30:37.0504 3144 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\Windows\system32\DRIVERS\dvd43llh.sys 23:30:37.0534 3144 dvd43llh ( UnsignedFile.Multi.Generic ) - warning 23:30:37.0534 3144 dvd43llh - detected UnsignedFile.Multi.Generic (1) 23:30:37.0596 3144 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 23:30:37.0648 3144 DXGKrnl - ok 23:30:37.0687 3144 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll 23:30:37.0742 3144 EapHost - ok 23:30:37.0871 3144 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 23:30:37.0998 3144 ebdrv - ok 23:30:38.0079 3144 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe 23:30:38.0129 3144 EFS - ok 23:30:38.0165 3144 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe 23:30:38.0258 3144 ehRecvr - ok 23:30:38.0294 3144 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe 23:30:38.0364 3144 ehSched - ok 23:30:38.0442 3144 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 23:30:38.0477 3144 elxstor - ok 23:30:38.0519 3144 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 23:30:38.0550 3144 ErrDev - ok 23:30:38.0603 3144 esClient (27aa2c6917c94f6636563d416c8ee24f) C:\Program Files\Windows Home Server\esClient.exe 23:30:38.0621 3144 esClient - ok 23:30:38.0712 3144 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll 23:30:38.0780 3144 EventSystem - ok 23:30:38.0850 3144 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 23:30:38.0901 3144 exfat - ok 23:30:38.0967 3144 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 23:30:39.0032 3144 fastfat - ok 23:30:39.0125 3144 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe 23:30:39.0193 3144 Fax - ok 23:30:39.0283 3144 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 23:30:39.0319 3144 fdc - ok 23:30:39.0370 3144 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll 23:30:39.0427 3144 fdPHost - ok 23:30:39.0490 3144 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll 23:30:39.0538 3144 FDResPub - ok 23:30:39.0576 3144 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 23:30:39.0596 3144 FileInfo - ok 23:30:39.0605 3144 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 23:30:39.0665 3144 Filetrace - ok 23:30:39.0692 3144 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 23:30:39.0731 3144 flpydisk - ok 23:30:39.0843 3144 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 23:30:39.0869 3144 FltMgr - ok 23:30:39.0944 3144 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll 23:30:40.0043 3144 FontCache - ok 23:30:40.0138 3144 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 23:30:40.0157 3144 FontCache3.0.0.0 - ok 23:30:40.0235 3144 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 23:30:40.0255 3144 FsDepends - ok 23:30:40.0300 3144 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 23:30:40.0321 3144 Fs_Rec - ok 23:30:40.0387 3144 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 23:30:40.0417 3144 fvevol - ok 23:30:40.0511 3144 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 23:30:40.0534 3144 gagp30kx - ok 23:30:40.0588 3144 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll 23:30:40.0668 3144 gpsvc - ok 23:30:40.0763 3144 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 23:30:40.0785 3144 gusvc - ok 23:30:40.0876 3144 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 23:30:40.0963 3144 hcw85cir - ok 23:30:41.0077 3144 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 23:30:41.0123 3144 HdAudAddService - ok 23:30:41.0222 3144 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 23:30:41.0265 3144 HDAudBus - ok 23:30:41.0363 3144 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 23:30:41.0397 3144 HidBatt - ok 23:30:41.0498 3144 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 23:30:41.0541 3144 HidBth - ok 23:30:41.0649 3144 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 23:30:41.0689 3144 HidIr - ok 23:30:41.0735 3144 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll 23:30:41.0808 3144 hidserv - ok 23:30:41.0921 3144 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys 23:30:41.0951 3144 HidUsb - ok 23:30:42.0000 3144 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll 23:30:42.0046 3144 hkmsvc - ok 23:30:42.0088 3144 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll 23:30:42.0178 3144 HomeGroupListener - ok 23:30:42.0205 3144 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll 23:30:42.0250 3144 HomeGroupProvider - ok 23:30:42.0317 3144 HPMSSConnectorSvc (4092496c2e1b1438665b086548512b13) C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe 23:30:42.0326 3144 HPMSSConnectorSvc ( UnsignedFile.Multi.Generic ) - warning 23:30:42.0326 3144 HPMSSConnectorSvc - detected UnsignedFile.Multi.Generic (1) 23:30:42.0433 3144 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 23:30:42.0454 3144 HpSAMD - ok 23:30:42.0506 3144 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 23:30:42.0572 3144 HTTP - ok 23:30:42.0640 3144 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 23:30:42.0661 3144 hwpolicy - ok 23:30:42.0741 3144 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 23:30:42.0775 3144 i8042prt - ok 23:30:42.0903 3144 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 23:30:42.0934 3144 iaStorV - ok 23:30:43.0006 3144 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 23:30:43.0067 3144 idsvc - ok 23:30:43.0363 3144 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys 23:30:43.0702 3144 igfx - ok 23:30:43.0817 3144 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 23:30:43.0837 3144 iirsp - ok 23:30:43.0890 3144 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll 23:30:43.0972 3144 IKEEXT - ok 23:30:44.0027 3144 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 23:30:44.0045 3144 intelide - ok 23:30:44.0135 3144 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 23:30:44.0160 3144 intelppm - ok 23:30:44.0230 3144 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll 23:30:44.0299 3144 IPBusEnum - ok 23:30:44.0344 3144 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 23:30:44.0404 3144 IpFilterDriver - ok 23:30:44.0511 3144 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll 23:30:44.0585 3144 iphlpsvc - ok 23:30:44.0677 3144 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 23:30:44.0719 3144 IPMIDRV - ok 23:30:44.0766 3144 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 23:30:44.0828 3144 IPNAT - ok 23:30:44.0926 3144 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 23:30:44.0992 3144 IRENUM - ok 23:30:45.0097 3144 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 23:30:45.0117 3144 isapnp - ok 23:30:45.0154 3144 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 23:30:45.0182 3144 iScsiPrt - ok 23:30:45.0220 3144 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys 23:30:45.0241 3144 kbdclass - ok 23:30:45.0479 3144 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 23:30:45.0519 3144 kbdhid - ok 23:30:45.0595 3144 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 23:30:45.0617 3144 KeyIso - ok 23:30:45.0673 3144 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys 23:30:45.0694 3144 KSecDD - ok 23:30:45.0748 3144 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys 23:30:45.0772 3144 KSecPkg - ok 23:30:45.0832 3144 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll 23:30:45.0906 3144 KtmRm - ok 23:30:45.0995 3144 L1C (6c32bfeab708915d6bbf4b20d4f3ef7b) C:\Windows\system32\DRIVERS\L1C62x86.sys 23:30:46.0049 3144 L1C - ok 23:30:46.0140 3144 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll 23:30:46.0207 3144 LanmanServer - ok 23:30:46.0312 3144 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll 23:30:46.0362 3144 LanmanWorkstation - ok 23:30:46.0443 3144 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 23:30:46.0511 3144 lltdio - ok 23:30:46.0565 3144 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll 23:30:46.0629 3144 lltdsvc - ok 23:30:46.0684 3144 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll 23:30:46.0742 3144 lmhosts - ok 23:30:46.0801 3144 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 23:30:46.0824 3144 LSI_FC - ok 23:30:46.0917 3144 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 23:30:46.0939 3144 LSI_SAS - ok 23:30:46.0976 3144 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 23:30:46.0992 3144 LSI_SAS2 - ok 23:30:47.0023 3144 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 23:30:47.0039 3144 LSI_SCSI - ok 23:30:47.0086 3144 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 23:30:47.0146 3144 luafv - ok 23:30:47.0228 3144 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll 23:30:47.0255 3144 Mcx2Svc - ok 23:30:47.0335 3144 MediaCollectorService (75e31d760ff9a57da66cb2e336c40316) C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe 23:30:47.0359 3144 MediaCollectorService ( UnsignedFile.Multi.Generic ) - warning 23:30:47.0359 3144 MediaCollectorService - detected UnsignedFile.Multi.Generic (1) 23:30:47.0453 3144 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 23:30:47.0473 3144 megasas - ok 23:30:47.0604 3144 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 23:30:47.0630 3144 MegaSR - ok 23:30:47.0717 3144 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 23:30:47.0735 3144 Microsoft Office Groove Audit Service - ok 23:30:47.0813 3144 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 23:30:47.0873 3144 MMCSS - ok 23:30:47.0938 3144 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 23:30:47.0998 3144 Modem - ok 23:30:48.0098 3144 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 23:30:48.0131 3144 monitor - ok 23:30:48.0238 3144 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys 23:30:48.0257 3144 mouclass - ok 23:30:48.0321 3144 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 23:30:48.0352 3144 mouhid - ok 23:30:48.0429 3144 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 23:30:48.0450 3144 mountmgr - ok 23:30:48.0508 3144 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys 23:30:48.0534 3144 MpFilter - ok 23:30:48.0570 3144 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 23:30:48.0592 3144 mpio - ok 23:30:48.0621 3144 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys 23:30:48.0638 3144 MpNWMon - ok 23:30:48.0670 3144 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 23:30:48.0718 3144 mpsdrv - ok 23:30:48.0775 3144 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll 23:30:48.0865 3144 MpsSvc - ok 23:30:48.0965 3144 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 23:30:49.0010 3144 MRxDAV - ok 23:30:49.0101 3144 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 23:30:49.0167 3144 mrxsmb - ok 23:30:49.0263 3144 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 23:30:49.0296 3144 mrxsmb10 - ok 23:30:49.0328 3144 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 23:30:49.0368 3144 mrxsmb20 - ok 23:30:49.0458 3144 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 23:30:49.0478 3144 msahci - ok 23:30:49.0522 3144 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 23:30:49.0547 3144 msdsm - ok 23:30:49.0591 3144 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe 23:30:49.0634 3144 MSDTC - ok 23:30:49.0705 3144 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 23:30:49.0754 3144 Msfs - ok 23:30:49.0796 3144 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 23:30:49.0855 3144 mshidkmdf - ok 23:30:49.0894 3144 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 23:30:49.0913 3144 msisadrv - ok 23:30:49.0999 3144 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll 23:30:50.0056 3144 MSiSCSI - ok 23:30:50.0072 3144 msiserver - ok 23:30:50.0119 3144 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 23:30:50.0178 3144 MSKSSRV - ok 23:30:50.0256 3144 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe 23:30:50.0274 3144 MsMpSvc - ok 23:30:50.0378 3144 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 23:30:50.0435 3144 MSPCLOCK - ok 23:30:50.0546 3144 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 23:30:50.0595 3144 MSPQM - ok 23:30:50.0637 3144 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 23:30:50.0653 3144 MsRPC - ok 23:30:50.0723 3144 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 23:30:50.0743 3144 mssmbios - ok 23:30:50.0793 3144 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 23:30:50.0843 3144 MSTEE - ok 23:30:50.0883 3144 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 23:30:50.0923 3144 MTConfig - ok 23:30:50.0983 3144 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 23:30:51.0003 3144 Mup - ok 23:30:51.0083 3144 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll 23:30:51.0153 3144 napagent - ok 23:30:51.0273 3144 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 23:30:51.0313 3144 NativeWifiP - ok 23:30:51.0423 3144 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 23:30:51.0483 3144 NDIS - ok 23:30:51.0563 3144 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 23:30:51.0613 3144 NdisCap - ok 23:30:51.0663 3144 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 23:30:51.0723 3144 NdisTapi - ok 23:30:51.0793 3144 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 23:30:51.0863 3144 Ndisuio - ok 23:30:51.0943 3144 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 23:30:52.0013 3144 NdisWan - ok 23:30:52.0083 3144 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 23:30:52.0143 3144 NDProxy - ok 23:30:52.0213 3144 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 23:30:52.0273 3144 NetBIOS - ok 23:30:52.0342 3144 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 23:30:52.0406 3144 NetBT - ok 23:30:52.0485 3144 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 23:30:52.0508 3144 Netlogon - ok 23:30:52.0582 3144 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll 23:30:52.0649 3144 Netman - ok 23:30:52.0741 3144 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll 23:30:52.0810 3144 netprofm - ok 23:30:52.0914 3144 netr28u (27ee4b406e2f26f6117a9a420bd4cb65) C:\Windows\system32\DRIVERS\netr28u.sys 23:30:52.0987 3144 netr28u - ok 23:30:53.0084 3144 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 23:30:53.0103 3144 NetTcpPortSharing - ok 23:30:53.0351 3144 NETwNs32 (6de8d8d6e23f42d819eae39fa3f6f31d) C:\Windows\system32\DRIVERS\NETwNs32.sys 23:30:53.0639 3144 NETwNs32 - ok 23:30:53.0753 3144 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 23:30:53.0773 3144 nfrd960 - ok 23:30:53.0825 3144 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 23:30:53.0841 3144 NisDrv - ok 23:30:53.0916 3144 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe 23:30:53.0941 3144 NisSrv - ok 23:30:54.0059 3144 NitroReaderDriverReadSpool2 (88ba747aa5c103566fe6289b4ac3937d) C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe 23:30:54.0084 3144 NitroReaderDriverReadSpool2 - ok 23:30:54.0178 3144 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll 23:30:54.0240 3144 NlaSvc - ok 23:30:54.0292 3144 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 23:30:54.0340 3144 Npfs - ok 23:30:54.0442 3144 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll 23:30:54.0506 3144 nsi - ok 23:30:54.0570 3144 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 23:30:54.0619 3144 nsiproxy - ok 23:30:54.0725 3144 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 23:30:54.0805 3144 Ntfs - ok 23:30:54.0850 3144 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 23:30:54.0905 3144 Null - ok 23:30:54.0977 3144 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 23:30:55.0001 3144 nvraid - ok 23:30:55.0059 3144 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 23:30:55.0083 3144 nvstor - ok 23:30:55.0136 3144 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 23:30:55.0162 3144 nv_agp - ok 23:30:55.0260 3144 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 23:30:55.0292 3144 odserv - ok 23:30:55.0390 3144 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 23:30:55.0422 3144 ohci1394 - ok 23:30:55.0496 3144 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 23:30:55.0516 3144 ose - ok 23:30:55.0680 3144 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 23:30:55.0901 3144 osppsvc - ok 23:30:55.0988 3144 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 23:30:56.0046 3144 p2pimsvc - ok 23:30:56.0141 3144 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll 23:30:56.0192 3144 p2psvc - ok 23:30:56.0247 3144 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 23:30:56.0272 3144 Parport - ok 23:30:56.0338 3144 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 23:30:56.0362 3144 partmgr - ok 23:30:56.0397 3144 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 23:30:56.0431 3144 Parvdm - ok 23:30:56.0462 3144 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll 23:30:56.0503 3144 PcaSvc - ok 23:30:56.0553 3144 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 23:30:56.0578 3144 pci - ok 23:30:56.0622 3144 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 23:30:56.0642 3144 pciide - ok 23:30:56.0673 3144 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 23:30:56.0697 3144 pcmcia - ok 23:30:56.0724 3144 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 23:30:56.0746 3144 pcw - ok 23:30:56.0784 3144 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 23:30:56.0875 3144 PEAUTH - ok 23:30:57.0017 3144 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll 23:30:57.0132 3144 pla - ok 23:30:57.0212 3144 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll 23:30:57.0273 3144 PlugPlay - ok 23:30:57.0329 3144 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll 23:30:57.0371 3144 PNRPAutoReg - ok 23:30:57.0407 3144 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 23:30:57.0489 3144 PNRPsvc - ok 23:30:57.0529 3144 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll 23:30:57.0596 3144 PolicyAgent - ok 23:30:57.0684 3144 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll 23:30:57.0790 3144 Power - ok 23:30:57.0900 3144 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 23:30:57.0954 3144 PptpMiniport - ok 23:30:58.0047 3144 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 23:30:58.0079 3144 Processor - ok 23:30:58.0172 3144 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll 23:30:58.0222 3144 ProfSvc - ok 23:30:58.0252 3144 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 23:30:58.0274 3144 ProtectedStorage - ok 23:30:58.0336 3144 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 23:30:58.0401 3144 Psched - ok 23:30:58.0482 3144 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 23:30:58.0563 3144 ql2300 - ok 23:30:58.0624 3144 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 23:30:58.0648 3144 ql40xx - ok 23:30:58.0695 3144 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll 23:30:58.0741 3144 QWAVE - ok 23:30:58.0798 3144 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 23:30:58.0834 3144 QWAVEdrv - ok 23:30:58.0910 3144 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 23:30:58.0974 3144 RasAcd - ok 23:30:59.0076 3144 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 23:30:59.0123 3144 RasAgileVpn - ok 23:30:59.0166 3144 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll 23:30:59.0219 3144 RasAuto - ok 23:30:59.0272 3144 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 23:30:59.0341 3144 Rasl2tp - ok 23:30:59.0434 3144 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll 23:30:59.0501 3144 RasMan - ok 23:30:59.0604 3144 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 23:30:59.0654 3144 RasPppoe - ok 23:30:59.0714 3144 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 23:30:59.0764 3144 RasSstp - ok 23:30:59.0824 3144 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 23:30:59.0891 3144 rdbss - ok 23:30:59.0976 3144 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 23:31:00.0006 3144 rdpbus - ok 23:31:00.0036 3144 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 23:31:00.0106 3144 RDPCDD - ok 23:31:00.0206 3144 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 23:31:00.0256 3144 RDPENCDD - ok 23:31:00.0286 3144 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 23:31:00.0346 3144 RDPREFMP - ok 23:31:00.0446 3144 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys 23:31:00.0521 3144 RDPWD - ok 23:31:00.0630 3144 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 23:31:00.0655 3144 rdyboost - ok 23:31:00.0694 3144 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll 23:31:00.0756 3144 RemoteAccess - ok 23:31:00.0809 3144 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll 23:31:00.0869 3144 RemoteRegistry - ok 23:31:00.0982 3144 RimUsb (4f4a4c09cc5be58a76cac1c337e004e6) C:\Windows\system32\Drivers\RimUsb.sys 23:31:01.0040 3144 RimUsb - ok 23:31:01.0142 3144 RimVSerPort (3a5633ad615e2b15291bd0b1b97ccd8a) C:\Windows\system32\DRIVERS\RimSerial.sys 23:31:01.0176 3144 RimVSerPort - ok 23:31:01.0286 3144 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys 23:31:01.0347 3144 ROOTMODEM - ok 23:31:01.0409 3144 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll 23:31:01.0458 3144 RpcEptMapper - ok 23:31:01.0487 3144 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe 23:31:01.0529 3144 RpcLocator - ok 23:31:01.0574 3144 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 23:31:01.0626 3144 RpcSs - ok 23:31:01.0693 3144 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 23:31:01.0755 3144 rspndr - ok 23:31:01.0795 3144 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 23:31:01.0817 3144 SamSs - ok 23:31:01.0870 3144 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 23:31:01.0892 3144 sbp2port - ok 23:31:01.0932 3144 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll 23:31:01.0992 3144 SCardSvr - ok 23:31:02.0019 3144 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 23:31:02.0085 3144 scfilter - ok 23:31:02.0147 3144 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll 23:31:02.0243 3144 Schedule - ok 23:31:02.0276 3144 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 23:31:02.0320 3144 SCPolicySvc - ok 23:31:02.0348 3144 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll 23:31:02.0413 3144 SDRSVC - ok 23:31:02.0514 3144 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 23:31:02.0578 3144 secdrv - ok 23:31:02.0618 3144 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll 23:31:02.0683 3144 seclogon - ok 23:31:02.0750 3144 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll 23:31:02.0803 3144 SENS - ok 23:31:02.0838 3144 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll 23:31:02.0904 3144 SensrSvc - ok 23:31:03.0000 3144 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 23:31:03.0039 3144 Serenum - ok 23:31:03.0146 3144 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 23:31:03.0173 3144 Serial - ok 23:31:03.0220 3144 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 23:31:03.0243 3144 sermouse - ok 23:31:03.0305 3144 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll 23:31:03.0359 3144 SessionEnv - ok 23:31:03.0410 3144 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 23:31:03.0448 3144 sffdisk - ok 23:31:03.0532 3144 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 23:31:03.0578 3144 sffp_mmc - ok 23:31:03.0666 3144 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 23:31:03.0692 3144 sffp_sd - ok 23:31:03.0731 3144 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 23:31:03.0763 3144 sfloppy - ok 23:31:03.0813 3144 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll 23:31:03.0879 3144 SharedAccess - ok 23:31:03.0978 3144 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll 23:31:04.0033 3144 ShellHWDetection - ok 23:31:04.0084 3144 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 23:31:04.0105 3144 sisagp - ok 23:31:04.0158 3144 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 23:31:04.0179 3144 SiSRaid2 - ok 23:31:04.0205 3144 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 23:31:04.0226 3144 SiSRaid4 - ok 23:31:04.0292 3144 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files\Skype\Updater\Updater.exe 23:31:04.0311 3144 SkypeUpdate - ok 23:31:04.0419 3144 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 23:31:04.0469 3144 Smb - ok 23:31:04.0524 3144 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe 23:31:04.0550 3144 SNMPTRAP - ok 23:31:04.0577 3144 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 23:31:04.0597 3144 spldr - ok 23:31:04.0641 3144 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe 23:31:04.0715 3144 Spooler - ok 23:31:04.0827 3144 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe 23:31:04.0978 3144 sppsvc - ok 23:31:05.0066 3144 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll 23:31:05.0134 3144 sppuinotify - ok 23:31:05.0208 3144 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 23:31:05.0262 3144 srv - ok 23:31:05.0364 3144 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 23:31:05.0413 3144 srv2 - ok 23:31:05.0515 3144 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 23:31:05.0605 3144 srvnet - ok 23:31:05.0801 3144 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll 23:31:05.0854 3144 SSDPSRV - ok 23:31:05.0879 3144 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll 23:31:05.0937 3144 SstpSvc - ok 23:31:05.0995 3144 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 23:31:06.0015 3144 stexstor - ok 23:31:06.0106 3144 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll 23:31:06.0168 3144 StiSvc - ok 23:31:06.0240 3144 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 23:31:06.0259 3144 swenum - ok 23:31:06.0299 3144 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll 23:31:06.0374 3144 swprv - ok 23:31:06.0433 3144 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll 23:31:06.0502 3144 SysMain - ok 23:31:06.0545 3144 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll 23:31:06.0594 3144 TabletInputService - ok 23:31:06.0639 3144 tap0901 (98a1e6bc9f766b0b0a5bf00af847ef20) C:\Windows\system32\DRIVERS\tap0901.sys 23:31:06.0716 3144 tap0901 - ok 23:31:06.0800 3144 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll 23:31:06.0870 3144 TapiSrv - ok 23:31:06.0917 3144 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll 23:31:06.0975 3144 TBS - ok 23:31:07.0073 3144 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys 23:31:07.0151 3144 Tcpip - ok 23:31:07.0217 3144 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys 23:31:07.0265 3144 TCPIP6 - ok 23:31:07.0387 3144 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 23:31:07.0443 3144 tcpipreg - ok 23:31:07.0541 3144 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 23:31:07.0592 3144 TDPIPE - ok 23:31:07.0632 3144 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys 23:31:07.0662 3144 TDTCP - ok 23:31:07.0692 3144 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 23:31:07.0742 3144 tdx - ok 23:31:07.0782 3144 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 23:31:07.0802 3144 TermDD - ok 23:31:07.0852 3144 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll 23:31:07.0922 3144 TermService - ok 23:31:07.0952 3144 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll 23:31:08.0002 3144 Themes - ok 23:31:08.0102 3144 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 23:31:08.0152 3144 THREADORDER - ok 23:31:08.0213 3144 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll 23:31:08.0277 3144 TrkWks - ok 23:31:08.0353 3144 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe 23:31:08.0410 3144 TrustedInstaller - ok 23:31:08.0491 3144 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 23:31:08.0551 3144 tssecsrv - ok 23:31:08.0664 3144 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 23:31:08.0722 3144 TsUsbFlt - ok 23:31:08.0832 3144 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 23:31:08.0899 3144 tunnel - ok 23:31:08.0954 3144 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 23:31:08.0975 3144 uagp35 - ok 23:31:09.0029 3144 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 23:31:09.0086 3144 udfs - ok 23:31:09.0131 3144 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe 23:31:09.0166 3144 UI0Detect - ok 23:31:09.0271 3144 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 23:31:09.0291 3144 uliagpkx - ok 23:31:09.0350 3144 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys 23:31:09.0378 3144 umbus - ok 23:31:09.0480 3144 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 23:31:09.0516 3144 UmPass - ok 23:31:09.0606 3144 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll 23:31:09.0666 3144 upnphost - ok 23:31:09.0716 3144 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 23:31:09.0806 3144 usbccgp - ok 23:31:09.0902 3144 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 23:31:09.0930 3144 usbcir - ok 23:31:09.0988 3144 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys 23:31:10.0012 3144 usbehci - ok 23:31:10.0055 3144 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 23:31:10.0085 3144 usbhub - ok 23:31:10.0143 3144 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys 23:31:10.0176 3144 usbohci - ok 23:31:10.0239 3144 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 23:31:10.0265 3144 usbprint - ok 23:31:10.0340 3144 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 23:31:10.0399 3144 USBSTOR - ok 23:31:10.0494 3144 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys 23:31:10.0519 3144 usbuhci - ok 23:31:10.0574 3144 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys 23:31:10.0612 3144 usbvideo - ok 23:31:10.0693 3144 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll 23:31:10.0747 3144 UxSms - ok 23:31:10.0797 3144 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 23:31:10.0819 3144 VaultSvc - ok 23:31:10.0924 3144 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 23:31:10.0947 3144 vdrvroot - ok 23:31:11.0005 3144 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe 23:31:11.0083 3144 vds - ok 23:31:11.0191 3144 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 23:31:11.0242 3144 vga - ok 23:31:11.0284 3144 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 23:31:11.0343 3144 VgaSave - ok 23:31:11.0378 3144 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 23:31:11.0403 3144 vhdmp - ok 23:31:11.0495 3144 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 23:31:11.0518 3144 viaagp - ok 23:31:11.0562 3144 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 23:31:11.0590 3144 ViaC7 - ok 23:31:11.0622 3144 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 23:31:11.0642 3144 viaide - ok 23:31:11.0678 3144 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 23:31:11.0701 3144 volmgr - ok 23:31:11.0750 3144 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 23:31:11.0780 3144 volmgrx - ok 23:31:11.0822 3144 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 23:31:11.0849 3144 volsnap - ok 23:31:11.0940 3144 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 23:31:11.0965 3144 vsmraid - ok 23:31:12.0036 3144 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe 23:31:12.0127 3144 VSS - ok 23:31:12.0172 3144 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 23:31:12.0208 3144 vwifibus - ok 23:31:12.0276 3144 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 23:31:12.0306 3144 vwififlt - ok 23:31:12.0344 3144 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll 23:31:12.0392 3144 W32Time - ok 23:31:12.0455 3144 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 23:31:12.0483 3144 WacomPen - ok 23:31:12.0538 3144 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 23:31:12.0592 3144 WANARP - ok 23:31:12.0597 3144 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 23:31:12.0638 3144 Wanarpv6 - ok 23:31:12.0770 3144 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe 23:31:12.0852 3144 WatAdminSvc - ok 23:31:12.0927 3144 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe 23:31:13.0012 3144 wbengine - ok 23:31:13.0055 3144 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll 23:31:13.0101 3144 WbioSrvc - ok 23:31:13.0180 3144 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll 23:31:13.0219 3144 wcncsvc - ok 23:31:13.0271 3144 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll 23:31:13.0316 3144 WcsPlugInService - ok 23:31:13.0361 3144 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 23:31:13.0380 3144 Wd - ok 23:31:13.0414 3144 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 23:31:13.0449 3144 Wdf01000 - ok 23:31:13.0490 3144 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 23:31:13.0562 3144 WdiServiceHost - ok 23:31:13.0572 3144 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 23:31:13.0602 3144 WdiSystemHost - ok 23:31:13.0642 3144 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll 23:31:13.0682 3144 WebClient - ok 23:31:13.0712 3144 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll 23:31:13.0772 3144 Wecsvc - ok 23:31:13.0792 3144 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll 23:31:13.0872 3144 wercplsupport - ok 23:31:13.0912 3144 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll 23:31:13.0962 3144 WerSvc - ok 23:31:14.0012 3144 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 23:31:14.0052 3144 WfpLwf - ok 23:31:14.0132 3144 WHSConnector (9cbb79bf4786d141096fcdfb2b831690) C:\Program Files\Windows Home Server\WHSConnector.exe 23:31:14.0152 3144 WHSConnector - ok 23:31:14.0242 3144 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 23:31:14.0262 3144 WIMMount - ok 23:31:14.0322 3144 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 23:31:14.0392 3144 WinDefend - ok 23:31:14.0402 3144 WinHttpAutoProxySvc - ok 23:31:14.0492 3144 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll 23:31:14.0543 3144 Winmgmt - ok 23:31:14.0613 3144 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll 23:31:14.0699 3144 WinRM - ok 23:31:14.0757 3144 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll 23:31:14.0836 3144 Wlansvc - ok 23:31:14.0933 3144 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 23:31:14.0950 3144 wlcrasvc - ok 23:31:15.0060 3144 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 23:31:15.0159 3144 wlidsvc - ok 23:31:15.0223 3144 wltrysvc - ok 23:31:15.0291 3144 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 23:31:15.0315 3144 WmiAcpi - ok 23:31:15.0408 3144 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe 23:31:15.0437 3144 wmiApSrv - ok 23:31:15.0542 3144 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 23:31:15.0623 3144 WMPNetworkSvc - ok 23:31:15.0676 3144 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll 23:31:15.0730 3144 WPCSvc - ok 23:31:15.0768 3144 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll 23:31:15.0840 3144 WPDBusEnum - ok 23:31:15.0881 3144 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 23:31:15.0939 3144 ws2ifsl - ok 23:31:15.0993 3144 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll 23:31:16.0070 3144 wscsvc - ok 23:31:16.0259 3144 WSearch - ok 23:31:16.0364 3144 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll 23:31:16.0483 3144 wuauserv - ok 23:31:16.0540 3144 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 23:31:16.0580 3144 WudfPf - ok 23:31:16.0668 3144 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 23:31:16.0719 3144 WUDFRd - ok 23:31:16.0772 3144 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll 23:31:16.0826 3144 wudfsvc - ok 23:31:16.0865 3144 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll 23:31:16.0900 3144 WwanSvc - ok 23:31:16.0960 3144 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 23:31:17.0154 3144 \Device\Harddisk0\DR0 - ok 23:31:17.0159 3144 Boot (0x1200) (31638fbd96d2f70885b4eec84498ca76) \Device\Harddisk0\DR0\Partition0 23:31:17.0162 3144 \Device\Harddisk0\DR0\Partition0 - ok 23:31:17.0196 3144 Boot (0x1200) (86e0e3b5b2f41cc4613a054b8c283b50) \Device\Harddisk0\DR0\Partition1 23:31:17.0198 3144 \Device\Harddisk0\DR0\Partition1 - ok 23:31:17.0199 3144 ============================================================ 23:31:17.0199 3144 Scan finished 23:31:17.0199 3144 ============================================================ 23:31:17.0217 0700 Detected object count: 3 23:31:17.0217 0700 Actual detected object count: 3 23:31:52.0577 0700 dvd43llh ( UnsignedFile.Multi.Generic ) - skipped by user 23:31:52.0577 0700 dvd43llh ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:31:52.0577 0700 HPMSSConnectorSvc ( UnsignedFile.Multi.Generic ) - skipped by user 23:31:52.0577 0700 HPMSSConnectorSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:31:52.0580 0700 MediaCollectorService ( UnsignedFile.Multi.Generic ) - skipped by user 23:31:52.0580 0700 MediaCollectorService ( UnsignedFile.Multi.Generic ) - User select action: Skip Here is the malwarebytes log: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.05.10 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 User :: USER-PC [administrator] 05/04/2012 23:34:53 mbam-log-2012-04-05 (23-34-53).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 202342 Time elapsed: 7 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  19. So I'm pretty sure I picked up some nasty malware/virus while streaming tv shows a month back. I've been unable to start Windows security center or Microsoft Security Essentials and I get redirected if I click on the top Google links. However, I can't seem to find the stupid thing (used malware bytes, Spybot Search & Destroy, Kapresky stuff, etc). I've attached below my logs from running DDS. Thanks, Alex. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by User at 1:35:52 on 2012-04-05 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1979.542 [GMT 1:00] . AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\rundll32.exe C:\Program Files\Windows Home Server\esClient.exe C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Windows Home Server\WHSConnector.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\rundll32.exe C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\dvd43\DVD43_Tray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Live\Mesh\WLSync.exe C:\Program Files\Windows Home Server\WHSTrayApp.exe C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Users\User\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe C:\Program Files\Windows Live\Mesh\MOE.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.uk/ uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun uRun: [WLSync] "c:\program files\windows live\mesh\WLSync.exe" /background mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\user\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{19D515E1-851B-4B8B-B932-FED1713FC829} : DhcpNameServer = 8.8.8.8 TCP: Interfaces\{1CAC04CD-6190-4548-83B7-7D9E69D64440} : DhcpNameServer = 192.168.2.254 TCP: Interfaces\{24361609-8878-4E49-81C8-CAEC513AF1CE} : DhcpNameServer = 192.168.22.1 TCP: Interfaces\{9ECA6236-A346-4024-AD93-2F771B7C5548} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{9ECA6236-A346-4024-AD93-2F771B7C5548}\D49616F6 : DhcpNameServer = 192.168.22.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 239472] R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2011-1-10 97136] R2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\hewlett-packard\hp mediasmart server\MSSConnectorService.exe [2009-10-5 20992] R2 MediaCollectorService;MediaCollectorService;c:\program files\hewlett-packard\hp mediasmart server\MediaCollectorClient.exe [2009-10-5 81920] R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-2-9 198136] R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688] R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688] R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-10-31 7522304] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392] S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-2-4 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-2-6 1343400] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-04-05 00:28:11 -------- d-----w- c:\users\user\appdata\roaming\QuickScan 2012-04-04 23:48:10 -------- d-----w- c:\users\user\appdata\local\{DA52D89C-6741-48D5-BEF0-C77F65DF6450} 2012-04-04 23:47:55 -------- d-----w- c:\users\user\appdata\local\{44EFC2E9-F48E-4579-8084-3BCF813A67FD} 2012-04-04 23:37:45 -------- d-----w- c:\users\user\appdata\local\{11AC4AD2-9364-4E52-87CD-A62C97BA2558} 2012-04-04 23:37:34 -------- d-----w- c:\users\user\appdata\local\{C77C6E00-5A1F-47B3-B81D-87CDF094698C} 2012-04-04 23:32:11 -------- d-----w- c:\users\user\appdata\local\{AD0C51B0-A32B-452C-8F86-9E970B449E8E} 2012-04-04 23:31:29 -------- d-----w- c:\users\user\appdata\local\{E25260D0-4336-4241-B68C-10D2BCF8BE80} 2012-04-04 08:04:18 -------- d-----w- c:\users\user\appdata\local\{F571CE18-FA07-4926-AEAD-3DBF2DE175B3} 2012-04-03 19:29:07 -------- d-----w- c:\users\user\appdata\local\{1950F180-56CF-485B-B3D4-EB440FB85E05} 2012-04-01 19:28:05 -------- d-----w- c:\users\user\appdata\local\{2431BC81-0526-4D96-8574-9EAE2D83692C} 2012-03-28 22:54:20 -------- d-----w- c:\programdata\SecTaskMan 2012-03-28 22:54:16 -------- d-----w- c:\program files\Security Task Manager 2012-03-28 16:16:37 -------- d-----w- c:\users\user\appdata\local\{F8E314AA-5136-4E11-8847-481E2AA13915} 2012-03-28 04:16:12 -------- d-----w- c:\users\user\appdata\local\{52F97560-D165-4FC6-83E9-ED88F069CEFB} 2012-03-28 04:15:58 -------- d-----w- c:\users\user\appdata\local\{E1C90403-E9FD-48BB-8313-5803E8CE120B} 2012-03-27 22:45:09 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes 2012-03-27 22:45:03 -------- d-----w- c:\programdata\Malwarebytes 2012-03-27 22:45:02 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-27 22:45:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-27 19:48:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-03-27 19:48:46 -------- d-----w- c:\program files\Spybot - Search & Destroy 2012-03-27 11:09:14 -------- d-----w- c:\users\user\appdata\local\{FF22158D-3FF5-4CCE-BFB0-D569907047BD} 2012-03-27 11:09:04 -------- d-----w- c:\users\user\appdata\local\{37C44D95-1D83-42EE-BBE0-3E44FEB51D8A} 2012-03-26 23:08:34 -------- d-----w- c:\users\user\appdata\local\{B637B6DC-B05A-45CD-BBC8-753CF7300655} 2012-03-26 23:08:20 -------- d-----w- c:\users\user\appdata\local\{AA8F9A57-F2FB-4569-A28D-5C15ED615A08} 2012-03-26 11:07:44 -------- d-----w- c:\users\user\appdata\local\{795B9476-D3FB-4458-90F8-C241E694ABCF} 2012-03-25 23:07:17 -------- d-----w- c:\users\user\appdata\local\{E2CB7C1A-C337-48AB-83BF-F2741DCB17A3} 2012-03-25 13:26:41 102912 --sha-r- c:\windows\system32\C_20297U.dll 2012-03-25 11:06:51 -------- d-----w- c:\users\user\appdata\local\{F349DA42-595E-46D9-B57D-EBAD44176A65} 2012-03-25 01:05:19 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bba6c972-5613-475a-9c65-7219a969ac74}\mpengine.dll 2012-03-24 21:48:33 -------- d-----w- c:\users\user\appdata\local\{CC281EF0-D0FC-4579-9C6D-77C5356DF509} 2012-03-24 09:48:07 -------- d-----w- c:\users\user\appdata\local\{C865FA18-6A64-4740-9F38-BED6A86621AA} 2012-03-23 21:47:40 -------- d-----w- c:\users\user\appdata\local\{629F079B-0C10-465C-8965-637A0AE91915} 2012-03-23 21:47:28 -------- d-----w- c:\users\user\appdata\local\{CDFBF0BE-AD29-4437-9238-B502DB1E9A05} 2012-03-23 09:46:58 -------- d-----w- c:\users\user\appdata\local\{4218EA18-EC41-465E-9CA5-F92081AB2124} 2012-03-22 21:46:28 -------- d-----w- c:\users\user\appdata\local\{852A4EE3-F1A8-4845-912E-C91D2BDD9536} 2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr 2012-03-22 09:45:54 -------- d-----w- c:\users\user\appdata\local\{5F780C63-EE79-47A4-8AEA-2E16D1D75228} 2012-03-22 09:45:36 -------- d-----w- c:\users\user\appdata\local\{8367E30D-0F5A-4E08-A325-D63C897C3DDB} 2012-03-21 21:45:05 -------- d-----w- c:\users\user\appdata\local\{CEFB68C2-23D5-4038-A94E-4B4ED71A83EC} 2012-03-21 21:44:43 -------- d-----w- c:\users\user\appdata\local\{5DD56B2D-DFBA-4616-8574-3BE951BD8015} 2012-03-21 09:44:13 -------- d-----w- c:\users\user\appdata\local\{F789D451-EA24-4037-BF34-801DA4879F30} 2012-03-20 21:30:35 -------- d-----w- c:\users\user\appdata\local\{722B28B7-19E0-45BB-BB95-A8BE7ABC7EB9} 2012-03-20 21:30:23 -------- d-----w- c:\users\user\appdata\local\{1A6BEE46-9917-4D9A-9A4D-B4277ABAFAA5} 2012-03-20 09:29:57 -------- d-----w- c:\users\user\appdata\local\{9F3F579A-6746-49E8-89C0-46C3FEF906E8} 2012-03-19 21:29:30 -------- d-----w- c:\users\user\appdata\local\{0EFA30F7-A5FE-4F85-8EF1-7EBB5366C853} 2012-03-19 09:29:03 -------- d-----w- c:\users\user\appdata\local\{F166E2AC-7C9F-4CCE-8C99-A1254B5B176B} 2012-03-18 20:09:20 -------- d-----w- c:\users\user\appdata\local\{A9EC69F8-FC0D-493E-B3AD-ACDB04EBD70F} 2012-03-18 20:09:08 -------- d-----w- c:\users\user\appdata\local\{9BDD5B82-0F6D-45C0-A681-28E4FDC96E2D} 2012-03-18 15:49:27 -------- d-----w- c:\users\user\appdata\local\{F906A9B5-7673-453A-881B-7EC6B8954807} 2012-03-18 08:45:25 -------- d-----w- c:\users\user\appdata\local\{75839C79-D634-4E71-8633-9B02D81DC1D2} 2012-03-18 08:31:08 -------- d-----w- c:\users\user\appdata\local\{4D06B50E-49B6-4BBF-A2BE-2DE1F7D83154} 2012-03-17 23:01:22 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys 2012-03-17 23:01:17 -------- d-----w- c:\program files\dvd43 2012-03-17 20:31:20 805376 ----a-w- c:\windows\system32\FntCache.dll 2012-03-17 20:31:19 739840 ----a-w- c:\windows\system32\d2d1.dll 2012-03-17 11:27:44 -------- d-----w- c:\users\user\appdata\local\{9FFEFE9A-B81E-43F5-88E3-04014EBFD7A3} 2012-03-17 09:10:42 -------- d-----w- c:\users\user\appdata\local\{936F39CE-C69D-44BA-8703-52FF3AA00D1C} 2012-03-16 21:10:13 -------- d-----w- c:\users\user\appdata\local\{1393C591-581C-42D4-AABB-1208842CBD23} 2012-03-16 21:10:00 -------- d-----w- c:\users\user\appdata\local\{146BB4C5-3001-407A-AF2A-B9C5D067035C} 2012-03-16 20:28:14 -------- d-----w- c:\users\user\appdata\roaming\HandBrake 2012-03-16 09:09:31 -------- d-----w- c:\users\user\appdata\local\{BF2C2B0B-7AB4-41B5-A73B-A9AC64978C63} 2012-03-15 21:09:04 -------- d-----w- c:\users\user\appdata\local\{48A62693-A3C8-4949-B350-2385A212789A} 2012-03-15 21:08:52 -------- d-----w- c:\users\user\appdata\local\{E1316B6B-1B84-453F-8F8E-AC1D704DA27E} 2012-03-15 09:08:25 -------- d-----w- c:\users\user\appdata\local\{59D2290D-56E5-468C-A3E9-2567C89BF080} 2012-03-15 09:08:14 -------- d-----w- c:\users\user\appdata\local\{E8A68F7C-1DF5-40BD-8493-8952C151259E} 2012-03-15 03:01:06 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-15 03:01:05 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-15 01:12:08 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2012-03-15 01:12:05 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2012-03-15 01:12:05 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2012-03-15 01:12:04 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2012-03-15 01:11:04 -------- d-----w- c:\program files\Lightworks 2012-03-15 00:36:48 -------- d-----w- c:\program files\OSSBuild 2012-03-15 00:27:21 -------- d-----w- c:\program files\Handbrake 2012-03-14 23:47:46 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-14 21:07:46 -------- d-----w- c:\users\user\appdata\local\{43578E7F-D5CC-4FC5-B819-02D9D47D5D20} 2012-03-13 23:50:39 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-03-13 23:50:37 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-03-13 23:49:24 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-13 23:49:23 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-13 23:49:23 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-13 23:49:21 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-13 23:49:20 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-13 23:49:19 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-13 20:22:48 -------- d-----w- c:\users\user\appdata\local\{5D7B04F4-5FB9-4BB9-A66B-B4A578C1CC9D} 2012-03-13 08:22:20 -------- d-----w- c:\users\user\appdata\local\{DB1719BD-9B99-42D8-9031-6FB64503AB3B} 2012-03-12 20:21:46 -------- d-----w- c:\users\user\appdata\local\{CE7555EE-3551-4017-917A-1B0808DD06EB} 2012-03-12 08:21:12 -------- d-----w- c:\users\user\appdata\local\{9696A130-C1A8-4369-A31F-6787DE0B378E} 2012-03-12 08:21:02 -------- d-----w- c:\users\user\appdata\local\{CED101E3-826E-4181-B41F-4947A36FC8A4} 2012-03-11 20:20:31 -------- d-----w- c:\users\user\appdata\local\{7837F59C-BACA-4631-8AFD-F012B59617D3} 2012-03-11 08:19:57 -------- d-----w- c:\users\user\appdata\local\{7535A5FB-41B6-433D-B6B9-EFFD5334ABF8} 2012-03-10 20:19:30 -------- d-----w- c:\users\user\appdata\local\{56B0F915-841B-4C47-81BD-A564B58E3A3F} 2012-03-10 08:19:03 -------- d-----w- c:\users\user\appdata\local\{04280C3C-899F-4FA4-85B2-173FAEB0D86F} 2012-03-09 22:12:37 -------- d-----w- c:\program files\VideoLAN 2012-03-09 20:18:38 -------- d-----w- c:\users\user\appdata\local\{40052EF2-FE70-42E2-A90C-F299ABF49A13} 2012-03-09 08:18:14 -------- d-----w- c:\users\user\appdata\local\{B7BEEB4C-CCB1-4679-86AD-2742B8F08ECE} 2012-03-09 08:18:03 -------- d-----w- c:\users\user\appdata\local\{7E75D24E-D88D-412D-87BC-B794ADD52A6D} 2012-03-08 20:17:36 -------- d-----w- c:\users\user\appdata\local\{474D65CB-6EE1-47C7-A169-97DE22301D52} 2012-03-08 08:17:11 -------- d-----w- c:\users\user\appdata\local\{B1EDEABF-3305-458B-819F-4A4294F313AC} 2012-03-07 20:16:47 -------- d-----w- c:\users\user\appdata\local\{AAE87A0B-AF35-492E-BA52-5CB2465F1256} 2012-03-07 20:16:36 -------- d-----w- c:\users\user\appdata\local\{72A8F409-8774-462D-9B65-1DFA7AE24B4A} 2012-03-07 08:16:08 -------- d-----w- c:\users\user\appdata\local\{3768BCE2-30F8-4F8B-84CD-9BF63B68E5FB} 2012-03-07 08:15:57 -------- d-----w- c:\users\user\appdata\local\{83B6C3A2-F141-4AE1-94D8-E2C3427567A5} 2012-03-06 16:05:50 -------- d-----w- c:\users\user\appdata\local\{6FE4ACCE-7DDB-450F-8556-9DBB2351CCC5} 2012-03-06 04:05:26 -------- d-----w- c:\users\user\appdata\local\{A094D666-7F3A-49F6-94E1-AC01BCC809F8} 2012-03-06 04:05:14 -------- d-----w- c:\users\user\appdata\local\{AED62BE4-B43F-4EC7-914F-53F3EA72C0A2} . ==================== Find3M ==================== . 2012-03-06 23:50:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-20 07:39:41 152576 ----a-w- c:\windows\system32\msclmd.dll 2012-02-08 22:59:54 27640 ----a-w- c:\windows\system32\nitrolocalmon2.dll 2012-02-08 22:59:54 18936 ----a-w- c:\windows\system32\nitrolocalui2.dll 2012-02-03 14:19:35 7522304 ----a-w- c:\windows\system32\drivers\NETwNs32.sys 2012-02-03 14:19:34 684032 ----a-w- c:\windows\system32\NETwNc32.dll 2012-02-03 14:19:34 2760704 ----a-w- c:\windows\system32\NETwNr32.dll 2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 1:37:13.54 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 02/02/2012 18:45:54 System Uptime: 05/04/2012 00:43:47 (1 hours ago) . Motherboard: Acer | | Aspire 4810T Processor: Genuine Intel® CPU U4100 @ 1.30GHz | CPU | 1300/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 387.262 GiB free. D: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe Flash Player 11 ActiveX Apple Software Update µTorrent BlackBerry Desktop Software 6.1 BlackBerry Device Software Updater Broadcom 802.11 Wireless LAN Adapter Broadcom Wireless Utility Cisco EAP-FAST Module D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DivX Setup Dropbox DVD43 v4.6.0 Google Chrome GStreamer WinBuilds 0.10.6 (GPL) HandBrake 0.9.6 HP MediaSmart Server 3.0 Update 1 HP Update Java Auto Updater Java 6 Update 31 Lightworks Malwarebytes Anti-Malware version 1.60.1.1000 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Antimalware Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2007 Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Excel MUI (English) 2010 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office Home and Student 2010 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2007 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2007 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (English) 2010 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2007 Microsoft Office Word MUI (English) 2010 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MSVCRT Nitro Reader 2 Picasa 3 QuickTime Security Task Manager 1.8d Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition Sky Go Desktop Skype Click to Call Skype™ 5.8 Spotify TunnelBear 1.0.29 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) uTorrentControl2 Toolbar VC80CRTRedist - 8.0.50727.6195 VLC media player 2.0.0 Windows Driver Package - Intel (NETwLv32) net (10/07/2010 13.4.0.139) Windows Driver Package - Intel (NETwNs32) net (10/27/2011 14.3.0.6) Windows Home Server Connector Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack . ==== Event Viewer Messages From Past Week ======== . 29/03/2012 21:01:24, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user User-PC\User SID (S-1-5-21-4278735001-178053511-1665522800-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 29/03/2012 21:01:24, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user User-PC\User SID (S-1-5-21-4278735001-178053511-1665522800-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 05/04/2012 01:36:09, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.65. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. 05/04/2012 01:05:09, Error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is TOKOTASIK. 04/04/2012 11:07:57, Error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer. 04/04/2012 08:18:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 04/04/2012 08:18:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 04/04/2012 00:45:00, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 04/04/2012 00:43:21, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 04/04/2012 00:43:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 04/04/2012 00:43:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 04/04/2012 00:43:10, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 04/04/2012 00:43:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 04/04/2012 00:43:00, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6 04/04/2012 00:43:00, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 04/04/2012 00:43:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 04/04/2012 00:42:56, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 04/04/2012 00:42:56, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 02/04/2012 08:19:43, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.