Kennyd53

Members
  • Content count

    16
  • Joined

  • Last visited

About Kennyd53

  • Rank
    New Member
  1. Thank you, I wholeheartedly agree with you that Dell should help me for free, however they have a different economical perspective than you and I and are steadfast in expecting payment for any "Out of Warranty" support. Thank you for all your help, I will see what I can accomplish at sevenforums.....God Bless!
  2. Thanks again for your quick responses, Ok, well as is my SOP... 1. the machine is out of warranty by more than a year 2. the FAQ didn't really help much 3.the MGA Diags returned an error when trying to get a report (the MGADiagToolOutput folder was empty as well), so here is a screen shot and if you need any of the other tabs, I have screenshots of them as well. I get the feeling we're running out of options, please tell me I'm wrong...lol
  3. Ok, sorry about that, I don't know how it happened. I create the responses in notepad and then cut and paste it into here so that I don't have any browser open when running the scans. As to your "when/how/where" question, When? it usually pops up within the first 30-60 minutes of the machine being on How? not sure how to answer this w/o being sarcastic Where? on the center of my screen, regardless of what else is running See for yourself...
  4. Wow that was fast! Ok, round 2...Ding! 1. ESET disabled, RogueKiller run, report below... RogueKiller V8.5.0 [Feb 9 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...uekiller/ Website : http://tigzy.geeksto...iller.php Blog : http://tigzyrk.blogs...spot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Ken [Admin rights] Mode : Remove -- Date : 02/09/2013 17:35:37 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 13 ¤¤¤ [TASK][sUSP PATH] IHSelfDeleteTASK : CMD /C DEL C:\Users\Ken\AppData\Local\Temp \IHU458B.tmp.exe -> DELETED [TASK][sUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\Ken\AppData\Local \Temp\IHU3CA4.tmp.exe -> DELETED [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2) [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1) [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NOT SELECTED [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NOT SELECTED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ -> D:\windows\system32\config\SOFTWARE -> D:\windows\system32\config\SYSTEM -> D:\Users\Default\NTUSER.DAT ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>www.007guard.com 127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>007guard.com 127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>008i.com 127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>www.008k.com 127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>008k.com 127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>www.00hq.com 127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>00hq.com 127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>010402.com 127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>www.032439.com 127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>032439.com 127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>www.0scan.com 127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>0scan.com 127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>1000gratisproben.com 127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>www.1000gratisproben.com 127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>1001namen.com 127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>www.1001namen.com 127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>100888290cs.com 127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>www.100888290cs.com 127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>www.100sexlinks.com 127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9250421ASG ATA Device +++++ --- User --- [MBR] b7693a2bf58ae1342f3804dee50cc93f [bSP] 43e2be632fa467e7e97cb39987fa84d2 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 141 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 290816 | Size: 10240 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21262336 | Size: 228092 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3]_D_02092013_02d1735.txt >> RKreport[1]_S_02092013_02d1548.txt ; RKreport[2]_S_02092013_02d1732.txt ; RKreport [3]_D_02092013_02d1735.txt 2. aswMBR downloaded and run, Fix button was not enabled, see log below... aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2013-02-09 21:11:58 ----------------------------- 21:11:58.270 OS Version: Windows x64 6.1.7601 Service Pack 1 21:11:58.270 Number of processors: 2 586 0x1706 21:11:58.271 ComputerName: STUDIO-64 UserName: Ken 21:11:59.168 Initialize success 21:12:23.385 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 21:12:23.388 Disk 0 Vendor: ST9250421ASG DE14 Size: 238475MB BusType: 11 21:12:23.462 Disk 0 MBR read successfully 21:12:23.466 Disk 0 MBR scan 21:12:23.470 Disk 0 Windows 7 default MBR code 21:12:23.472 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 141 MB offset 63 21:12:23.482 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 290816 21:12:23.486 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 228092 MB offset 21262336 21:12:23.501 Disk 0 scanning C:\Windows\system32\drivers 21:12:32.987 Service scanning 21:12:43.956 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32 21:12:47.520 Modules scanning 21:12:47.534 Scan finished successfully 21:15:37.700 Disk 0 MBR has been saved successfully to "C:\Users\Ken\Desktop \MBR.dat" 21:15:37.704 The log file has been saved successfully to "C:\Users\Ken\Desktop \aswMBR.txt" 3. MBAM Scan, see log below... Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.09.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Ken :: STUDIO-64 [administrator] Protection: Enabled 2/9/2013 9:36:39 PM mbam-log-2013-02-09 (21-36-39).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 214543 Time elapsed: 4 minute(s), 18 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) 4. downloaded and ran FSS, see log below... Farbar Service Scanner Version: 30-01-2013 Ran by Ken (administrator) on 09-02-2013 at 21:54:00 Running from "C:\Users\Ken\Desktop" Windows 7 Ultimate Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Attempt to access Google IP returned error. Google IP is offline Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters \FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** 5. Download and ran MSRT, see log below... --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.16, January 2013 Started On Sat Feb 09 22:20:24 2013 ->Scan ERROR: resource process://pid:3992 (code 0x00000490 (1168)) ->Scan ERROR: resource process://pid:3120 (code 0x00000490 (1168)) ->Scan ERROR: resource process://pid:3288 (code 0x00000005 (5)) Results Summary: ---------------- No infection found. All steps completed as requested.
  5. Thanks for your response! Ok, here we go.... 1. Bit Torrent uninstalled 2. ERUNT installled and run 3. All files exposed 4. ESET Security temp disabled and JRT downloaded and run, results below... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.6.2 (02.02.2013:2) OS: Windows 7 Ultimate x64 Ran by Ken on Sat 02/09/2013 at 14:09:14.28 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{30f9b915-b755-4826-820b-08fba6bd249d} Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1545054437-1505894867-219525375-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440} ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_local_machine\software\bittorrentbar Successfully deleted: [Registry Key] hkey_current_user\software\conduit Successfully deleted: [Registry Key] hkey_local_machine\software\conduit Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\bittorrentbar Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitengine Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\bho.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2790392 Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0055c089-8582-441b-a0bf-17b458c2a3a8} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{0055c089-8582-441b-a0bf-17b458c2a3a8} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo" Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar" Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com" Successfully deleted: [Registry Key] "hkey_current_user\software\asktoolbar" ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess" Successfully deleted: [Folder] "C:\Users\Ken\appdata\locallow\bittorrentbar" Successfully deleted: [Folder] "C:\Users\Ken\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\Ken\appdata\locallow\pricegong" Successfully deleted: [Folder] "C:\Program Files (x86)\bittorrentbar" ~~~ FireFox Successfully deleted: [Folder] C:\Users\Ken\AppData\Roaming\mozilla\firefox\profiles\7zlv1z4n.default\conduitcommon Successfully deleted: [Folder] C:\Users\Ken\AppData\Roaming\mozilla\firefox\profiles\7zlv1z4n.default\extensions\staged Successfully deleted the following from C:\Users\Ken\AppData\Roaming\mozilla\firefox\profiles\7zlv1z4n.default\prefs.js user_pref("CT2790392..clientLogIsEnabled", false); user_pref("CT2790392..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); user_pref("CT2790392..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); user_pref("CT2790392.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); user_pref("CT2790392.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); user_pref("CT2790392.BrowserCompStateIsOpen_129633547190125290", true); user_pref("CT2790392.CTID", "CT2790392"); user_pref("CT2790392.CurrentServerDate", "23-10-2012"); user_pref("CT2790392.DialogsAlignMode", "LTR"); user_pref("CT2790392.DialogsGetterLastCheckTime", "Tue Oct 23 2012 08:17:16 GMT-0400 (Eastern Daylight Time)"); user_pref("CT2790392.DownloadReferralCookieData", ""); user_pref("CT2790392.EMailNotifierPollDate", "Mon Jan 03 2011 10:47:33 GMT-0500 (Eastern Standard Time)"); user_pref("CT2790392.FeedLastCount129313977501788460", 292); user_pref("CT2790392.FeedPollDate129313974171006416", "Mon Jan 03 2011 10:12:34 GMT-0500 (Eastern Standard Time)"); user_pref("CT2790392.FeedPollDate129313975698350231", "Mon Jan 03 2011 10:12:34 GMT-0500 (Eastern Standard Time)"); user_pref("CT2790392.FeedPollDate129313976370850190", "Mon Jan 03 2011 10:12:34 GMT-0500 (Eastern Standard Time)"); user_pref("CT2790392.FeedPollDate129313976648818968", "Mon Jan 03 2011 10:12:34 GMT-0500 (Eastern Standard Time)"); user_pref("CT2790392.FeedPollDate129313977444757117", "Mon Jan 03 2011 10:12:34 GMT-0500 (Eastern Standard Time)"); user_pref("CT2790392.FeedPollDate129313980389131455", "Mon Jan 03 2011 10:12:34 GMT-0500 (Eastern Standard Time)"); user_pref("CT2790392.FeedPollDate129313980655381977", "Mon Jan 03 2011 10:12:34 GMT-0500 (Eastern Standard Time)"); user_pref("CT2790392.FeedPollDate129313980886163259", "Mon Jan 03 2011 10:12:34 GMT-0500 (Eastern Standard Time)"); user_pref("CT2790392.FeedPollDate129313981234756535", "Mon Jan 03 2011 10:12:34 GMT-0500 (Eastern Standard Time)"); user_pref("CT2790392.FeedPollDate129313983226631720", "Mon Jan 03 2011 10:12:34 GMT-0500 (Eastern Standard Time)"); user_pref("CT2790392.FeedPollDate129313983607725691", "Mon Jan 03 2011 10:12:34 GMT-0500 (Eastern Standard Time)"); user_pref("CT2790392.FeedTTL129313974171006416", 10); user_pref("CT2790392.FeedTTL129313977444757117", 15); user_pref("CT2790392.FeedTTL129313980655381977", 5); user_pref("CT2790392.FeedTTL129313981234756535", 5); user_pref("CT2790392.FirstServerDate", "3-1-2011"); user_pref("CT2790392.FirstTime", true); user_pref("CT2790392.FirstTimeFF3", true); user_pref("CT2790392.FixPageNotFoundErrors", false); user_pref("CT2790392.GroupingServerCheckInterval", 1440); user_pref("CT2790392.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); user_pref("CT2790392.HasUserGlobalKeys", true); user_pref("CT2790392.Initialize", true); user_pref("CT2790392.InitializeCommonPrefs", true); user_pref("CT2790392.InstallationAndCookieDataSentCount", 3); user_pref("CT2790392.InstallationType", "UnknownIntegration"); user_pref("CT2790392.InstalledDate", "Mon Jan 03 2011 00:43:14 GMT-0500 (Eastern Standard Time)"); user_pref("CT2790392.IsGrouping", false); user_pref("CT2790392.IsMulticommunity", false); user_pref("CT2790392.IsOpenThankYouPage", true); user_pref("CT2790392.IsOpenUninstallPage", false); user_pref("CT2790392.LanguagePackLastCheckTime", "Tue Oct 23 2012 08:17:16 GMT-0400 (Eastern Daylight Time)"); user_pref("CT2790392.LanguagePackReloadIntervalMM", 1440); user_pref("CT2790392.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx"); user_pref("CT2790392.LastLogin_3.13.0.6", "Tue Oct 23 2012 16:17:16 GMT-0400 (Eastern Daylight Time)"); user_pref("CT2790392.LastLogin_3.2.5.2", "Mon Jan 03 2011 08:12:38 GMT-0500 (Eastern Standard Time)"); user_pref("CT2790392.LatestVersion", "3.14.1.0"); user_pref("CT2790392.Locale", "en"); user_pref("CT2790392.MCDetectTooltipHeight", "83"); user_pref("CT2790392.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); user_pref("CT2790392.MCDetectTooltipWidth", "295"); user_pref("CT2790392.MyStuffEnabledAtInstallation", true); user_pref("CT2790392.SearchFromAddressBarIsInit", true); user_pref("CT2790392.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q="); user_pref("CT2790392.SearchInNewTabEnabled", true); user_pref("CT2790392.SearchInNewTabIntervalMM", 1440); user_pref("CT2790392.SearchInNewTabLastCheckTime", "Tue Oct 23 2012 08:17:15 GMT-0400 (Eastern Daylight Time)"); user_pref("CT2790392.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"); user_pref("CT2790392.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID"); user_pref("CT2790392.ServiceMapLastCheckTime", "Tue Oct 23 2012 08:17:15 GMT-0400 (Eastern Daylight Time)"); user_pref("CT2790392.SettingsLastCheckTime", "Tue Oct 23 2012 08:17:15 GMT-0400 (Eastern Daylight Time)"); user_pref("CT2790392.SettingsLastUpdate", "1350331626"); user_pref("CT2790392.ThirdPartyComponentsInterval", 504); user_pref("CT2790392.ThirdPartyComponentsLastCheck", "Mon Jan 03 2011 00:43:12 GMT-0500 (Eastern Standard Time)"); user_pref("CT2790392.ThirdPartyComponentsLastUpdate", "1246790578"); user_pref("CT2790392.ToolbarShrinkedFromSetup", false); user_pref("CT2790392.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2790392"); user_pref("CT2790392.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com user_pref("CT2790392.UserID", "UN65265018280549910"); user_pref("CT2790392.WeatherNetwork", ""); user_pref("CT2790392.WeatherPollDate", "Mon Jan 03 2011 10:42:35 GMT-0500 (Eastern Standard Time)"); user_pref("CT2790392.WeatherUnit", "F"); user_pref("CT2790392.alertChannelId", "1182482"); user_pref("CT2790392.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP user_pref("CT2790392.homepageProtectorEnableByLogin", true); user_pref("CT2790392.initDone", true); user_pref("CT2790392.myStuffEnabled", true); user_pref("CT2790392.myStuffPublihserMinWidth", 400); user_pref("CT2790392.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"); user_pref("CT2790392.myStuffServiceIntervalMM", 1440); user_pref("CT2790392.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT"); user_pref("CT2790392.revertSettingsEnabled", false); user_pref("CT2790392.searchProtectorDialogDelayInSec", 10); user_pref("CT2790392.searchProtectorEnableByLogin", true); user_pref("CT2790392.testingCtid", ""); user_pref("CT2790392.toolbarAppMetaDataLastCheckTime", "Tue Oct 23 2012 08:17:16 GMT-0400 (Eastern Daylight Time)"); user_pref("CT2790392.toolbarContextMenuLastCheckTime", "Mon Jan 03 2011 00:43:18 GMT-0500 (Eastern Standard Time)"); user_pref("CT2790392.usagesFlag", 1); user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2790392/CT2790392", "\"1c122585334ff8ada9b2bc72c949d5553\""); user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1182482/1178159/US", "\"0\""); user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\""); user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", "\"1334663508\""); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "MUj9hNyEiPxkVQ8Q8IYZ6A=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "/oUS1eK2SdsB3t6H2kLPsA=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "a47lyj7cLWBfKLgeVP5JNA=="); user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "o2to7MmrsZrvbHYQMnKy6A=="); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"01ffa8b1cc6cb1:0\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"801a319dd78ccc1:12e4\""); user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0e0a4327275cd1:1553\""); user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2790392", "\"f1c77625c0e9bd1c80a2fd6901845fa9\""); user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634289840782570000\""); user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634293235860000000"); user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/2011 5:25:10 PM", "634356118310000000"); user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2010 4:33:06 PM", "634303635100000000"); user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000"); user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2790392/CT2790392", "\"1292489669\""); user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"df80df51efec5da14a945672c4af4018\""); user_pref("CommunityToolbar.EngineOwner", ""); user_pref("CommunityToolbar.EngineOwnerGuid", "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"); user_pref("CommunityToolbar.EngineOwnerToolbarId", "bittorrentbar"); user_pref("CommunityToolbar.IsEngineShown", true); user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); user_pref("CommunityToolbar.OriginalEngineOwner", "CT2790392"); user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"); user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bittorrentbar"); user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties"); user_pref("CommunityToolbar.ToolbarsList", "CT2790392"); user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2790392"); user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Apr 06 2011 21:18:57 GMT-0400 (Eastern Daylight Time)"); user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Mar 01 2012 10:09:26 GMT-0500 (Eastern Standard Time)"); user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); user_pref("CommunityToolbar.alert.locale", "en"); user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Mar 01 2012 10:09:14 GMT-0500 (Eastern Standard Time)"); user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611"); user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); user_pref("CommunityToolbar.alert.showTrayIcon", false); user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); user_pref("CommunityToolbar.alert.userId", "52c8f38d-a145-4b40-8473-9f6967b36c5c"); user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Jan 03 2011 00:43:16 GMT-0500 (Eastern Standard Time)"); user_pref("CommunityToolbar.globalUserId", "caafd986-66db-4020-a8bf-0a210d671ee7"); user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); user_pref("CommunityToolbar.killedEngine", true); user_pref("CommunityToolbar.undefined", ""); user_pref("extensions.enabledItems", "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5,{9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.6,{e user_pref("extensions.engine@conduit.com.install-event-fired", true); ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 02/09/2013 at 14:16:50.20 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 5. TDSSKiller downloaded and run, results below... 15:08:32.0612 4580 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 15:08:32.0921 4580 ============================================================ 15:08:32.0921 4580 Current date / time: 2013/02/09 15:08:32.0921 15:08:32.0921 4580 SystemInfo: 15:08:32.0921 4580 15:08:32.0922 4580 OS Version: 6.1.7601 ServicePack: 1.0 15:08:32.0922 4580 Product type: Workstation 15:08:32.0922 4580 ComputerName: STUDIO-64 15:08:32.0922 4580 UserName: Ken 15:08:32.0922 4580 Windows directory: C:\Windows 15:08:32.0922 4580 System windows directory: C:\Windows 15:08:32.0922 4580 Running under WOW64 15:08:32.0922 4580 Processor architecture: Intel x64 15:08:32.0922 4580 Number of processors: 2 15:08:32.0923 4580 Page size: 0x1000 15:08:32.0923 4580 Boot type: Normal boot 15:08:32.0923 4580 ============================================================ 15:08:34.0023 4580 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:08:34.0039 4580 ============================================================ 15:08:34.0039 4580 \Device\Harddisk0\DR0: 15:08:34.0039 4580 MBR partitions: 15:08:34.0039 4580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x47000, BlocksNum 0x1400000 15:08:34.0039 4580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1447000, BlocksNum 0x1BD7E000 15:08:34.0039 4580 ============================================================ 15:08:34.0062 4580 C: <-> \Device\Harddisk0\DR0\Partition2 15:08:34.0094 4580 D: <-> \Device\Harddisk0\DR0\Partition1 15:08:34.0095 4580 ============================================================ 15:08:34.0095 4580 Initialize success 15:08:34.0095 4580 ============================================================ 15:14:07.0933 3664 ============================================================ 15:14:07.0933 3664 Scan started 15:14:07.0933 3664 Mode: Manual; TDLFS; 15:14:07.0933 3664 ============================================================ 15:14:08.0448 3664 ================ Scan system memory ======================== 15:14:08.0448 3664 System memory - ok 15:14:08.0448 3664 ================ Scan services ============================= 15:14:08.0588 3664 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 15:14:08.0604 3664 1394ohci - ok 15:14:08.0635 3664 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 15:14:08.0666 3664 ACPI - ok 15:14:08.0682 3664 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 15:14:08.0682 3664 AcpiPmi - ok 15:14:08.0760 3664 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 15:14:08.0760 3664 AdobeARMservice - ok 15:14:08.0807 3664 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 15:14:08.0838 3664 adp94xx - ok 15:14:08.0869 3664 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 15:14:08.0885 3664 adpahci - ok 15:14:08.0900 3664 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 15:14:08.0916 3664 adpu320 - ok 15:14:08.0947 3664 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 15:14:08.0947 3664 AeLookupSvc - ok 15:14:09.0025 3664 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe 15:14:09.0041 3664 AESTFilters - ok 15:14:09.0150 3664 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys 15:14:09.0165 3664 Afc - ok 15:14:09.0212 3664 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 15:14:09.0228 3664 AFD - ok 15:14:09.0259 3664 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 15:14:09.0259 3664 agp440 - ok 15:14:09.0415 3664 [ 3F211BC5CC699644479B50B9C0679BF6 ] Akamai c:\program files (x86)\common files\akamai\netsession_win_3f211bc.dll 15:14:09.0493 3664 Akamai - ok 15:14:09.0524 3664 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 15:14:09.0524 3664 ALG - ok 15:14:09.0555 3664 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 15:14:09.0555 3664 aliide - ok 15:14:09.0587 3664 [ 9A5495EDEBE7D6B3F7E9A86EBE5EA248 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 15:14:09.0602 3664 AMD External Events Utility - ok 15:14:09.0618 3664 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 15:14:09.0618 3664 amdide - ok 15:14:09.0633 3664 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 15:14:09.0633 3664 AmdK8 - ok 15:14:09.0649 3664 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 15:14:09.0649 3664 AmdPPM - ok 15:14:09.0696 3664 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 15:14:09.0696 3664 amdsata - ok 15:14:09.0711 3664 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 15:14:09.0727 3664 amdsbs - ok 15:14:09.0743 3664 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 15:14:09.0743 3664 amdxata - ok 15:14:09.0789 3664 [ D5EC94CB176F682EAFC823ECA8D90DC6 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys 15:14:09.0789 3664 ApfiltrService - ok 15:14:09.0821 3664 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 15:14:09.0821 3664 AppID - ok 15:14:09.0836 3664 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 15:14:09.0836 3664 AppIDSvc - ok 15:14:09.0867 3664 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 15:14:09.0867 3664 Appinfo - ok 15:14:09.0899 3664 appliandMP - ok 15:14:09.0945 3664 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 15:14:09.0945 3664 AppMgmt - ok 15:14:09.0977 3664 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 15:14:09.0977 3664 arc - ok 15:14:09.0992 3664 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 15:14:09.0992 3664 arcsas - ok 15:14:10.0039 3664 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 15:14:10.0039 3664 AsyncMac - ok 15:14:10.0070 3664 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 15:14:10.0070 3664 atapi - ok 15:14:10.0117 3664 [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys 15:14:10.0117 3664 AtiHdmiService - ok 15:14:10.0273 3664 [ A08339AE90972E268B9622C668F450E8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 15:14:10.0413 3664 atikmdag - ok 15:14:10.0445 3664 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 15:14:10.0491 3664 AudioEndpointBuilder - ok 15:14:10.0507 3664 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 15:14:10.0523 3664 AudioSrv - ok 15:14:10.0569 3664 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 15:14:10.0569 3664 AxInstSV - ok 15:14:10.0616 3664 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 15:14:10.0632 3664 b06bdrv - ok 15:14:10.0679 3664 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 15:14:10.0694 3664 b57nd60a - ok 15:14:10.0725 3664 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 15:14:10.0725 3664 BDESVC - ok 15:14:10.0757 3664 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 15:14:10.0757 3664 Beep - ok 15:14:10.0819 3664 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 15:14:10.0850 3664 BFE - ok 15:14:10.0897 3664 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 15:14:10.0928 3664 BITS - ok 15:14:10.0944 3664 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 15:14:10.0944 3664 blbdrive - ok 15:14:10.0975 3664 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 15:14:10.0991 3664 bowser - ok 15:14:11.0006 3664 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 15:14:11.0006 3664 BrFiltLo - ok 15:14:11.0022 3664 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 15:14:11.0022 3664 BrFiltUp - ok 15:14:11.0037 3664 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 15:14:11.0053 3664 Browser - ok 15:14:11.0069 3664 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 15:14:11.0084 3664 Brserid - ok 15:14:11.0100 3664 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 15:14:11.0100 3664 BrSerWdm - ok 15:14:11.0100 3664 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 15:14:11.0115 3664 BrUsbMdm - ok 15:14:11.0115 3664 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 15:14:11.0115 3664 BrUsbSer - ok 15:14:11.0131 3664 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 15:14:11.0131 3664 BTHMODEM - ok 15:14:11.0147 3664 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 15:14:11.0147 3664 bthserv - ok 15:14:11.0162 3664 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 15:14:11.0162 3664 cdfs - ok 15:14:11.0193 3664 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 15:14:11.0209 3664 cdrom - ok 15:14:11.0240 3664 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 15:14:11.0240 3664 CertPropSvc - ok 15:14:11.0271 3664 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 15:14:11.0271 3664 circlass - ok 15:14:11.0303 3664 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 15:14:11.0318 3664 CLFS - ok 15:14:11.0365 3664 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:14:11.0365 3664 clr_optimization_v2.0.50727_32 - ok 15:14:11.0412 3664 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 15:14:11.0412 3664 clr_optimization_v2.0.50727_64 - ok 15:14:11.0459 3664 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:14:11.0459 3664 clr_optimization_v4.0.30319_32 - ok 15:14:11.0490 3664 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 15:14:11.0490 3664 clr_optimization_v4.0.30319_64 - ok 15:14:11.0521 3664 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 15:14:11.0521 3664 CmBatt - ok 15:14:11.0552 3664 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 15:14:11.0552 3664 cmdide - ok 15:14:11.0599 3664 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 15:14:11.0615 3664 CNG - ok 15:14:11.0646 3664 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 15:14:11.0646 3664 Compbatt - ok 15:14:11.0677 3664 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 15:14:11.0677 3664 CompositeBus - ok 15:14:11.0693 3664 COMSysApp - ok 15:14:11.0708 3664 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 15:14:11.0708 3664 crcdisk - ok 15:14:11.0755 3664 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 15:14:11.0771 3664 CryptSvc - ok 15:14:11.0802 3664 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 15:14:11.0833 3664 CSC - ok 15:14:11.0864 3664 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 15:14:11.0895 3664 CscService - ok 15:14:11.0942 3664 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys 15:14:11.0942 3664 dc3d - ok 15:14:11.0973 3664 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 15:14:11.0989 3664 DcomLaunch - ok 15:14:12.0051 3664 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 15:14:12.0067 3664 defragsvc - ok 15:14:12.0098 3664 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 15:14:12.0098 3664 DfsC - ok 15:14:12.0145 3664 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 15:14:12.0161 3664 Dhcp - ok 15:14:12.0192 3664 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 15:14:12.0192 3664 discache - ok 15:14:12.0207 3664 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 15:14:12.0223 3664 Disk - ok 15:14:12.0254 3664 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 15:14:12.0285 3664 Dnscache - ok 15:14:12.0317 3664 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 15:14:12.0332 3664 dot3svc - ok 15:14:12.0363 3664 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 15:14:12.0363 3664 DPS - ok 15:14:12.0410 3664 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 15:14:12.0410 3664 drmkaud - ok 15:14:12.0457 3664 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 15:14:12.0488 3664 DXGKrnl - ok 15:14:12.0551 3664 [ 45232471A169469EAFCC28D1206C09E2 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys 15:14:12.0551 3664 eamonm - ok 15:14:12.0582 3664 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 15:14:12.0582 3664 EapHost - ok 15:14:12.0660 3664 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 15:14:12.0722 3664 ebdrv - ok 15:14:12.0753 3664 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 15:14:12.0753 3664 EFS - ok 15:14:12.0785 3664 [ 1CB8BE46590FB6D2806F50608CDE4957 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys 15:14:12.0785 3664 ehdrv - ok 15:14:12.0847 3664 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 15:14:12.0878 3664 ehRecvr - ok 15:14:12.0894 3664 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 15:14:12.0909 3664 ehSched - ok 15:14:13.0034 3664 [ 52F63774A1866258BF64488A75CA1757 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe 15:14:13.0065 3664 ekrn - ok 15:14:13.0097 3664 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 15:14:13.0128 3664 elxstor - ok 15:14:13.0159 3664 [ ED7E67634657DCBD024EE2A1A6FFBA2F ] epfw C:\Windows\system32\DRIVERS\epfw.sys 15:14:13.0159 3664 epfw - ok 15:14:13.0190 3664 [ ED9A79169F8B47FBFF1D7FE113D4780A ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys 15:14:13.0190 3664 EpfwLWF - ok 15:14:13.0221 3664 [ 7E1460F280D31CE3497DE9E540C99264 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys 15:14:13.0221 3664 epfwwfp - ok 15:14:13.0253 3664 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 15:14:13.0253 3664 ErrDev - ok 15:14:13.0315 3664 esihdrv - ok 15:14:13.0362 3664 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 15:14:13.0377 3664 EventSystem - ok 15:14:13.0393 3664 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 15:14:13.0409 3664 exfat - ok 15:14:13.0440 3664 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 15:14:13.0440 3664 fastfat - ok 15:14:13.0502 3664 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 15:14:13.0533 3664 Fax - ok 15:14:13.0549 3664 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 15:14:13.0549 3664 fdc - ok 15:14:13.0580 3664 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 15:14:13.0580 3664 fdPHost - ok 15:14:13.0596 3664 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 15:14:13.0596 3664 FDResPub - ok 15:14:13.0611 3664 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 15:14:13.0611 3664 FileInfo - ok 15:14:13.0627 3664 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 15:14:13.0627 3664 Filetrace - ok 15:14:13.0643 3664 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 15:14:13.0643 3664 flpydisk - ok 15:14:13.0674 3664 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 15:14:13.0689 3664 FltMgr - ok 15:14:13.0736 3664 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 15:14:13.0767 3664 FontCache - ok 15:14:13.0814 3664 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 15:14:13.0814 3664 FontCache3.0.0.0 - ok 15:14:13.0830 3664 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 15:14:13.0830 3664 FsDepends - ok 15:14:13.0861 3664 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 15:14:13.0861 3664 Fs_Rec - ok 15:14:13.0908 3664 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 15:14:13.0908 3664 fvevol - ok 15:14:13.0939 3664 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 15:14:13.0939 3664 gagp30kx - ok 15:14:13.0970 3664 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 15:14:13.0986 3664 GEARAspiWDM - ok 15:14:14.0033 3664 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 15:14:14.0064 3664 gpsvc - ok 15:14:14.0173 3664 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:14:14.0173 3664 gupdate - ok 15:14:14.0204 3664 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:14:14.0204 3664 gupdatem - ok 15:14:14.0251 3664 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 15:14:14.0251 3664 gusvc - ok 15:14:14.0267 3664 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 15:14:14.0282 3664 hcw85cir - ok 15:14:14.0345 3664 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 15:14:14.0360 3664 HdAudAddService - ok 15:14:14.0407 3664 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 15:14:14.0407 3664 HDAudBus - ok 15:14:14.0423 3664 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 15:14:14.0423 3664 HidBatt - ok 15:14:14.0438 3664 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 15:14:14.0438 3664 HidBth - ok 15:14:14.0469 3664 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 15:14:14.0469 3664 HidIr - ok 15:14:14.0501 3664 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 15:14:14.0516 3664 hidserv - ok 15:14:14.0532 3664 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 15:14:14.0547 3664 HidUsb - ok 15:14:14.0563 3664 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 15:14:14.0579 3664 hkmsvc - ok 15:14:14.0610 3664 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 15:14:14.0610 3664 HomeGroupListener - ok 15:14:14.0641 3664 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 15:14:14.0657 3664 HomeGroupProvider - ok 15:14:14.0672 3664 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 15:14:14.0672 3664 HpSAMD - ok 15:14:14.0719 3664 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 15:14:14.0766 3664 HTTP - ok 15:14:14.0781 3664 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 15:14:14.0781 3664 hwpolicy - ok 15:14:14.0797 3664 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 15:14:14.0797 3664 i8042prt - ok 15:14:14.0844 3664 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 15:14:14.0859 3664 iaStorV - ok 15:14:14.0922 3664 [ 3CBC834892B5E04CE635BB60FB0EE6FF ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys 15:14:14.0922 3664 IDMWFP - ok 15:14:14.0969 3664 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 15:14:15.0015 3664 idsvc - ok 15:14:15.0031 3664 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 15:14:15.0047 3664 iirsp - ok 15:14:15.0093 3664 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 15:14:15.0140 3664 IKEEXT - ok 15:14:15.0156 3664 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 15:14:15.0156 3664 intelide - ok 15:14:15.0171 3664 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 15:14:15.0171 3664 intelppm - ok 15:14:15.0203 3664 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 15:14:15.0203 3664 IPBusEnum - ok 15:14:15.0234 3664 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:14:15.0234 3664 IpFilterDriver - ok 15:14:15.0265 3664 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 15:14:15.0296 3664 iphlpsvc - ok 15:14:15.0327 3664 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 15:14:15.0343 3664 IPMIDRV - ok 15:14:15.0359 3664 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 15:14:15.0359 3664 IPNAT - ok 15:14:15.0421 3664 [ 4472C8825B5E41D8697D5962F47AB1C9 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 15:14:15.0452 3664 iPod Service - ok 15:14:15.0483 3664 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 15:14:15.0483 3664 IRENUM - ok 15:14:15.0499 3664 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 15:14:15.0499 3664 isapnp - ok 15:14:15.0530 3664 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 15:14:15.0546 3664 iScsiPrt - ok 15:14:15.0577 3664 [ 729CC577A823542AAD779A0F1327BDB6 ] itecir C:\Windows\system32\DRIVERS\itecir.sys 15:14:15.0577 3664 itecir - ok 15:14:15.0624 3664 [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys 15:14:15.0639 3664 k57nd60a - ok 15:14:15.0655 3664 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 15:14:15.0655 3664 kbdclass - ok 15:14:15.0671 3664 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 15:14:15.0686 3664 kbdhid - ok 15:14:15.0686 3664 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 15:14:15.0686 3664 KeyIso - ok 15:14:15.0717 3664 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 15:14:15.0717 3664 KSecDD - ok 15:14:15.0733 3664 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 15:14:15.0749 3664 KSecPkg - ok 15:14:15.0764 3664 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 15:14:15.0764 3664 ksthunk - ok 15:14:15.0795 3664 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 15:14:15.0795 3664 KtmRm - ok 15:14:15.0842 3664 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 15:14:15.0842 3664 LanmanServer - ok 15:14:15.0873 3664 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 15:14:15.0889 3664 LanmanWorkstation - ok 15:14:15.0936 3664 [ BECBD7CD46776B8739EE18061F45A581 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys 15:14:15.0936 3664 LEqdUsb - ok 15:14:15.0998 3664 [ 21D6BD7D62C270059EB8E2B1D4095880 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys 15:14:16.0029 3664 LHidEqd - ok 15:14:16.0061 3664 [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 15:14:16.0061 3664 LHidFilt - ok 15:14:16.0092 3664 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 15:14:16.0092 3664 lltdio - ok 15:14:16.0139 3664 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 15:14:16.0154 3664 lltdsvc - ok 15:14:16.0185 3664 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 15:14:16.0185 3664 lmhosts - ok 15:14:16.0201 3664 [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 15:14:16.0217 3664 LMouFilt - ok 15:14:16.0248 3664 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 15:14:16.0248 3664 LSI_FC - ok 15:14:16.0263 3664 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 15:14:16.0263 3664 LSI_SAS - ok 15:14:16.0279 3664 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 15:14:16.0279 3664 LSI_SAS2 - ok 15:14:16.0295 3664 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 15:14:16.0310 3664 LSI_SCSI - ok 15:14:16.0326 3664 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 15:14:16.0326 3664 luafv - ok 15:14:16.0357 3664 lxbx_device - ok 15:14:16.0419 3664 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 15:14:16.0419 3664 MBAMProtector - ok 15:14:16.0482 3664 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 15:14:16.0482 3664 MBAMScheduler - ok 15:14:16.0529 3664 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 15:14:16.0544 3664 MBAMService - ok 15:14:16.0607 3664 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe 15:14:16.0622 3664 McciCMService - ok 15:14:16.0653 3664 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 15:14:16.0669 3664 Mcx2Svc - ok 15:14:16.0685 3664 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 15:14:16.0685 3664 megasas - ok 15:14:16.0716 3664 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 15:14:16.0731 3664 MegaSR - ok 15:14:16.0763 3664 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 15:14:16.0763 3664 MMCSS - ok 15:14:16.0794 3664 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 15:14:16.0794 3664 Modem - ok 15:14:16.0825 3664 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 15:14:16.0825 3664 monitor - ok 15:14:16.0856 3664 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 15:14:16.0856 3664 mouclass - ok 15:14:16.0872 3664 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 15:14:16.0887 3664 mouhid - ok 15:14:16.0903 3664 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 15:14:16.0903 3664 mountmgr - ok 15:14:16.0934 3664 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 15:14:16.0950 3664 mpio - ok 15:14:16.0965 3664 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 15:14:16.0965 3664 mpsdrv - ok 15:14:17.0012 3664 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 15:14:17.0043 3664 MpsSvc - ok 15:14:17.0059 3664 MREMP50 - ok 15:14:17.0075 3664 MREMP50a64 - ok 15:14:17.0075 3664 MREMPR5 - ok 15:14:17.0090 3664 MRENDIS5 - ok 15:14:17.0106 3664 MRESP50 - ok 15:14:17.0106 3664 MRESP50a64 - ok 15:14:17.0121 3664 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 15:14:17.0137 3664 MRxDAV - ok 15:14:17.0153 3664 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 15:14:17.0168 3664 mrxsmb - ok 15:14:17.0184 3664 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:14:17.0199 3664 mrxsmb10 - ok 15:14:17.0215 3664 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:14:17.0215 3664 mrxsmb20 - ok 15:14:17.0231 3664 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 15:14:17.0231 3664 msahci - ok 15:14:17.0246 3664 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 15:14:17.0246 3664 msdsm - ok 15:14:17.0277 3664 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 15:14:17.0277 3664 MSDTC - ok 15:14:17.0293 3664 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 15:14:17.0309 3664 Msfs - ok 15:14:17.0340 3664 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 15:14:17.0340 3664 mshidkmdf - ok 15:14:17.0355 3664 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 15:14:17.0355 3664 msisadrv - ok 15:14:17.0387 3664 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 15:14:17.0387 3664 MSiSCSI - ok 15:14:17.0387 3664 msiserver - ok 15:14:17.0418 3664 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 15:14:17.0418 3664 MSKSSRV - ok 15:14:17.0433 3664 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 15:14:17.0433 3664 MSPCLOCK - ok 15:14:17.0449 3664 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 15:14:17.0449 3664 MSPQM - ok 15:14:17.0480 3664 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 15:14:17.0496 3664 MsRPC - ok 15:14:17.0496 3664 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 15:14:17.0496 3664 mssmbios - ok 15:14:17.0511 3664 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 15:14:17.0527 3664 MSTEE - ok 15:14:17.0543 3664 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 15:14:17.0543 3664 MTConfig - ok 15:14:17.0558 3664 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 15:14:17.0558 3664 Mup - ok 15:14:17.0589 3664 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 15:14:17.0605 3664 napagent - ok 15:14:17.0636 3664 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 15:14:17.0636 3664 NativeWifiP - ok 15:14:17.0683 3664 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 15:14:17.0714 3664 NDIS - ok 15:14:17.0745 3664 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 15:14:17.0745 3664 NdisCap - ok 15:14:17.0761 3664 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 15:14:17.0761 3664 NdisTapi - ok 15:14:17.0792 3664 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 15:14:17.0792 3664 Ndisuio - ok 15:14:17.0823 3664 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 15:14:17.0823 3664 NdisWan - ok 15:14:17.0855 3664 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 15:14:17.0855 3664 NDProxy - ok 15:14:17.0870 3664 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 15:14:17.0870 3664 NetBIOS - ok 15:14:17.0886 3664 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 15:14:17.0886 3664 NetBT - ok 15:14:17.0901 3664 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 15:14:17.0901 3664 Netlogon - ok 15:14:17.0948 3664 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 15:14:17.0964 3664 Netman - ok 15:14:17.0995 3664 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 15:14:18.0026 3664 netprofm - ok 15:14:18.0057 3664 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:14:18.0057 3664 NetTcpPortSharing - ok 15:14:18.0291 3664 [ 18555F48844C2861D9DCE8F2B7223AE5 ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys 15:14:18.0479 3664 NETw5s64 - ok 15:14:18.0635 3664 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys 15:14:18.0775 3664 netw5v64 - ok 15:14:18.0806 3664 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 15:14:18.0806 3664 nfrd960 - ok 15:14:18.0837 3664 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 15:14:18.0853 3664 NlaSvc - ok 15:14:18.0869 3664 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 15:14:18.0869 3664 Npfs - ok 15:14:18.0900 3664 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 15:14:18.0900 3664 nsi - ok 15:14:18.0915 3664 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 15:14:18.0915 3664 nsiproxy - ok 15:14:18.0978 3664 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 15:14:19.0040 3664 Ntfs - ok 15:14:19.0071 3664 [ A2F750E416D1C628BDCDC2075AC33BC6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys 15:14:19.0071 3664 NuidFltr - ok 15:14:19.0087 3664 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 15:14:19.0087 3664 Null - ok 15:14:19.0103 3664 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 15:14:19.0118 3664 nvraid - ok 15:14:19.0134 3664 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 15:14:19.0134 3664 nvstor - ok 15:14:19.0165 3664 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 15:14:19.0165 3664 nv_agp - ok 15:14:19.0196 3664 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 15:14:19.0196 3664 ohci1394 - ok 15:14:19.0259 3664 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:14:19.0274 3664 ose - ok 15:14:19.0415 3664 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 15:14:19.0446 3664 osppsvc - ok 15:14:19.0477 3664 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 15:14:19.0493 3664 p2pimsvc - ok 15:14:19.0508 3664 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 15:14:19.0524 3664 p2psvc - ok 15:14:19.0524 3664 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 15:14:19.0524 3664 Parport - ok 15:14:19.0555 3664 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 15:14:19.0555 3664 partmgr - ok 15:14:19.0571 3664 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 15:14:19.0586 3664 PcaSvc - ok 15:14:19.0649 3664 [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{1E208CE0-FB7451FF-06020200}_0 c:\program files\dell support center\pcdsrvc_x64.pkms 15:14:19.0664 3664 PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - ok 15:14:19.0680 3664 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 15:14:19.0680 3664 pci - ok 15:14:19.0695 3664 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 15:14:19.0711 3664 pciide - ok 15:14:19.0727 3664 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 15:14:19.0727 3664 pcmcia - ok 15:14:19.0742 3664 PCTINDIS5X64 - ok 15:14:19.0758 3664 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 15:14:19.0758 3664 pcw - ok 15:14:19.0820 3664 [ 52243E196BB773B5163700B183A67123 ] PDFProFiltSrv C:\Program Files (x86)\Nuance\PDF Professional 6\PDFProFiltSrv.exe 15:14:19.0836 3664 PDFProFiltSrv - ok 15:14:19.0867 3664 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 15:14:19.0883 3664 PEAUTH - ok 15:14:19.0945 3664 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 15:14:19.0976 3664 PeerDistSvc - ok 15:14:20.0070 3664 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 15:14:20.0085 3664 PerfHost - ok 15:14:20.0132 3664 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 15:14:20.0179 3664 pla - ok 15:14:20.0195 3664 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 15:14:20.0226 3664 PlugPlay - ok 15:14:20.0241 3664 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 15:14:20.0241 3664 PNRPAutoReg - ok 15:14:20.0257 3664 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 15:14:20.0257 3664 PNRPsvc - ok 15:14:20.0319 3664 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\Windows\system32\DRIVERS\point64.sys 15:14:20.0319 3664 Point64 - ok 15:14:20.0351 3664 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 15:14:20.0366 3664 PolicyAgent - ok 15:14:20.0397 3664 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 15:14:20.0397 3664 Power - ok 15:14:20.0429 3664 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 15:14:20.0429 3664 PptpMiniport - ok 15:14:20.0444 3664 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 15:14:20.0444 3664 Processor - ok 15:14:20.0491 3664 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 15:14:20.0491 3664 ProfSvc - ok 15:14:20.0507 3664 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 15:14:20.0507 3664 ProtectedStorage - ok 15:14:20.0538 3664 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 15:14:20.0553 3664 Psched - ok 15:14:20.0585 3664 [ BCCEA08C45BEA866FFD2AF32D23611B5 ] PTDUBus C:\Windows\system32\DRIVERS\PTDUBus.sys 15:14:20.0600 3664 PTDUBus - ok 15:14:20.0631 3664 [ F94A0753921E97CEBB9002682097149A ] PTDUMdm C:\Windows\system32\DRIVERS\PTDUMdm.sys 15:14:20.0647 3664 PTDUMdm - ok 15:14:20.0678 3664 [ AC70CDAE9E26D26EF6F41C3C23087AAE ] PTDUVsp C:\Windows\system32\DRIVERS\PTDUVsp.sys 15:14:20.0678 3664 PTDUVsp - ok 15:14:20.0709 3664 [ 1D2BD34A8E5C9EFD75085AF598A7D9B4 ] PTDUWFLT C:\Windows\system32\DRIVERS\PTDUWFLT.sys 15:14:20.0709 3664 PTDUWFLT - ok 15:14:20.0741 3664 [ 3D47D2AE93FDF671C3C997B2FAC4E13F ] PTDUWWAN C:\Windows\system32\DRIVERS\PTDUWWAN.sys 15:14:20.0741 3664 PTDUWWAN - ok 15:14:20.0803 3664 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 15:14:20.0865 3664 ql2300 - ok 15:14:20.0912 3664 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 15:14:20.0912 3664 ql40xx - ok 15:14:20.0943 3664 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 15:14:20.0959 3664 QWAVE - ok 15:14:20.0975 3664 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 15:14:20.0975 3664 QWAVEdrv - ok 15:14:20.0990 3664 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 15:14:20.0990 3664 RasAcd - ok 15:14:21.0021 3664 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 15:14:21.0021 3664 RasAgileVpn - ok 15:14:21.0037 3664 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 15:14:21.0037 3664 RasAuto - ok 15:14:21.0068 3664 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 15:14:21.0068 3664 Rasl2tp - ok 15:14:21.0099 3664 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 15:14:21.0099 3664 RasMan - ok 15:14:21.0115 3664 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 15:14:21.0115 3664 RasPppoe - ok 15:14:21.0146 3664 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 15:14:21.0146 3664 RasSstp - ok 15:14:21.0162 3664 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 15:14:21.0162 3664 rdbss - ok 15:14:21.0177 3664 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 15:14:21.0177 3664 rdpbus - ok 15:14:21.0209 3664 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 15:14:21.0209 3664 RDPCDD - ok 15:14:21.0240 3664 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 15:14:21.0240 3664 RDPDR - ok 15:14:21.0255 3664 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 15:14:21.0255 3664 RDPENCDD - ok 15:14:21.0271 3664 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 15:14:21.0271 3664 RDPREFMP - ok 15:14:21.0318 3664 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 15:14:21.0318 3664 RdpVideoMiniport - ok 15:14:21.0349 3664 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 15:14:21.0349 3664 RDPWD - ok 15:14:21.0380 3664 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 15:14:21.0380 3664 rdyboost - ok 15:14:21.0411 3664 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 15:14:21.0411 3664 RemoteAccess - ok 15:14:21.0427 3664 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 15:14:21.0443 3664 RemoteRegistry - ok 15:14:21.0474 3664 [ 6FAF5B04BEDC66D300D9D233B2D222F0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys 15:14:21.0474 3664 rimmptsk - ok 15:14:21.0505 3664 [ 67F50C31713106FD1B0F286F86AA2B2E ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys 15:14:21.0505 3664 rimsptsk - ok 15:14:21.0552 3664 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys 15:14:21.0552 3664 RimUsb - ok 15:14:21.0599 3664 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys 15:14:21.0599 3664 RimVSerPort - ok 15:14:21.0614 3664 [ 4D7EF3D46346EC4C58784DB964B365DE ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys 15:14:21.0614 3664 rismxdp - ok 15:14:21.0645 3664 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys 15:14:21.0645 3664 ROOTMODEM - ok 15:14:21.0661 3664 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 15:14:21.0677 3664 RpcEptMapper - ok 15:14:21.0692 3664 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 15:14:21.0692 3664 RpcLocator - ok 15:14:21.0739 3664 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 15:14:21.0739 3664 RpcSs - ok 15:14:21.0770 3664 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 15:14:21.0770 3664 rspndr - ok 15:14:21.0801 3664 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 15:14:21.0801 3664 s3cap - ok 15:14:21.0817 3664 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 15:14:21.0817 3664 SamSs - ok 15:14:21.0833 3664 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 15:14:21.0833 3664 sbp2port - ok 15:14:21.0911 3664 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 15:14:21.0926 3664 SBSDWSCService - ok 15:14:21.0957 3664 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 15:14:21.0957 3664 SCardSvr - ok 15:14:22.0004 3664 [ B2F50286DC82B93C013E3FC57BA1A956 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys 15:14:22.0004 3664 SCDEmu - ok 15:14:22.0051 3664 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 15:14:22.0051 3664 scfilter - ok 15:14:22.0098 3664 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 15:14:22.0145 3664 Schedule - ok 15:14:22.0176 3664 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 15:14:22.0176 3664 SCPolicySvc - ok 15:14:22.0207 3664 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys 15:14:22.0207 3664 sdbus - ok 15:14:22.0238 3664 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 15:14:22.0238 3664 SDRSVC - ok 15:14:22.0269 3664 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 15:14:22.0269 3664 secdrv - ok 15:14:22.0285 3664 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 15:14:22.0301 3664 seclogon - ok 15:14:22.0316 3664 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 15:14:22.0332 3664 SENS - ok 15:14:22.0332 3664 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 15:14:22.0347 3664 SensrSvc - ok 15:14:22.0363 3664 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 15:14:22.0363 3664 Serenum - ok 15:14:22.0379 3664 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 15:14:22.0379 3664 Serial - ok 15:14:22.0394 3664 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 15:14:22.0394 3664 sermouse - ok 15:14:22.0425 3664 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 15:14:22.0425 3664 SessionEnv - ok 15:14:22.0441 3664 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys 15:14:22.0441 3664 sffdisk - ok 15:14:22.0457 3664 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 15:14:22.0457 3664 sffp_mmc - ok 15:14:22.0488 3664 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys 15:14:22.0488 3664 sffp_sd - ok 15:14:22.0503 3664 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 15:14:22.0535 3664 sfloppy - ok 15:14:22.0566 3664 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 15:14:22.0566 3664 SharedAccess - ok 15:14:22.0597 3664 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 15:14:22.0613 3664 ShellHWDetection - ok 15:14:22.0628 3664 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 15:14:22.0628 3664 SiSRaid2 - ok 15:14:22.0644 3664 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 15:14:22.0644 3664 SiSRaid4 - ok 15:14:22.0706 3664 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 15:14:22.0706 3664 SkypeUpdate - ok 15:14:22.0737 3664 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 15:14:22.0737 3664 Smb - ok 15:14:22.0800 3664 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 15:14:22.0800 3664 SNMPTRAP - ok 15:14:22.0815 3664 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 15:14:22.0815 3664 spldr - ok 15:14:22.0847 3664 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 15:14:22.0847 3664 Spooler - ok 15:14:22.0956 3664 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 15:14:22.0971 3664 sppsvc - ok 15:14:22.0987 3664 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 15:14:22.0987 3664 sppuinotify - ok 15:14:23.0034 3664 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys 15:14:23.0034 3664 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB 15:14:23.0034 3664 sptd ( LockedFile.Multi.Generic ) - warning 15:14:23.0034 3664 sptd - detected LockedFile.Multi.Generic (1) 15:14:23.0065 3664 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 15:14:23.0081 3664 srv - ok 15:14:23.0127 3664 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 15:14:23.0143 3664 srv2 - ok 15:14:23.0159 3664 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 15:14:23.0159 3664 srvnet - ok 15:14:23.0190 3664 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 15:14:23.0190 3664 SSDPSRV - ok 15:14:23.0205 3664 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 15:14:23.0205 3664 SstpSvc - ok 15:14:23.0299 3664 [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe 15:14:23.0299 3664 STacSV - ok 15:14:23.0330 3664 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 15:14:23.0330 3664 stexstor - ok 15:14:23.0377 3664 [ 02E784FA49032F84964DB90A3ED81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys 15:14:23.0393 3664 STHDA - ok 15:14:23.0439 3664 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 15:14:23.0471 3664 stisvc - ok 15:14:23.0502 3664 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 15:14:23.0502 3664 storflt - ok 15:14:23.0533 3664 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 15:14:23.0533 3664 storvsc - ok 15:14:23.0564 3664 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 15:14:23.0564 3664 swenum - ok 15:14:23.0580 3664 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 15:14:23.0595 3664 swprv - ok 15:14:23.0611 3664 Synth3dVsc - ok 15:14:23.0673 3664 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 15:14:23.0736 3664 SysMain - ok 15:14:23.0751 3664 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 15:14:23.0767 3664 TabletInputService - ok 15:14:23.0783 3664 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 15:14:23.0783 3664 TapiSrv - ok 15:14:23.0798 3664 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 15:14:23.0798 3664 TBS - ok 15:14:23.0861 3664 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 15:14:23.0907 3664 Tcpip - ok 15:14:23.0985 3664 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 15:14:24.0001 3664 TCPIP6 - ok 15:14:24.0032 3664 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 15:14:24.0032 3664 tcpipreg - ok 15:14:24.0048 3664 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 15:14:24.0048 3664 TDPIPE - ok 15:14:24.0079 3664 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 15:14:24.0079 3664 TDTCP - ok 15:14:24.0110 3664 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 15:14:24.0126 3664 tdx - ok 15:14:24.0141 3664 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 15:14:24.0141 3664 TermDD - ok 15:14:24.0173 3664 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 15:14:24.0204 3664 TermService - ok 15:14:24.0204 3664 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 15:14:24.0219 3664 Themes - ok 15:14:24.0235 3664 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 15:14:24.0235 3664 THREADORDER - ok 15:14:24.0266 3664 [ 3E24B7FE52BC455DA8D6E2CC2B4CA23F ] tifsfilter C:\Windows\system32\DRIVERS\tifsfilt.sys 15:14:24.0266 3664 tifsfilter - ok 15:14:24.0282 3664 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 15:14:24.0282 3664 TrkWks - ok 15:14:24.0329 3664 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 15:14:24.0329 3664 TrustedInstaller - ok 15:14:24.0344 3664 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 15:14:24.0344 3664 tssecsrv - ok 15:14:24.0375 3664 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 15:14:24.0391 3664 TsUsbFlt - ok 15:14:24.0391 3664 tsusbhub - ok 15:14:24.0422 3664 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 15:14:24.0422 3664 tunnel - ok 15:14:24.0453 3664 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 15:14:24.0453 3664 uagp35 - ok 15:14:24.0485 3664 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 15:14:24.0485 3664 udfs - ok 15:14:24.0516 3664 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 15:14:24.0516 3664 UI0Detect - ok 15:14:24.0531 3664 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 15:14:24.0547 3664 uliagpkx - ok 15:14:24.0578 3664 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 15:14:24.0578 3664 umbus - ok 15:14:24.0594 3664 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 15:14:24.0594 3664 UmPass - ok 15:14:24.0609 3664 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 15:14:24.0609 3664 UmRdpService - ok 15:14:24.0625 3664 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 15:14:24.0641 3664 upnphost - ok 15:14:24.0672 3664 [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 15:14:24.0672 3664 USBAAPL64 - ok 15:14:24.0703 3664 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 15:14:24.0703 3664 usbaudio - ok 15:14:24.0734 3664 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 15:14:24.0734 3664 usbccgp - ok 15:14:24.0765 3664 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 15:14:24.0765 3664 usbcir - ok 15:14:24.0781 3664 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 15:14:24.0781 3664 usbehci - ok 15:14:24.0812 3664 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 15:14:24.0828 3664 usbhub - ok 15:14:24.0843 3664 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 15:14:24.0843 3664 usbohci - ok 15:14:24.0859 3664 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 15:14:24.0859 3664 usbprint - ok 15:14:24.0890 3664 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 15:14:24.0890 3664 usbscan - ok 15:14:24.0921 3664 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:14:24.0921 3664 USBSTOR - ok 15:14:24.0937 3664 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 15:14:24.0937 3664 usbuhci - ok 15:14:24.0968 3664 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 15:14:24.0984 3664 usbvideo - ok 15:14:24.0984 3664 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 15:14:24.0984 3664 UxSms - ok 15:14:25.0015 3664 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 15:14:25.0015 3664 VaultSvc - ok 15:14:25.0031 3664 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 15:14:25.0031 3664 vdrvroot - ok 15:14:25.0062 3664 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 15:14:25.0093 3664 vds - ok 15:14:25.0109 3664 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 15:14:25.0109 3664 vga - ok 15:14:25.0124 3664 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 15:14:25.0124 3664 VgaSave - ok 15:14:25.0155 3664 VGPU - ok 15:14:25.0187 3664 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 15:14:25.0187 3664 vhdmp - ok 15:14:25.0202 3664 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 15:14:25.0202 3664 viaide - ok 15:14:25.0233 3664 [ C69A784BEC737CD7460EBF3C3834D65E ] vidsflt53 C:\Windows\system32\DRIVERS\vsflt53.sys 15:14:25.0249 3664 vidsflt53 - ok 15:14:25.0265 3664 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 15:14:25.0265 3664 vmbus - ok 15:14:25.0280 3664 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 15:14:25.0280 3664 VMBusHID - ok 15:14:25.0296 3664 VMnetAdapter - ok 15:14:25.0327 3664 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 15:14:25.0327 3664 volmgr - ok 15:14:25.0358 3664 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 15:14:25.0358 3664 volmgrx - ok 15:14:25.0374 3664 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 15:14:25.0389 3664 volsnap - ok 15:14:25.0421 3664 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys 15:14:25.0421 3664 vpcbus - ok 15:14:25.0436 3664 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys 15:14:25.0436 3664 vpcusb - ok 15:14:25.0467 3664 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 15:14:25.0467 3664 vsmraid - ok 15:14:25.0514 3664 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 15:14:25.0577 3664 VSS - ok 15:14:25.0592 3664 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 15:14:25.0592 3664 vwifibus - ok 15:14:25.0608 3664 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 15:14:25.0608 3664 vwififlt - ok 15:14:25.0655 3664 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 15:14:25.0670 3664 vwifimp - ok 15:14:25.0701 3664 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 15:14:25.0733 3664 W32Time - ok 15:14:25.0748 3664 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 15:14:25.0748 3664 WacomPen - ok 15:14:25.0795 3664 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 15:14:25.0811 3664 WANARP - ok 15:14:25.0811 3664 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 15:14:25.0811 3664 Wanarpv6 - ok 15:14:25.0889 3664 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 15:14:25.0889 3664 WatAdminSvc - ok 15:14:25.0935 3664 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 15:14:25.0982 3664 wbengine - ok 15:14:25.0998 3664 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 15:14:26.0013 3664 WbioSrvc - ok 15:14:26.0060 3664 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 15:14:26.0076 3664 wcncsvc - ok 15:14:26.0107 3664 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 15:14:26.0107 3664 WcsPlugInService - ok 15:14:26.0123 3664 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 15:14:26.0138 3664 Wd - ok 15:14:26.0169 3664 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 15:14:26.0216 3664 Wdf01000 - ok 15:14:26.0232 3664 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 15:14:26.0232 3664 WdiServiceHost - ok 15:14:26.0247 3664 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 15:14:26.0247 3664 WdiSystemHost - ok 15:14:26.0263 3664 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 15:14:26.0279 3664 WebClient - ok 15:14:26.0294 3664 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 15:14:26.0310 3664 Wecsvc - ok 15:14:26.0325 3664 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 15:14:26.0325 3664 wercplsupport - ok 15:14:26.0341 3664 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 15:14:26.0341 3664 WerSvc - ok 15:14:26.0372 3664 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 15:14:26.0372 3664 WfpLwf - ok 15:14:26.0435 3664 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys 15:14:26.0450 3664 WimFltr - ok 15:14:26.0466 3664 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 15:14:26.0466 3664 WIMMount - ok 15:14:26.0481 3664 WinDefend - ok 15:14:26.0497 3664 WinHttpAutoProxySvc - ok 15:14:26.0559 3664 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 15:14:26.0559 3664 Winmgmt - ok 15:14:26.0637 3664 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 15:14:26.0715 3664 WinRM - ok 15:14:26.0747 3664 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 15:14:26.0747 3664 WinUsb - ok 15:14:26.0793 3664 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 15:14:26.0825 3664 Wlansvc - ok 15:14:26.0856 3664 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 15:14:26.0856 3664 WmiAcpi - ok 15:14:26.0871 3664 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 15:14:26.0887 3664 wmiApSrv - ok 15:14:26.0918 3664 WMPNetworkSvc - ok 15:14:26.0934 3664 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 15:14:26.0934 3664 WPCSvc - ok 15:14:26.0949 3664 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 15:14:26.0965 3664 WPDBusEnum - ok 15:14:26.0981 3664 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 15:14:26.0981 3664 ws2ifsl - ok 15:14:26.0996 3664 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 15:14:26.0996 3664 wscsvc - ok 15:14:27.0012 3664 WSearch - ok 15:14:27.0090 3664 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 15:14:27.0152 3664 wuauserv - ok 15:14:27.0168 3664 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 15:14:27.0168 3664 WudfPf - ok 15:14:27.0199 3664 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 15:14:27.0199 3664 WUDFRd - ok 15:14:27.0230 3664 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 15:14:27.0246 3664 wudfsvc - ok 15:14:27.0261 3664 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 15:14:27.0261 3664 WwanSvc - ok 15:14:27.0308 3664 ================ Scan global =============================== 15:14:27.0324 3664 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 15:14:27.0355 3664 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 15:14:27.0355 3664 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 15:14:27.0371 3664 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 15:14:27.0402 3664 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 15:14:27.0417 3664 [Global] - ok 15:14:27.0417 3664 ================ Scan MBR ================================== 15:14:27.0433 3664 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 15:14:27.0885 3664 \Device\Harddisk0\DR0 - ok 15:14:27.0885 3664 ================ Scan VBR ================================== 15:14:27.0932 3664 [ 3F517D68D6BFBE7E40EF4DAC3ADEC045 ] \Device\Harddisk0\DR0\Partition1 15:14:27.0932 3664 \Device\Harddisk0\DR0\Partition1 - ok 15:14:27.0932 3664 [ BFCB31D4157D9B1B8C3692545868638B ] \Device\Harddisk0\DR0\Partition2 15:14:27.0932 3664 \Device\Harddisk0\DR0\Partition2 - ok 15:14:27.0932 3664 ============================================================ 15:14:27.0932 3664 Scan finished 15:14:27.0932 3664 ============================================================ 15:14:27.0963 0964 Detected object count: 1 15:14:27.0963 0964 Actual detected object count: 1 15:14:49.0008 0964 sptd ( LockedFile.Multi.Generic ) - skipped by user 15:14:49.0008 0964 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 15:15:02.0346 3024 Deinitialize success 6. RogueKiller downloaded and run, results below... RogueKiller V8.5.0 [Feb 9 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Ken [Admin rights] Mode : Scan -- Date : 02/09/2013 15:48:51 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 15 ¤¤¤ [TASK][sUSP PATH] IHSelfDeleteTASK : CMD /C DEL C:\Users\Ken\AppData\Local\Temp\IHU458B.tmp.exe -> FOUND [TASK][sUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\Ken\AppData\Local\Temp\IHU3CA4.tmp.exe -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ -> D:\windows\system32\config\SOFTWARE -> D:\windows\system32\config\SYSTEM -> D:\Users\Default\NTUSER.DAT ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9250421ASG ATA Device +++++ --- User --- [MBR] b7693a2bf58ae1342f3804dee50cc93f [bSP] 43e2be632fa467e7e97cb39987fa84d2 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 141 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 290816 | Size: 10240 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21262336 | Size: 228092 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_02092013_02d1548.txt >> RKreport[1]_S_02092013_02d1548.txt ESET Security re-enabled, files posted. All steps completed as requested...
  6. Hello, Recently my sons were home for the holidays and using the computers available to play a game across the internet. Since that time many of the systems have developed unique problems. This thread deals with my work laptop, which has since developed the following symptoms: system locking up Internet Explorer crawls and then locks up reporting that it is no longer an authentic version of windows desktop icons are inoperable right clicking on items is inoperable trying to uninstall programs in control panel returns errors etc... System info is below as well as the requested files: dds.txt attach.txt Any assistance would be appreciated, thanks in advance! Ken ------------------ System Information ------------------ Time of this report: 2/8/2013, 18:08:31 Machine name: STUDIO-64 Operating System: Windows 7 Ultimate 64-bit (6.1, Build 7601) Service Pack 1 (7601.win7sp1_gdr.120830-0333) Language: English (Regional Setting: English) System Manufacturer: Dell Inc. System Model: Studio 1737 BIOS: Ver 1.00 BIOS A04 PARTTBL" Processor: Intel® Core2 Duo CPU T9400 @ 2.53GHz (2 CPUs), ~2.5GHz Memory: 4096MB RAM Available OS Memory: 4090MB RAM Page File: 2115MB used, 6064MB available Windows Dir: C:\Windows DirectX Version: DirectX 11 DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 Run by Ken at 10:39:19 on 2013-02-06 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4091.2647 [GMT -5:00] . AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\lxbxcoms.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\Lexmark 7100 Series\lxbxmon.exe C:\Program Files (x86)\Lexmark 7100 Series\ezprint.exe C:\Program Files\Microsoft Device Center\ipoint.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Program Files (x86)\SpywareGuard\sgmain.exe C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe C:\Program Files (x86)\SpywareGuard\sgbhp.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\notepad.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ig?hl=en uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3081217 uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll mWinlogon: Userinit = userinit.exe, BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll TB: Nuance PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun StartupFolder: C:\Users\Ken\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYWAR~1.LNK - C:\Program Files (x86)\SpywareGuard\sgmain.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:95 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Create PDF file - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: Download all by FlashGet3 - C:\Users\Ken\AppData\Roaming\FlashGetBHO\GetAllUrl.htm IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm IE: Download by FlashGet3 - C:\Users\Ken\AppData\Roaming\FlashGetBHO\GetUrl.htm IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Open with Nuance PDF Converter 6.0 - C:\Program Files (x86)\Nuance\PDF Professional 6\cnvres_eng.dll /100 IE: Open with PDF Professional 6 - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{31A44C8B-F233-42F5-B40B-612968FE4006} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{31A44C8B-F233-42F5-B40B-612968FE4006}\25546554C4 : DHCPNameServer = 8.8.8.8 8.8.4.4 208.67.222.222 TCP: Interfaces\{31A44C8B-F233-42F5-B40B-612968FE4006}\34C6561627023507F64702036333 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{31A44C8B-F233-42F5-B40B-612968FE4006}\857383B473 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{325EAE92-B1F4-4FA0-9FFC-2C080D4EE66D} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [lxbxmon.exe] "C:\Program Files (x86)\Lexmark 7100 Series\lxbxmon.exe" x64-Run: [LXBXCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\LXBXtime.dll,RunDLLEntry x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 7100 Series\ezprint.exe" x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE x64-Run: [intelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe" x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\7zlv1z4n.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll FF - component: C:\Users\Ken\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll FF - component: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\7zlv1z4n.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll FF - component: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\7zlv1z4n.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll FF - component: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\7zlv1z4n.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: c:\Program Files (x86)\Autodesk\Autodesk Design Review Firefox Add-on v1.1\npADRdwf.dll FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\nppdf.dll FF - plugin: C:\Program Files (x86)\Nuance\PDF Professional 6\bin\nppdf.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\7zlv1z4n.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\plugins\np-mswmp.dll . ============= SERVICES / DRIVERS =============== . R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2012-6-14 62536] R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2012-7-20 141920] R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-6-14 211344] R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2012-6-14 38328] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2010-7-28 89600] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-6-14 1288104] R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2013-1-29 165112] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-24 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-24 682344] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-9-7 1153368] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-6-13 24176] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536] S3 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136] S3 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-7-26 203264] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-6-15 7689216] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-11-26 25584] S3 PDFProFiltSrv;PDFProFiltSrv;C:\Program Files (x86)\Nuance\PDF Professional 6\PDFProFiltSrv.exe [2009-6-30 134944] S3 PTDUBus;PANTECH UM175 Composite Device Driver ;C:\Windows\System32\drivers\PTDUBus.sys [2011-8-26 70672] S3 PTDUMdm;PANTECH UM175 Drivers;C:\Windows\System32\drivers\PTDUMdm.sys [2011-8-26 173456] S3 PTDUVsp;PANTECH UM175 Diagnostic Port;C:\Windows\System32\drivers\PTDUVsp.sys [2011-8-26 173456] S3 PTDUWFLT;PTDUWWAN Filter Driver;C:\Windows\System32\drivers\PTDUWFLT.sys [2011-8-26 12688] S3 PTDUWWAN;PANTECH UM175 WWAN Driver;C:\Windows\System32\drivers\PTDUWWAN.sys [2011-8-26 141840] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-3-10 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-10 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-12-14 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-26 1255736] . =============== File Associations =============== . FileExt: .scr: DWGTrueViewScriptFile=C:\Windows\System32\notepad.exe "%1" FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice] FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice] ShellExec: Foxit Reader.exe: print="C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe"/p "%1" ShellExec: Foxit Reader.exe: printto="C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4" . =============== Created Last 30 ================ . 2013-02-06 11:33:19 -------- d-----w- C:\Users\Ken\Desktop Folders 2013-01-30 14:38:14 -------- d-----w- C:\ProgramData\IDM 2013-01-30 01:40:02 -------- d-----w- C:\Utils 2013-01-29 12:03:10 165112 ----a-w- C:\Windows\System32\drivers\idmwfp.sys 2013-01-10 14:26:05 750592 ----a-w- C:\Windows\System32\win32spl.dll 2013-01-10 14:26:05 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-01-10 14:26:04 800768 ----a-w- C:\Windows\System32\usp10.dll 2013-01-10 14:26:04 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2013-01-10 14:24:55 2002432 ----a-w- C:\Windows\System32\msxml6.dll 2013-01-10 14:24:54 1882624 ----a-w- C:\Windows\System32\msxml3.dll 2013-01-10 14:24:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2013-01-10 14:24:53 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2013-01-10 14:24:52 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2013-01-10 14:24:52 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2013-01-10 14:24:51 3149824 ----a-w- C:\Windows\System32\win32k.sys 2013-01-10 14:24:47 68608 ----a-w- C:\Windows\System32\taskhost.exe . ==================== Find3M ==================== . 2013-01-13 14:01:39 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-13 14:01:39 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs 2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll . ============= FINISH: 10:39:42.76 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume3 Install Date: 7/26/2010 1:42:52 PM System Uptime: 2/6/2013 6:53:08 AM (4 hours ago) . Motherboard: Dell Inc. | | 0P786H Processor: Intel® Core2 Duo CPU T9400 @ 2.53GHz | U2E1 | 2534/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 223 GiB total, 66.027 GiB free. D: is FIXED (NTFS) - 10 GiB total, 2.519 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft 6to4 Adapter Device ID: ROOT\*6TO4MP\0000 Manufacturer: Microsoft Name: Microsoft 6to4 Adapter PNP Device ID: ROOT\*6TO4MP\0000 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft ISATAP Adapter Device ID: ROOT\*ISATAP\0000 Manufacturer: Microsoft Name: Microsoft ISATAP Adapter PNP Device ID: ROOT\*ISATAP\0000 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft ISATAP Adapter Device ID: ROOT\*ISATAP\0001 Manufacturer: Microsoft Name: Microsoft ISATAP Adapter #2 PNP Device ID: ROOT\*ISATAP\0001 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft ISATAP Adapter Device ID: ROOT\*ISATAP\0002 Manufacturer: Microsoft Name: Microsoft ISATAP Adapter #3 PNP Device ID: ROOT\*ISATAP\0002 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Teredo Tunneling Adapter Device ID: ROOT\*TEREDO\0000 Manufacturer: Microsoft Name: Microsoft Teredo Tunneling Adapter PNP Device ID: ROOT\*TEREDO\0000 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Intel® WiFi Link 5100 AGN Device ID: PCI\VEN_8086&DEV_4232&SUBSYS_13218086&REV_00\4&B04CCE1&0&00E1 Manufacturer: Intel Corporation Name: Intel® WiFi Link 5100 AGN PNP Device ID: PCI\VEN_8086&DEV_4232&SUBSYS_13218086&REV_00\4&B04CCE1&0&00E1 Service: NETw5s64 . ==== System Restore Points =================== . RP355: 2/2/2013 7:12:55 PM - Windows Modules Installer . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin 64-bit Adobe Reader X (10.1.4) Akamai NetSession Interface ArcSoft MediaImpression for Kodak ATI Catalyst Install Manager BitTorrent BlackBerry Desktop Software 7.1 Catalyst Control Center InstallProxy CCleaner CDDRV_Installer Chinese Simplified Fonts Support For Adobe Reader X Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Defraggler Dell Support Center Dell Touchpad DivX Setup Dropbox DVD Decrypter (Remove Only) DVD Shrink 3.2 Elcomsoft Blackberry Backup Explorer eMusic Download Manager 4.1.4 ESET Online Scanner v3 ESET Smart Security Foxit PDF IFilter Foxit Phantom Foxit Reader Google Chrome Google Earth Plug-in Google Toolbar for Internet Explorer Google Update Helper GoToMeeting 5.3.0.977 IDT Audio Internet Download Manager iTunes Japanese Fonts Support For Adobe Reader X KhalInstallWrapper Lexmark 7100 Series Logitech SetPoint Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Mouse and Keyboard Center Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mindjet MindManager 9 Mozilla Firefox 10.0.2 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nuance PDF Professional 6 PANTECH UM175 Driver PDFCreator Picasa 3 Plustek OpticSlim M12 Plus PowerISO QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer RealUpgrade 1.1 Replay Media Catcher 4 (4.2.8) RICOH Media Driver ver.2.07.01.00 Roblox for Ken Scansoft PDF Professional Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Skype Click to Call Skype™ 6.1 Snagit 10.0.1 Spybot - Search & Destroy SpywareBlaster 4.4 SpywareGuard v2.2 System Requirements Lab for Intel Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition VC80CRTRedist - 8.0.50727.4053 VLC media player 1.1.11 Windows Automated Installation Kit Windows XP Mode WinRAR archiver . ==== End Of File ===========================
  7. Thank you so much for all your patience and diligent assistance, your thoroughness was very impressive and appreciated. I would not have thought of some of the after the fact precautions that you advised and would probably still be vulnerable. You are truly a master of your craft, thanks again!

  8. Well, it was not getting anymore pop-ups but it was crawling on the internet so I reset the MS Firewall to default and it improved a little but after I uninstalled MS Security Essentials and replaced it w/ Eset Security Suite it seems to be back to normal speed. Thanks for all your help, now it seems like my laptop has some kind of problems...lol Out of curiosity, could malware cause a system to say that services are shut down even when they are running? Should I open a different thread?
  9. yes that seems to have done it, Thank you very much! I'll be putting it to the test tomorrow since i'll be working on it all day, I'll let you know how I make out. Thanks again!
  10. It seems like the pop-ups have stopped but the"Mirar" entry is still in Add/Remove application list. Do I need to do anything about that?
  11. Ok, sorry about the italics, I didn't realize I did that. Anyway, # AdwCleaner v2.107 - Logfile created 01/21/2013 at 21:28:45 # Updated 21/01/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : New User - COMPAQ-HQ75TNXR # Boot Mode : Normal # Running from : C:\Documents and Settings\New User\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Google Chrome v24.0.1312.52 File : C:\Documents and Settings\New User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1113 octets] - [21/01/2013 20:58:16] AdwCleaner[s1].txt - [1051 octets] - [21/01/2013 21:28:45] ########## EOF - C:\AdwCleaner[s1].txt - [1111 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.4.8 (01.21.2013:2) OS: Microsoft Windows XP x86 Ran by New User on Mon 01/21/2013 at 21:38:13.95 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\eula.1028.txt Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\eula.1033.txt Successfully deleted: [File] C:\eula.1036.txt Successfully deleted: [File] C:\eula.1040.txt Successfully deleted: [File] C:\eula.1041.txt Successfully deleted: [File] C:\eula.1042.txt Successfully deleted: [File] C:\eula.2052.txt Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 01/21/2013 at 21:50:31.98 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  12. ok, here it is... # AdwCleaner v2.107 - Logfile created 01/21/2013 at 20:58:16 # Updated 21/01/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : New User - COMPAQ-HQ75TNXR # Boot Mode : Normal # Running from : C:\Documents and Settings\New User\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Google Chrome v24.0.1312.52 File : C:\Documents and Settings\New User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [985 octets] - [21/01/2013 20:58:16] ########## EOF - C:\AdwCleaner[R1].txt - [1044 octets] ########## Whatever needs to go, can go! and thanks for being so patient with me...
  13. Are you sure you want me to install the latest version of Java? Plz see link, https://isc.sans.edu/ Please advise...
  14. Wow, that went a lot faster than I expected...lol Here is the report... RogueKiller V8.4.3 [Jan 21 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : New User [Admin rights] Mode : Scan -- Date : 01/21/2013 18:22:00 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 007guard.com 127.0.0.1 www.007guard.com 127.0.0.1 008i.com 127.0.0.1 008k.com 127.0.0.1 www.008k.com 127.0.0.1 00hq.com 127.0.0.1 www.00hq.com 127.0.0.1 010402.com 127.0.0.1 032439.com 127.0.0.1 www.032439.com 127.0.0.1 0scan.com 127.0.0.1 www.0scan.com 127.0.0.1 1-2005-search.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-domains-registrations.com 127.0.0.1 www.1-domains-registrations.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3120026A +++++ --- User --- [MBR] 2c6dedb1fbce321288bf00730ebdcee8 [bSP] f93df2b64370f18c5b383f159d4dbbc3 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114470 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_01212013_02d1822.txt >> RKreport[1]_S_01212013_02d1822.txt
  15. Ok, here are the 2 logs: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11 Run by New User at 18:07:09 on 2013-01-21 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1218 [GMT -5:00] . AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes ================ . c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\System32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k LocalService . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uWindow Title = Jesus is LORD! uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned> uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey StartupFolder: c:\documents and settings\all users\start menu\programs\startup\W311U.lnk.disabled uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-System: dontdisplaylastusername = dword:1 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_11.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{4BEE7F00-6DEC-4012-862B-988ADDCFEE4A} : DHCPNameServer = 192.168.1.1 Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 193552] R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [2011-7-22 83392] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-20 398184] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-20 682344] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-20 21104] S3 cpuz130;cpuz130;\??\c:\docume~1\newuse~1\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\newuse~1\locals~1\temp\cpuz130\cpuz_x32.sys [?] S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\packet.sys [2002-7-3 13203] S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2011-8-19 722432] . =============== File Associations =============== . ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office\FRONTPG.EXE . =============== Created Last 30 ================ . 2013-01-21 18:07:48 388096 ----a-r- c:\documents and settings\new user\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2013-01-21 18:07:47 -------- d-----w- c:\program files\Trend Micro 2013-01-21 03:35:16 -------- d-----w- c:\program files\ESET 2013-01-20 06:12:52 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-20 06:12:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-19 22:09:34 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2013-01-19 21:39:42 6991832 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7b074a67-c95c-434f-8385-ba83fd9ce988}\mpengine.dll 2013-01-19 21:36:51 6582328 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-01-19 21:35:10 -------- d-sh--w- c:\documents and settings\new user\IECompatCache 2013-01-19 21:31:29 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-19 21:31:28 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl . ==================== Find3M ==================== . 2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 02:01:39 1371648 ------w- c:\windows\system32\msxml6.dll 2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec . ============= FINISH: 18:07:39.20 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 1/4/1980 6:48:35 AM System Uptime: 1/21/2013 5:56:30 AM (13 hours ago) . Motherboard: Compaq | | 07E4h Processor: Intel® Pentium® 4 CPU 2.40GHz | XU1 PROCESSOR | 2392/533mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 112 GiB total, 98.154 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP282: 1/20/2013 1:23:17 AM - System Checkpoint RP283: 1/20/2013 1:23:17 AM - System Checkpoint RP284: 1/20/2013 1:23:17 AM - System Checkpoint RP285: 1/20/2013 1:23:17 AM - System Checkpoint RP286: 1/20/2013 1:23:17 AM - System Checkpoint RP287: 1/20/2013 1:23:16 AM - System Checkpoint RP288: 1/20/2013 1:23:16 AM - System Checkpoint RP289: 1/20/2013 1:23:16 AM - Software Distribution Service 3.0 RP290: 1/20/2013 1:23:16 AM - Removed Apple Application Support RP291: 1/20/2013 1:23:16 AM - Removed iTunes RP292: 1/20/2013 1:23:16 AM - Removed Apple Mobile Device Support RP293: 1/20/2013 1:23:16 AM - Removed Apple Software Update RP294: 1/19/2013 5:06:48 PM - Removed Bonjour RP295: 1/19/2013 6:34:06 PM - Software Distribution Service 3.0 RP296: 1/21/2013 6:13:44 AM - System Checkpoint RP297: 1/21/2013 12:42:30 PM - Software Distribution Service 3.0 RP298: 1/21/2013 1:07:46 PM - Installed HiJackThis . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.5) Adobe Shockwave Player BlackBerry Desktop Software 6.1 CCleaner e-Sword ESET Online Scanner v3 Google Chrome HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB954550-v5) Intel® Extreme Graphics Driver Intel® PRO Ethernet Adapter and Software Java 2 Runtime Environment, SE v1.4.2_03 Java 6 Update 11 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Office File Validation Add-In Microsoft Office Professional Edition 2003 Microsoft Security Client Microsoft Security Essentials Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mirar MSXML 4.0 SP2 (KB973688) Picasa 3 QuickTime Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows Internet Explorer 8 (KB2799329) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB913433) Spybot - Search & Destroy SpywareBlaster 4.6 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) VLC media player 1.1.8 W311U WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 WinZip . ==== Event Viewer Messages From Past Week ======== . 1/21/2013 9:38:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\zoneclim.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1. 1/21/2013 9:38:52 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\znetm.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1. 1/21/2013 9:38:51 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\zeeverm.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.629.1. 1/21/2013 9:38:51 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\zcorem.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1. 1/21/2013 9:38:51 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\zclientm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1. 1/21/2013 9:38:51 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\uniansi.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1. 1/21/2013 9:38:51 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\shvlzm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1. 1/21/2013 9:38:51 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\shvlres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1. 1/21/2013 9:38:51 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\shvl.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1. 1/21/2013 9:38:50 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\rvsezm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1. 1/21/2013 9:38:50 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\rvseres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1. 1/21/2013 9:38:50 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\rvse.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1. 1/21/2013 9:38:50 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\hrtzzm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1. 1/21/2013 9:38:50 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\hrtzres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1. 1/21/2013 9:38:50 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\hrtz.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1. 1/21/2013 9:38:50 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\cmnresm.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1. 1/21/2013 9:38:49 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\cmnclim.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.629.1. 1/21/2013 9:38:49 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\chkrzm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1. 1/21/2013 9:38:49 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\chkrres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1. 1/21/2013 9:38:49 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\chkr.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1. 1/21/2013 9:38:49 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\bckgzm.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1. 1/21/2013 9:38:49 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\bckgres.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1. 1/21/2013 9:38:49 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\bckg.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1. 1/21/2013 9:38:48 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\msn gaming zone\windows\zonelibm.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 1.2.626.1. 1/21/2013 6:07:15 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.381.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 1/21/2013 5:58:15 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde 1/21/2013 5:57:03 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 1/20/2013 2:25:48 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.381.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 1/20/2013 1:35:43 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.143.381.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9103.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 1/20/2013 1:35:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 1/20/2013 1:14:26 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064} 1/20/2013 1:13:25 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter 1/20/2013 1:12:28 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 1/19/2013 5:21:21 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service. 1/19/2013 3:58:47 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 4/18/2012 5:31:40 PM Error Code: 0x80071b90 Error Description: The system license has expired. Your logon request is denied. 1/19/2013 3:57:46 PM, error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: %%2147949456 . ==== End Of File =========================== Moving on to step 2...executing Roguekiller