RedBarron Posted April 24, 2012 ID:545508 Share Posted April 24, 2012 First off, I really appreciate the help, don't think (know) this would be a big problem but I don't feel confident with this malware on my PC.I started getting these annoying pop up ads for some Chinese role-playing game at the lower bottom right corner of my screen when i try to connect to websites (not just Chinese ones, so I realized that there was something on my PC). The pop ups come with sound (how nice).I installed Malwarebytes Anti Malware and activated the full version trial then ran a scan. Found and quarantined "PUP.TollbarDownloader" in an exe file I had downloaded (and I guess executed) at some point. But I still get these messages that it blocked outgoing traffic every so often:2012/04/24 10:55:06 +0800 IP-BLOCK 218.8.51.248 (Type: outgoing, Port: 57038, Process: firefox.exe)2012/04/24 10:58:20 +0800 IP-BLOCK 218.8.51.248 (Type: outgoing, Port: 57187, Process: firefox.exe)2012/04/24 10:58:53 +0800 IP-BLOCK 218.8.51.248 (Type: outgoing, Port: 57212, Process: firefox.exe)2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52592, Process: chrome.exe)2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52593, Process: chrome.exe)2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52594, Process: chrome.exe)2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52595, Process: chrome.exe)2012/04/24 19:37:57 +0800 IP-BLOCK 122.70.138.185 (Type: outgoing, Port: 52596, Process: chrome.exe)I ran a scan according to the forum guidelines and get these logs:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29Run by Arne at 11:08:28 on 2012-04-24Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1033.18.1013.220 [GMT 8:00].AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exeC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exeC:\windows\SYSTEM32\Rezip.exeC:\windows\system32\svchost.exe -k imgsvcc:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exeC:\windows\system32\taskhost.exeC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\windows\system32\taskeng.exeC:\Program Files\Samsung\Easy Display Manager\dmhkcore.exeC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Windows\System32\igfxtray.exeC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exeC:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\windows\system32\igfxsrvc.exeC:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exeC:\Program Files\Google\Google Pinyin 3\GooglePinyinDaemon.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exeC:\Program Files\Google\Google Pinyin 3\GooglePinyinService.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files\Sticky Notes\StickyNotes.exeC:\windows\system32\SearchIndexer.exeC:\windows\system32\igfxext.exeC:\windows\system32\igfxsrvc.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\OpenOffice.org 3\program\scalc.exeC:\Program Files\OpenOffice.org 3\program\soffice.exeC:\Program Files\OpenOffice.org 3\program\soffice.binC:\Program Files\igowin\igowin.exeC:\windows\system32\taskhost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\windows\system32\conhost.exeC:\windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsnBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllTB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileuRun: [Google Update] "c:\users\arne\appdata\local\google\update\GoogleUpdate.exe" /cuRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11f_Plugin.exe -update pluginmRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -smRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exemRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /smRun: [Google Pinyin 3 Autoupdater] "c:\program files\google\google pinyin 3\GooglePinyinDaemon.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttrayStartupFolder: c:\users\arne\appdata\roaming\micros~1\windows\startm~1\programs\startup\sticky~1.lnk - c:\program files\sticky notes\StickyNotes.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exemPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000IE: Free YouTube to Mp3 Converter - c:\users\arne\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htmIE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htmIE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exeIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htmDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabTCP: DhcpNameServer = 10.0.0.1TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D} : DhcpNameServer = 10.0.0.1TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\0516E696E6F60245563616 : DhcpNameServer = 192.168.0.1TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\24F6F6B677F627D6 : DhcpNameServer = 192.168.0.1TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\348696E616E45647D235471627265736B637 : DhcpNameServer = 172.13.0.1TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\348696E616E45647D244B65557 : DhcpNameServer = 192.168.1.1 192.168.1.1TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\7756E67756E6132333 : DhcpNameServer = 192.168.0.1TCP: Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}\D43644F6E616C6467237 : DhcpNameServer = 192.168.1.1TCP: Interfaces\{581B304F-E7EA-4D69-8E16-B3D564BACED7} : DhcpNameServer = 192.168.1.1Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: igfxcui - igfxdev.dll.================= FIREFOX ===================.FF - ProfilePath - c:\users\arne\appdata\roaming\mozilla\firefox\profiles\6pojc2zr.default\FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)FF - prefs.js: browser.startup.homepage - www.google.comFF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en-GB&q=FF - prefs.js: network.proxy.http - http://proxy.io8.org/autoproxy/e1.pacFF - prefs.js: network.proxy.type - 0FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dllFF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dllFF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dllFF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\users\arne\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll.============= SERVICES / DRIVERS ===============.R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-26 165648]R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-12-10 10752]R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-18 654408]R2 Rezip;Rezip;c:\windows\system32\Rezip.exe [2009-12-10 311296]R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2011-8-4 645048]R3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\drivers\CryptOSD.sys [2009-5-1 384896]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-18 22344]R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-26 43392]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-30 135664]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-12-11 43944]S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-6-29 29472]S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-30 135664]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-2 52224].=============== Created Last 30 ================.2012-04-24 02:34:06 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9984dc56-d0f1-4566-8554-6b0a4947e2e8}\mpengine.dll2012-04-23 07:43:51 -------- d-----w- c:\program files\igowin2012-04-18 15:22:55 -------- d-----w- c:\program files\Anvisoft2012-04-18 11:43:48 -------- d-----w- c:\users\arne\appdata\roaming\Malwarebytes2012-04-18 11:42:55 -------- d-----w- c:\programdata\Malwarebytes2012-04-18 11:42:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-04-18 11:42:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-04-18 07:14:04 -------- d-----w- c:\users\arne\.FBReader2012-04-18 07:09:34 -------- d-----w- c:\program files\FBReader2012-04-18 06:52:12 -------- d-----w- c:\users\arne\appdata\roaming\calibre2012-04-17 16:22:04 5120 ----a-w- c:\windows\system32\wmi.dll2012-04-17 16:22:04 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys2012-04-17 16:22:04 172544 ----a-w- c:\windows\system32\wintrust.dll2012-04-17 16:22:03 159232 ----a-w- c:\windows\system32\imagehlp.dll2012-04-17 16:21:15 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe2012-04-17 16:21:14 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe2012-04-17 16:18:00 826880 ----a-w- c:\windows\system32\rdpcore.dll2012-04-09 16:20:44 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll2012-04-09 16:20:44 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll2012-03-26 15:41:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll2012-03-26 15:41:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll.==================== Find3M ====================.2012-02-28 05:38:52 981504 ----a-w- c:\windows\system32\wininet.dll2012-02-28 03:52:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb2012-02-25 08:00:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe.============= FINISH: 11:16:18,57 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows 7 Starter Boot Device: \Device\HarddiskVolume2Install Date: 29.06.2010 21:58:46System Uptime: 24.04.2012 01:25:06 (10 hours ago).Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | N150/N210/N220 Processor: Intel® Atom CPU N450 @ 1.66GHz | CPU 1 | 1667/mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 150 GiB total, 87,251 GiB free.D: is FIXED (NTFS) - 68 GiB total, 66,425 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}Description: Broadcom BCM2070 Bluetooth 2.1+EDR USB DeviceDevice ID: USB\VID_0A5C&PID_219B\506313BBB795Manufacturer: BroadcomName: Broadcom BCM2070 Bluetooth 2.1+EDR USB DevicePNP Device ID: USB\VID_0A5C&PID_219B\506313BBB795Service: BTHUSB.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Cisco AnyConnect VPN Virtual Miniport Adapter for WindowsDevice ID: ROOT\NET\0000Manufacturer: Cisco SystemsName: Cisco AnyConnect VPN Virtual Miniport Adapter for WindowsPNP Device ID: ROOT\NET\0000Service: vpnva.==== System Restore Points ===================.RP369: 25.03.2012 18:03:15 - Windows UpdateRP370: 28.03.2012 20:49:26 - Windows UpdateRP371: 01.04.2012 22:45:16 - Windows UpdateRP372: 05.04.2012 12:38:43 - Windows UpdateRP373: 09.04.2012 12:25:04 - Windows UpdateRP374: 12.04.2012 23:51:23 - Windows UpdateRP375: 16.04.2012 12:32:00 - Windows UpdateRP376: 18.04.2012 00:19:23 - Windows UpdateRP378: 18.04.2012 14:49:07 - Installed calibreRP380: 18.04.2012 15:30:49 - Removed calibreRP381: 21.04.2012 12:56:53 - Windows Update.==== Installed Programs ======================.??????? 3.07-Zip 4.65Adobe Flash Player 11 PluginAdobe Flash Player ActiveXAdobe Reader 9.5.1Adobe Shockwave Player 11.6AnkiApple Application SupportApple Software UpdateAtheros Client Installation ProgramBatteryLifeExtenderChargeableUSBCisco AnyConnect VPN ClientCompatibility Pack for the 2007 Office systemContentSAFER for WizmaxCyberLink YouCamEasy Display ManagerEasy Network ManagerEasy Resolution ManagerEasy SpeedUp ManagerEasyBatteryManagerFBReader for WindowsFree Audio CD Burner version 1.4Free YouTube to MP3 Converter version 3.8Full Tilt PokerGoogle ChromeGoogle Earth Plug-inGoogle Update HelperIntel® Graphics Media Accelerator DriverIntel® Matrix Storage ManagerJava Auto UpdaterJava 6 Update 22Java 6 Update 29Malwarebytes Anti-Malware version 1.61.0.1400Marvell Miniport DriverMicrosoft .NET Framework 4 Client ProfileMicrosoft AntimalwareMicrosoft Office Word Viewer 2003Microsoft PowerPoint ViewerMicrosoft Security ClientMicrosoft Security EssentialsMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WorksMozilla Firefox 11.0 (x86 en-US)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)OpenOffice.org 3.3Paint.NET v3.5.8PokerStarsPokerStove version 1.23PreSetup HyperSpaceQuickTimeRealtek High Definition Audio DriverREALTEK Wireless LAN SoftwareSamsung Recovery Solution 4Samsung Support CenterSamsung Update PlusSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Skype™ 4.2swMSMSynaptics Pointing Device DriverTIPP10 Version 2.0.3Uninstall 1.0.0.1Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)User GuideVirtualCloneDriveVLC media player 1.1.5VuzeWIDCOMM Bluetooth SoftwareWindows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)Xtra Controller ProYouTube Downloader 2.6.2.==== Event Viewer Messages From Past Week ========.22.04.2012 23:44:32, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.209.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 22.04.2012 22:55:15, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.209.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 22.04.2012 13:24:51, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.20.04.2012 18:38:06, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.19.04.2012 16:08:41, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1963.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 19.04.2012 16:08:41, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1963.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 19.04.2012 12:23:24, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1963.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 19.04.2012 12:23:24, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.123.1963.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 18.04.2012 19:53:25, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 7 time(s).18.04.2012 19:53:25, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 7 time(s).18.04.2012 19:53:25, Error: Service Control Manager [7034] - The Function Discovery Provider Host service terminated unexpectedly. It has done this 1 time(s).18.04.2012 19:53:25, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 7 time(s).18.04.2012 19:53:25, Error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 5 time(s).18.04.2012 17:40:04, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 3 time(s).18.04.2012 17:40:04, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 6 time(s).18.04.2012 17:40:04, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 6 time(s).18.04.2012 17:40:04, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 6 time(s).18.04.2012 17:39:59, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 5 time(s).18.04.2012 17:39:59, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 5 time(s).18.04.2012 17:39:59, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 5 time(s).18.04.2012 17:39:59, Error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 4 time(s).18.04.2012 17:39:43, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.18.04.2012 15:43:45, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 4 time(s).18.04.2012 15:43:45, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 4 time(s).18.04.2012 15:43:45, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 4 time(s).18.04.2012 15:43:45, Error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 3 time(s).18.04.2012 14:53:56, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error: An instance of the service is already running.18.04.2012 14:48:59, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 2 time(s).18.04.2012 14:48:59, Error: Service Control Manager [7034] - The Network Store Interface Service service terminated unexpectedly. It has done this 3 time(s).18.04.2012 14:48:59, Error: Service Control Manager [7034] - The Network List Service service terminated unexpectedly. It has done this 3 time(s).18.04.2012 14:48:59, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 3 time(s).18.04.2012 14:48:56, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 2 time(s).18.04.2012 14:48:56, Error: Service Control Manager [7031] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.18.04.2012 14:48:56, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.18.04.2012 14:48:56, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.18.04.2012 14:48:56, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.18.04.2012 14:48:52, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 1 time(s).18.04.2012 14:48:52, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.18.04.2012 14:48:52, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.18.04.2012 14:48:52, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.18.04.2012 00:07:20, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service..==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted April 25, 2012 ID:545805 Share Posted April 25, 2012 Welcome to the forum.Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system (don't run any other options)Post back the report.MrC Link to post Share on other sites More sharing options...
RedBarron Posted April 25, 2012 Author ID:545844 Share Posted April 25, 2012 Thanks MrCharlieRogueKiller V7.3.3 [04/22/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog: http://tigzyrk.blogspot.comOperating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits versionStarted in : Normal modeUser: Arne [Admin rights]Mode: Scan -- Date: 04/25/2012 23:04:35¤¤¤ Bad processes: 0 ¤¤¤¤¤¤ Registry Entries: 3 ¤¤¤[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver: [LOADED] ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: Hitachi HTS545025B9A300 +++++--- User ---[MBR] 2309d53b5e50f1481e33ea97262948e9[bSP] 42cd176af1e1fa736744448df7d3160e : KIWI Image system MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 153877 Mo3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 346804224 | Size: 69136 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1].txt >>RKreport[1].txt Link to post Share on other sites More sharing options...
MrCharlie Posted April 25, 2012 ID:545849 Share Posted April 25, 2012 Please make sure system restore is running and create a new restore point before continuing.XP users > please back up the registry using ERUNT.-----------------------------------------Please download and run TDSSKiller to your desktop as outlined below:Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.-------------------------Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.------------------------Click the Start Scan button.-----------------------If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueAny entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.----------------------If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.--------------------A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.-------------------Here's a summary of what to do if you would like to print it out:If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueAny entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.MrC Link to post Share on other sites More sharing options...
RedBarron Posted April 25, 2012 Author ID:545854 Share Posted April 25, 2012 23:44:57.0990 5348 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:4323:44:59.0279 5348 ============================================================23:44:59.0279 5348 Current date / time: 2012/04/25 23:44:59.027923:44:59.0279 5348 SystemInfo:23:44:59.0280 5348 23:44:59.0280 5348 OS Version: 6.1.7601 ServicePack: 1.023:44:59.0280 5348 Product type: Workstation23:44:59.0280 5348 ComputerName: 23:44:59.0281 5348 UserName: 23:44:59.0281 5348 Windows directory: C:\windows23:44:59.0281 5348 System windows directory: C:\windows23:44:59.0281 5348 Processor architecture: Intel x8623:44:59.0281 5348 Number of processors: 223:44:59.0281 5348 Page size: 0x100023:44:59.0281 5348 Boot type: Normal boot23:44:59.0281 5348 ============================================================23:45:01.0930 5348 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005023:45:01.0936 5348 ============================================================23:45:01.0936 5348 \Device\Harddisk0\DR0:23:45:01.0936 5348 MBR partitions:23:45:01.0937 5348 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x3200023:45:01.0937 5348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x12C8A80023:45:01.0962 5348 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x14ABD800, BlocksNum 0x870797023:45:01.0962 5348 ============================================================23:45:02.0055 5348 C: <-> \Device\Harddisk0\DR0\Partition123:45:02.0138 5348 D: <-> \Device\Harddisk0\DR0\Partition223:45:02.0138 5348 ============================================================23:45:02.0139 5348 Initialize success23:45:02.0139 5348 ============================================================23:45:10.0653 4296 ============================================================23:45:10.0653 4296 Scan started23:45:10.0653 4296 Mode: Manual; SigCheck; TDLFS; 23:45:10.0653 4296 ============================================================23:45:11.0082 4296 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys23:45:11.0500 4296 1394ohci - ok23:45:11.0578 4296 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys23:45:11.0690 4296 ACPI - ok23:45:11.0755 4296 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys23:45:11.0891 4296 AcpiPmi - ok23:45:11.0980 4296 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys23:45:12.0067 4296 adp94xx - ok23:45:12.0114 4296 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys23:45:12.0250 4296 adpahci - ok23:45:12.0297 4296 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys23:45:12.0474 4296 adpu320 - ok23:45:12.0524 4296 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll23:45:12.0705 4296 AeLookupSvc - ok23:45:12.0794 4296 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys23:45:12.0992 4296 AFD - ok23:45:13.0043 4296 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys23:45:13.0137 4296 agp440 - ok23:45:13.0200 4296 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys23:45:13.0278 4296 aic78xx - ok23:45:13.0324 4296 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe23:45:13.0922 4296 ALG - ok23:45:13.0993 4296 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys23:45:14.0049 4296 aliide - ok23:45:14.0072 4296 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys23:45:14.0170 4296 amdagp - ok23:45:14.0209 4296 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys23:45:14.0288 4296 amdide - ok23:45:14.0321 4296 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys23:45:14.0479 4296 AmdK8 - ok23:45:14.0510 4296 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys23:45:14.0641 4296 AmdPPM - ok23:45:14.0706 4296 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys23:45:14.0820 4296 amdsata - ok23:45:14.0877 4296 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys23:45:15.0037 4296 amdsbs - ok23:45:15.0129 4296 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys23:45:15.0214 4296 amdxata - ok23:45:15.0293 4296 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys23:45:15.0517 4296 AppID - ok23:45:15.0567 4296 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll23:45:15.0758 4296 AppIDSvc - ok23:45:15.0841 4296 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll23:45:16.0013 4296 Appinfo - ok23:45:16.0055 4296 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys23:45:16.0157 4296 arc - ok23:45:16.0176 4296 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys23:45:16.0288 4296 arcsas - ok23:45:16.0332 4296 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys23:45:16.0547 4296 AsyncMac - ok23:45:16.0616 4296 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys23:45:16.0693 4296 atapi - ok23:45:16.0931 4296 athr (49f17a2e79469be6581d491706720671) C:\windows\system32\DRIVERS\athr.sys23:45:17.0181 4296 athr - ok23:45:17.0368 4296 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll23:45:17.0559 4296 AudioEndpointBuilder - ok23:45:17.0577 4296 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll23:45:17.0705 4296 Audiosrv - ok23:45:17.0787 4296 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll23:45:18.0005 4296 AxInstSV - ok23:45:18.0102 4296 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys23:45:18.0301 4296 b06bdrv - ok23:45:18.0367 4296 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys23:45:18.0554 4296 b57nd60x - ok23:45:18.0616 4296 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll23:45:18.0773 4296 BDESVC - ok23:45:18.0820 4296 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys23:45:18.0906 4296 Beep - ok23:45:18.0988 4296 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll23:45:19.0162 4296 BFE - ok23:45:19.0243 4296 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll23:45:19.0420 4296 BITS - ok23:45:19.0462 4296 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys23:45:19.0576 4296 blbdrive - ok23:45:19.0630 4296 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys23:45:19.0787 4296 bowser - ok23:45:19.0806 4296 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys23:45:19.0952 4296 BrFiltLo - ok23:45:19.0978 4296 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys23:45:20.0045 4296 BrFiltUp - ok23:45:20.0122 4296 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll23:45:20.0272 4296 Browser - ok23:45:20.0302 4296 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys23:45:20.0443 4296 Brserid - ok23:45:20.0458 4296 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys23:45:20.0599 4296 BrSerWdm - ok23:45:20.0635 4296 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys23:45:20.0731 4296 BrUsbMdm - ok23:45:20.0762 4296 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys23:45:20.0848 4296 BrUsbSer - ok23:45:20.0903 4296 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys23:45:21.0052 4296 BthEnum - ok23:45:21.0087 4296 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys23:45:21.0215 4296 BTHMODEM - ok23:45:21.0267 4296 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys23:45:21.0354 4296 BthPan - ok23:45:21.0417 4296 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys23:45:21.0522 4296 BTHPORT - ok23:45:21.0567 4296 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll23:45:21.0736 4296 bthserv - ok23:45:21.0766 4296 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys23:45:21.0908 4296 BTHUSB - ok23:45:21.0954 4296 btusbflt (92c5b845803f3662637eb691ac0b250f) C:\windows\system32\drivers\btusbflt.sys23:45:22.0128 4296 btusbflt - ok23:45:22.0155 4296 btwaudio (7e826be3b3558208d5c9b00034e51be5) C:\windows\system32\drivers\btwaudio.sys23:45:22.0277 4296 btwaudio - ok23:45:22.0311 4296 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\windows\system32\DRIVERS\btwavdt.sys23:45:22.0446 4296 btwavdt - ok23:45:22.0601 4296 btwdins (0e3ee2bc0ec56bfe869fcde3e5806684) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe23:45:23.0340 4296 btwdins - ok23:45:23.0399 4296 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys23:45:23.0494 4296 btwl2cap - ok23:45:23.0532 4296 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\windows\system32\DRIVERS\btwrchid.sys23:45:23.0583 4296 btwrchid - ok23:45:23.0634 4296 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys23:45:23.0802 4296 cdfs - ok23:45:23.0874 4296 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys23:45:23.0936 4296 cdrom - ok23:45:24.0014 4296 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll23:45:24.0201 4296 CertPropSvc - ok23:45:24.0232 4296 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys23:45:24.0348 4296 circlass - ok23:45:24.0398 4296 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys23:45:24.0518 4296 CLFS - ok23:45:24.0612 4296 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe23:45:24.0844 4296 clr_optimization_v2.0.50727_32 - ok23:45:24.0931 4296 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe23:45:25.0003 4296 clr_optimization_v4.0.30319_32 - ok23:45:25.0031 4296 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys23:45:25.0124 4296 CmBatt - ok23:45:25.0180 4296 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys23:45:25.0235 4296 cmdide - ok23:45:25.0288 4296 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys23:45:25.0418 4296 CNG - ok23:45:25.0473 4296 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys23:45:25.0534 4296 Compbatt - ok23:45:25.0602 4296 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys23:45:25.0712 4296 CompositeBus - ok23:45:25.0736 4296 COMSysApp - ok23:45:25.0759 4296 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys23:45:25.0820 4296 crcdisk - ok23:45:25.0900 4296 CryptOSD (c914d18ab66b132e9c73f19f8f805f1f) C:\windows\system32\DRIVERS\CryptOSD.sys23:45:26.0023 4296 CryptOSD - ok23:45:26.0087 4296 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll23:45:26.0212 4296 CryptSvc - ok23:45:26.0302 4296 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll23:45:26.0469 4296 DcomLaunch - ok23:45:26.0521 4296 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll23:45:26.0673 4296 defragsvc - ok23:45:26.0740 4296 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys23:45:26.0920 4296 DfsC - ok23:45:27.0013 4296 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll23:45:27.0169 4296 Dhcp - ok23:45:27.0211 4296 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys23:45:27.0431 4296 discache - ok23:45:27.0501 4296 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys23:45:27.0607 4296 Disk - ok23:45:27.0659 4296 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll23:45:27.0820 4296 Dnscache - ok23:45:27.0899 4296 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll23:45:28.0060 4296 dot3svc - ok23:45:28.0194 4296 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll23:45:28.0354 4296 DPS - ok23:45:28.0412 4296 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys23:45:28.0464 4296 drmkaud - ok23:45:28.0546 4296 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys23:45:28.0651 4296 DXGKrnl - ok23:45:28.0699 4296 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll23:45:28.0835 4296 EapHost - ok23:45:29.0064 4296 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys23:45:29.0258 4296 ebdrv - ok23:45:29.0391 4296 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe23:45:29.0489 4296 EFS - ok23:45:29.0616 4296 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\windows\system32\Drivers\ElbyCDIO.sys23:45:29.0691 4296 ElbyCDIO - ok23:45:29.0797 4296 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys23:45:29.0890 4296 elxstor - ok23:45:29.0950 4296 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys23:45:29.0998 4296 ErrDev - ok23:45:30.0070 4296 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll23:45:30.0237 4296 EventSystem - ok23:45:30.0291 4296 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys23:45:30.0444 4296 exfat - ok23:45:30.0472 4296 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys23:45:30.0576 4296 fastfat - ok23:45:30.0670 4296 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe23:45:30.0980 4296 Fax - ok23:45:31.0014 4296 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys23:45:31.0122 4296 fdc - ok23:45:31.0160 4296 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll23:45:31.0283 4296 fdPHost - ok23:45:31.0308 4296 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll23:45:31.0443 4296 FDResPub - ok23:45:31.0475 4296 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys23:45:31.0574 4296 FileInfo - ok23:45:31.0602 4296 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys23:45:31.0733 4296 Filetrace - ok23:45:31.0844 4296 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys23:45:31.0935 4296 flpydisk - ok23:45:31.0976 4296 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys23:45:32.0061 4296 FltMgr - ok23:45:32.0152 4296 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll23:45:32.0305 4296 FontCache - ok23:45:32.0365 4296 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe23:45:32.0479 4296 FontCache3.0.0.0 - ok23:45:32.0515 4296 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys23:45:32.0601 4296 FsDepends - ok23:45:32.0699 4296 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys23:45:32.0759 4296 Fs_Rec - ok23:45:32.0841 4296 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys23:45:32.0955 4296 fvevol - ok23:45:32.0989 4296 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys23:45:33.0088 4296 gagp30kx - ok23:45:33.0168 4296 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll23:45:33.0399 4296 gpsvc - ok23:45:33.0495 4296 gupdate - ok23:45:33.0509 4296 gupdatem - ok23:45:33.0564 4296 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys23:45:33.0678 4296 hcw85cir - ok23:45:33.0755 4296 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys23:45:33.0848 4296 HdAudAddService - ok23:45:33.0903 4296 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys23:45:33.0976 4296 HDAudBus - ok23:45:34.0014 4296 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys23:45:34.0081 4296 HidBatt - ok23:45:34.0112 4296 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys23:45:34.0206 4296 HidBth - ok23:45:34.0206 4296 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys23:45:34.0315 4296 HidIr - ok23:45:34.0362 4296 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll23:45:34.0548 4296 hidserv - ok23:45:34.0609 4296 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys23:45:34.0721 4296 HidUsb - ok23:45:34.0773 4296 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll23:45:34.0895 4296 hkmsvc - ok23:45:34.0963 4296 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll23:45:35.0105 4296 HomeGroupListener - ok23:45:35.0171 4296 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll23:45:35.0282 4296 HomeGroupProvider - ok23:45:35.0345 4296 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys23:45:35.0438 4296 HpSAMD - ok23:45:35.0528 4296 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys23:45:35.0671 4296 HTTP - ok23:45:35.0754 4296 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys23:45:35.0808 4296 hwpolicy - ok23:45:35.0884 4296 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys23:45:36.0030 4296 i8042prt - ok23:45:36.0096 4296 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys23:45:36.0203 4296 iaStor - ok23:45:36.0290 4296 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys23:45:36.0430 4296 iaStorV - ok23:45:36.0581 4296 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe23:45:37.0014 4296 idsvc - ok23:45:37.0349 4296 igfx (ba41e1bba410212ce6d30e0dac47972b) C:\windows\system32\DRIVERS\igdkmd32.sys23:45:37.0747 4296 igfx - ok23:45:37.0919 4296 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys23:45:37.0997 4296 iirsp - ok23:45:38.0138 4296 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll23:45:38.0328 4296 IKEEXT - ok23:45:38.0547 4296 IntcAzAudAddService (7cb41a5e5c24f9f50e6533693e2bb74d) C:\windows\system32\drivers\RTKVHDA.sys23:45:38.0732 4296 IntcAzAudAddService - ok23:45:38.0962 4296 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys23:45:39.0018 4296 intelide - ok23:45:39.0067 4296 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys23:45:39.0175 4296 intelppm - ok23:45:39.0222 4296 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll23:45:39.0374 4296 IPBusEnum - ok23:45:39.0418 4296 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys23:45:39.0578 4296 IpFilterDriver - ok23:45:39.0675 4296 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll23:45:39.0872 4296 iphlpsvc - ok23:45:39.0919 4296 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys23:45:40.0062 4296 IPMIDRV - ok23:45:40.0093 4296 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys23:45:40.0199 4296 IPNAT - ok23:45:40.0233 4296 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys23:45:40.0341 4296 IRENUM - ok23:45:40.0399 4296 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys23:45:40.0521 4296 isapnp - ok23:45:40.0607 4296 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys23:45:40.0712 4296 iScsiPrt - ok23:45:40.0761 4296 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys23:45:40.0852 4296 kbdclass - ok23:45:40.0885 4296 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys23:45:41.0001 4296 kbdhid - ok23:45:41.0046 4296 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe23:45:41.0124 4296 KeyIso - ok23:45:41.0151 4296 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys23:45:41.0264 4296 KSecDD - ok23:45:41.0295 4296 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys23:45:41.0435 4296 KSecPkg - ok23:45:41.0560 4296 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll23:45:41.0725 4296 KtmRm - ok23:45:41.0799 4296 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll23:45:41.0960 4296 LanmanServer - ok23:45:42.0013 4296 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll23:45:42.0146 4296 LanmanWorkstation - ok23:45:42.0211 4296 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys23:45:42.0359 4296 lltdio - ok23:45:42.0408 4296 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll23:45:42.0550 4296 lltdsvc - ok23:45:42.0573 4296 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll23:45:42.0693 4296 lmhosts - ok23:45:42.0741 4296 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys23:45:42.0855 4296 LSI_FC - ok23:45:42.0875 4296 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys23:45:42.0980 4296 LSI_SAS - ok23:45:43.0008 4296 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys23:45:43.0090 4296 LSI_SAS2 - ok23:45:43.0113 4296 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys23:45:43.0229 4296 LSI_SCSI - ok23:45:43.0263 4296 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys23:45:43.0433 4296 luafv - ok23:45:43.0510 4296 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys23:45:43.0577 4296 MBAMProtector - ok23:45:43.0660 4296 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe23:45:44.0021 4296 MBAMService - ok23:45:44.0059 4296 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys23:45:44.0125 4296 megasas - ok23:45:44.0157 4296 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys23:45:44.0230 4296 MegaSR - ok23:45:44.0269 4296 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll23:45:44.0400 4296 MMCSS - ok23:45:44.0430 4296 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys23:45:44.0614 4296 Modem - ok23:45:44.0711 4296 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys23:45:44.0882 4296 monitor - ok23:45:44.0958 4296 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys23:45:45.0070 4296 mouclass - ok23:45:45.0193 4296 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys23:45:45.0315 4296 mouhid - ok23:45:45.0392 4296 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys23:45:45.0559 4296 mountmgr - ok23:45:45.0915 4296 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\windows\system32\DRIVERS\MpFilter.sys23:45:46.0047 4296 MpFilter - ok23:45:46.0225 4296 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys23:45:46.0418 4296 mpio - ok23:45:46.0718 4296 MpKsl649afcb5 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F4C5142-214F-4F41-B5AC-D39979DE8E0C}\MpKsl649afcb5.sys23:45:46.0817 4296 MpKsl649afcb5 - ok23:45:46.0928 4296 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\windows\system32\DRIVERS\MpNWMon.sys23:45:47.0014 4296 MpNWMon - ok23:45:47.0208 4296 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys23:45:47.0426 4296 mpsdrv - ok23:45:47.0582 4296 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll23:45:47.0813 4296 MpsSvc - ok23:45:47.0890 4296 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys23:45:47.0994 4296 MRxDAV - ok23:45:48.0063 4296 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys23:45:48.0189 4296 mrxsmb - ok23:45:48.0249 4296 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys23:45:48.0380 4296 mrxsmb10 - ok23:45:48.0411 4296 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys23:45:48.0587 4296 mrxsmb20 - ok23:45:48.0655 4296 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys23:45:48.0744 4296 msahci - ok23:45:48.0809 4296 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys23:45:48.0902 4296 msdsm - ok23:45:48.0971 4296 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe23:45:49.0134 4296 MSDTC - ok23:45:49.0219 4296 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys23:45:49.0509 4296 Msfs - ok23:45:49.0543 4296 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys23:45:49.0651 4296 mshidkmdf - ok23:45:49.0717 4296 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys23:45:49.0793 4296 msisadrv - ok23:45:49.0872 4296 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll23:45:50.0104 4296 MSiSCSI - ok23:45:50.0120 4296 msiserver - ok23:45:50.0276 4296 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys23:45:50.0447 4296 MSKSSRV - ok23:45:50.0964 4296 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe23:45:51.0091 4296 MsMpSvc - ok23:45:51.0169 4296 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys23:45:51.0316 4296 MSPCLOCK - ok23:45:51.0435 4296 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys23:45:51.0567 4296 MSPQM - ok23:45:51.0609 4296 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys23:45:51.0823 4296 MsRPC - ok23:45:51.0929 4296 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys23:45:52.0042 4296 mssmbios - ok23:45:52.0098 4296 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys23:45:52.0206 4296 MSTEE - ok23:45:52.0223 4296 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys23:45:52.0331 4296 MTConfig - ok23:45:52.0361 4296 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys23:45:52.0475 4296 Mup - ok23:45:52.0555 4296 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll23:45:52.0749 4296 napagent - ok23:45:52.0866 4296 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys23:45:53.0030 4296 NativeWifiP - ok23:45:53.0102 4296 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys23:45:53.0288 4296 NDIS - ok23:45:53.0372 4296 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys23:45:53.0523 4296 NdisCap - ok23:45:53.0558 4296 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys23:45:53.0717 4296 NdisTapi - ok23:45:53.0800 4296 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys23:45:53.0984 4296 Ndisuio - ok23:45:54.0061 4296 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys23:45:54.0201 4296 NdisWan - ok23:45:54.0226 4296 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys23:45:54.0417 4296 NDProxy - ok23:45:54.0458 4296 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys23:45:54.0650 4296 NetBIOS - ok23:45:54.0771 4296 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys23:45:55.0018 4296 NetBT - ok23:45:55.0082 4296 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe23:45:55.0194 4296 Netlogon - ok23:45:55.0255 4296 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll23:45:55.0449 4296 Netman - ok23:45:55.0487 4296 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll23:45:55.0742 4296 netprofm - ok23:45:55.0851 4296 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe23:45:55.0976 4296 NetTcpPortSharing - ok23:45:56.0023 4296 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys23:45:56.0140 4296 nfrd960 - ok23:45:56.0259 4296 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\windows\system32\DRIVERS\NisDrvWFP.sys23:45:56.0381 4296 NisDrv - ok23:45:56.0516 4296 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe23:45:56.0742 4296 NisSrv - ok23:45:56.0819 4296 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll23:45:57.0051 4296 NlaSvc - ok23:45:57.0068 4296 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys23:45:57.0270 4296 Npfs - ok23:45:57.0355 4296 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll23:45:57.0511 4296 nsi - ok23:45:57.0562 4296 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys23:45:57.0712 4296 nsiproxy - ok23:45:57.0894 4296 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys23:45:58.0510 4296 Ntfs - ok23:45:58.0571 4296 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys23:45:58.0686 4296 Null - ok23:45:58.0772 4296 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys23:45:58.0938 4296 nvraid - ok23:45:58.0977 4296 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys23:45:59.0156 4296 nvstor - ok23:45:59.0286 4296 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys23:45:59.0376 4296 nv_agp - ok23:45:59.0428 4296 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys23:45:59.0554 4296 ohci1394 - ok23:45:59.0637 4296 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE23:45:59.0754 4296 ose - ok23:45:59.0807 4296 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll23:45:59.0948 4296 p2pimsvc - ok23:46:00.0005 4296 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll23:46:00.0116 4296 p2psvc - ok23:46:00.0161 4296 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys23:46:00.0290 4296 Parport - ok23:46:00.0602 4296 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys23:46:00.0710 4296 partmgr - ok23:46:00.0739 4296 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys23:46:00.0826 4296 Parvdm - ok23:46:00.0874 4296 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll23:46:01.0025 4296 PcaSvc - ok23:46:01.0088 4296 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys23:46:01.0165 4296 pci - ok23:46:01.0190 4296 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys23:46:01.0244 4296 pciide - ok23:46:01.0288 4296 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys23:46:01.0365 4296 pcmcia - ok23:46:01.0394 4296 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys23:46:01.0476 4296 pcw - ok23:46:01.0539 4296 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys23:46:01.0687 4296 PEAUTH - ok23:46:01.0781 4296 PhnxBldr - ok23:46:01.0859 4296 PhnxBuilder - ok23:46:02.0065 4296 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll23:46:02.0409 4296 pla - ok23:46:02.0670 4296 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll23:46:02.0827 4296 PlugPlay - ok23:46:02.0860 4296 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll23:46:02.0993 4296 PNRPAutoReg - ok23:46:03.0041 4296 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll23:46:03.0137 4296 PNRPsvc - ok23:46:03.0218 4296 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll23:46:03.0351 4296 PolicyAgent - ok23:46:03.0470 4296 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll23:46:03.0607 4296 Power - ok23:46:03.0678 4296 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys23:46:03.0833 4296 PptpMiniport - ok23:46:03.0940 4296 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys23:46:04.0033 4296 Processor - ok23:46:04.0111 4296 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll23:46:04.0276 4296 ProfSvc - ok23:46:04.0349 4296 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe23:46:04.0422 4296 ProtectedStorage - ok23:46:04.0514 4296 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys23:46:04.0678 4296 Psched - ok23:46:04.0802 4296 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys23:46:04.0928 4296 ql2300 - ok23:46:05.0073 4296 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys23:46:05.0193 4296 ql40xx - ok23:46:05.0244 4296 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll23:46:05.0384 4296 QWAVE - ok23:46:05.0415 4296 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys23:46:05.0523 4296 QWAVEdrv - ok23:46:05.0553 4296 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys23:46:05.0755 4296 RasAcd - ok23:46:05.0865 4296 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys23:46:06.0010 4296 RasAgileVpn - ok23:46:06.0048 4296 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll23:46:06.0198 4296 RasAuto - ok23:46:06.0697 4296 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys23:46:06.0876 4296 Rasl2tp - ok23:46:06.0994 4296 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll23:46:07.0136 4296 RasMan - ok23:46:07.0175 4296 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys23:46:07.0303 4296 RasPppoe - ok23:46:07.0341 4296 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys23:46:07.0487 4296 RasSstp - ok23:46:07.0556 4296 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys23:46:07.0680 4296 rdbss - ok23:46:07.0696 4296 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys23:46:07.0790 4296 rdpbus - ok23:46:07.0841 4296 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys23:46:07.0919 4296 RDPCDD - ok23:46:07.0965 4296 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys23:46:08.0046 4296 RDPENCDD - ok23:46:08.0091 4296 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys23:46:08.0177 4296 RDPREFMP - ok23:46:08.0263 4296 RDPWD (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys23:46:08.0462 4296 RDPWD - ok23:46:08.0558 4296 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys23:46:08.0724 4296 rdyboost - ok23:46:08.0783 4296 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll23:46:08.0939 4296 RemoteAccess - ok23:46:08.0985 4296 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll23:46:09.0140 4296 RemoteRegistry - ok23:46:09.0199 4296 Rezip (f85ae59a52885f4b09aadafb23001a3b) C:\windows\SYSTEM32\Rezip.exe23:46:09.0608 4296 Rezip ( UnsignedFile.Multi.Generic ) - warning23:46:09.0608 4296 Rezip - detected UnsignedFile.Multi.Generic (1)23:46:09.0666 4296 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys23:46:09.0745 4296 RFCOMM - ok23:46:09.0798 4296 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll23:46:09.0919 4296 RpcEptMapper - ok23:46:09.0960 4296 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe23:46:10.0040 4296 RpcLocator - ok23:46:10.0200 4296 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll23:46:10.0356 4296 RpcSs - ok23:46:10.0406 4296 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys23:46:10.0549 4296 rspndr - ok23:46:10.0583 4296 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys23:46:10.0720 4296 RTL8167 - ok23:46:10.0767 4296 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys23:46:10.0850 4296 SABI - ok23:46:10.0883 4296 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe23:46:10.0956 4296 SamSs - ok23:46:11.0022 4296 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys23:46:11.0141 4296 sbp2port - ok23:46:11.0172 4296 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll23:46:11.0313 4296 SCardSvr - ok23:46:11.0375 4296 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys23:46:11.0484 4296 scfilter - ok23:46:11.0588 4296 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll23:46:11.0799 4296 Schedule - ok23:46:11.0860 4296 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll23:46:11.0983 4296 SCPolicySvc - ok23:46:12.0037 4296 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll23:46:12.0166 4296 SDRSVC - ok23:46:12.0269 4296 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys23:46:12.0395 4296 secdrv - ok23:46:12.0430 4296 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll23:46:12.0554 4296 seclogon - ok23:46:12.0601 4296 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll23:46:12.0739 4296 SENS - ok23:46:12.0786 4296 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys23:46:12.0867 4296 Serenum - ok23:46:12.0903 4296 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys23:46:13.0146 4296 Serial - ok23:46:13.0286 4296 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys23:46:13.0357 4296 sermouse - ok23:46:13.0454 4296 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll23:46:13.0602 4296 SessionEnv - ok23:46:13.0647 4296 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys23:46:13.0748 4296 sffdisk - ok23:46:13.0775 4296 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys23:46:13.0855 4296 sffp_mmc - ok23:46:13.0885 4296 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys23:46:13.0967 4296 sffp_sd - ok23:46:14.0000 4296 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys23:46:14.0078 4296 sfloppy - ok23:46:14.0130 4296 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll23:46:14.0407 4296 SharedAccess - ok23:46:14.0488 4296 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll23:46:14.0647 4296 ShellHWDetection - ok23:46:14.0741 4296 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys23:46:14.0850 4296 sisagp - ok23:46:14.0897 4296 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys23:46:14.0975 4296 SiSRaid2 - ok23:46:14.0996 4296 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys23:46:15.0090 4296 SiSRaid4 - ok23:46:15.0119 4296 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys23:46:15.0286 4296 Smb - ok23:46:15.0351 4296 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe23:46:15.0447 4296 SNMPTRAP - ok23:46:15.0476 4296 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys23:46:15.0536 4296 spldr - ok23:46:15.0623 4296 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe23:46:15.0776 4296 Spooler - ok23:46:16.0000 4296 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe23:46:16.0543 4296 sppsvc - ok23:46:16.0696 4296 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll23:46:16.0839 4296 sppuinotify - ok23:46:16.0927 4296 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys23:46:17.0035 4296 srv - ok23:46:17.0074 4296 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys23:46:17.0170 4296 srv2 - ok23:46:17.0200 4296 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys23:46:17.0278 4296 srvnet - ok23:46:17.0336 4296 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll23:46:17.0472 4296 SSDPSRV - ok23:46:17.0503 4296 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll23:46:17.0624 4296 SstpSvc - ok23:46:17.0661 4296 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys23:46:17.0724 4296 stexstor - ok23:46:17.0808 4296 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll23:46:17.0922 4296 StiSvc - ok23:46:17.0989 4296 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys23:46:18.0048 4296 swenum - ok23:46:18.0109 4296 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll23:46:18.0287 4296 swprv - ok23:46:18.0358 4296 SynTP (215a45246c6e2d0a9c263ce1786c8d8a) C:\windows\system32\DRIVERS\SynTP.sys23:46:18.0431 4296 SynTP - ok23:46:18.0554 4296 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll23:46:18.0741 4296 SysMain - ok23:46:18.0802 4296 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll23:46:18.0949 4296 TabletInputService - ok23:46:19.0022 4296 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\windows\system32\DRIVERS\taphss.sys23:46:19.0099 4296 taphss - ok23:46:19.0178 4296 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll23:46:19.0332 4296 TapiSrv - ok23:46:19.0366 4296 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll23:46:19.0522 4296 TBS - ok23:46:19.0690 4296 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys23:46:19.0828 4296 Tcpip - ok23:46:19.0871 4296 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys23:46:20.0004 4296 TCPIP6 - ok23:46:20.0069 4296 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys23:46:20.0199 4296 tcpipreg - ok23:46:20.0265 4296 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys23:46:20.0345 4296 TDPIPE - ok23:46:20.0415 4296 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys23:46:20.0492 4296 TDTCP - ok23:46:20.0547 4296 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys23:46:20.0702 4296 tdx - ok23:46:20.0771 4296 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys23:46:20.0902 4296 TermDD - ok23:46:20.0979 4296 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll23:46:21.0172 4296 TermService - ok23:46:21.0243 4296 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll23:46:21.0372 4296 Themes - ok23:46:21.0418 4296 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll23:46:21.0531 4296 THREADORDER - ok23:46:21.0585 4296 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll23:46:21.0739 4296 TrkWks - ok23:46:21.0818 4296 TrueSight (1512d11c1e1e37a4ae2e2b62794f0d2e) c:\windows\system32\drivers\TrueSight.sys23:46:21.0865 4296 TrueSight ( UnsignedFile.Multi.Generic ) - warning23:46:21.0865 4296 TrueSight - detected UnsignedFile.Multi.Generic (1)23:46:21.0969 4296 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe23:46:22.0213 4296 TrustedInstaller - ok23:46:22.0259 4296 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys23:46:22.0389 4296 tssecsrv - ok23:46:22.0474 4296 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys23:46:22.0586 4296 TsUsbFlt - ok23:46:22.0672 4296 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys23:46:22.0774 4296 tunnel - ok23:46:22.0815 4296 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys23:46:22.0904 4296 uagp35 - ok23:46:22.0981 4296 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys23:46:23.0098 4296 udfs - ok23:46:23.0148 4296 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe23:46:23.0280 4296 UI0Detect - ok23:46:23.0343 4296 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys23:46:23.0443 4296 uliagpkx - ok23:46:23.0514 4296 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys23:46:23.0614 4296 umbus - ok23:46:23.0644 4296 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys23:46:23.0696 4296 UmPass - ok23:46:23.0739 4296 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll23:46:23.0896 4296 upnphost - ok23:46:23.0974 4296 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\windows\system32\drivers\usbaudio.sys23:46:24.0115 4296 usbaudio - ok23:46:24.0175 4296 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys23:46:24.0319 4296 usbccgp - ok23:46:24.0391 4296 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys23:46:24.0477 4296 usbcir - ok23:46:24.0535 4296 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys23:46:24.0618 4296 usbehci - ok23:46:24.0673 4296 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys23:46:24.0766 4296 usbhub - ok23:46:24.0805 4296 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys23:46:24.0888 4296 usbohci - ok23:46:24.0941 4296 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys23:46:25.0019 4296 usbprint - ok23:46:25.0065 4296 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys23:46:25.0169 4296 usbscan - ok23:46:25.0231 4296 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS23:46:25.0390 4296 USBSTOR - ok23:46:25.0430 4296 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys23:46:25.0500 4296 usbuhci - ok23:46:25.0583 4296 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys23:46:25.0664 4296 usbvideo - ok23:46:25.0703 4296 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll23:46:25.0830 4296 UxSms - ok23:46:25.0874 4296 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe23:46:25.0969 4296 VaultSvc - ok23:46:26.0009 4296 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\windows\system32\DRIVERS\VClone.sys23:46:26.0108 4296 VClone - ok23:46:26.0170 4296 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys23:46:26.0246 4296 vdrvroot - ok23:46:26.0348 4296 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe23:46:26.0519 4296 vds - ok23:46:26.0559 4296 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys23:46:26.0653 4296 vga - ok23:46:26.0687 4296 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys23:46:26.0795 4296 VgaSave - ok23:46:26.0852 4296 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys23:46:26.0926 4296 vhdmp - ok23:46:26.0990 4296 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys23:46:27.0081 4296 viaagp - ok23:46:27.0121 4296 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys23:46:27.0208 4296 ViaC7 - ok23:46:27.0234 4296 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys23:46:27.0287 4296 viaide - ok23:46:27.0320 4296 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys23:46:27.0409 4296 volmgr - ok23:46:27.0449 4296 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys23:46:27.0534 4296 volmgrx - ok23:46:27.0612 4296 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys23:46:27.0687 4296 volsnap - ok23:46:27.0830 4296 vpnagent (d6653180d162cb3144fdbc8a651cebb1) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe23:46:28.0021 4296 vpnagent - ok23:46:28.0093 4296 vpnva (fc94804932cfc35f01b3ae510e3b4d5c) C:\windows\system32\DRIVERS\vpnva.sys23:46:28.0156 4296 vpnva - ok23:46:28.0212 4296 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys23:46:28.0352 4296 vsmraid - ok23:46:28.0467 4296 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe23:46:28.0691 4296 VSS - ok23:46:28.0737 4296 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys23:46:28.0826 4296 vwifibus - ok23:46:28.0866 4296 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys23:46:28.0971 4296 vwififlt - ok23:46:29.0027 4296 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys23:46:29.0099 4296 vwifimp - ok23:46:29.0165 4296 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll23:46:29.0310 4296 W32Time - ok23:46:29.0343 4296 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys23:46:29.0426 4296 WacomPen - ok23:46:29.0486 4296 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys23:46:29.0632 4296 WANARP - ok23:46:29.0645 4296 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys23:46:29.0776 4296 Wanarpv6 - ok23:46:29.0901 4296 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe23:46:30.0194 4296 wbengine - ok23:46:30.0255 4296 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll23:46:30.0370 4296 WbioSrvc - ok23:46:30.0453 4296 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll23:46:30.0582 4296 wcncsvc - ok23:46:30.0614 4296 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll23:46:30.0738 4296 WcsPlugInService - ok23:46:30.0801 4296 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys23:46:30.0864 4296 Wd - ok23:46:30.0912 4296 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys23:46:30.0987 4296 Wdf01000 - ok23:46:31.0018 4296 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll23:46:31.0143 4296 WdiServiceHost - ok23:46:31.0157 4296 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll23:46:31.0248 4296 WdiSystemHost - ok23:46:31.0316 4296 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll23:46:31.0441 4296 WebClient - ok23:46:31.0492 4296 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll23:46:31.0625 4296 Wecsvc - ok23:46:31.0654 4296 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll23:46:31.0771 4296 wercplsupport - ok23:46:31.0812 4296 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll23:46:31.0934 4296 WerSvc - ok23:46:31.0984 4296 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys23:46:32.0088 4296 WfpLwf - ok23:46:32.0120 4296 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys23:46:32.0184 4296 WIMMount - ok23:46:32.0290 4296 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll23:46:32.0460 4296 WinDefend - ok23:46:32.0482 4296 WinHttpAutoProxySvc - ok23:46:32.0560 4296 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll23:46:32.0704 4296 Winmgmt - ok23:46:32.0827 4296 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll23:46:33.0058 4296 WinRM - ok23:46:33.0205 4296 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys23:46:33.0299 4296 WinUsb - ok23:46:33.0397 4296 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll23:46:33.0550 4296 Wlansvc - ok23:46:33.0613 4296 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys23:46:33.0693 4296 WmiAcpi - ok23:46:33.0763 4296 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe23:46:33.0946 4296 wmiApSrv - ok23:46:34.0110 4296 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe23:46:34.0493 4296 WMPNetworkSvc - ok23:46:34.0525 4296 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll23:46:34.0626 4296 WPCSvc - ok23:46:34.0691 4296 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll23:46:34.0800 4296 WPDBusEnum - ok23:46:34.0865 4296 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys23:46:34.0973 4296 ws2ifsl - ok23:46:35.0021 4296 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\System32\wscsvc.dll23:46:35.0212 4296 wscsvc - ok23:46:35.0226 4296 WSearch - ok23:46:35.0406 4296 wuauserv (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll23:46:35.0669 4296 wuauserv - ok23:46:35.0846 4296 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys23:46:36.0020 4296 WudfPf - ok23:46:36.0096 4296 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys23:46:36.0196 4296 WUDFRd - ok23:46:36.0310 4296 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll23:46:36.0446 4296 wudfsvc - ok23:46:36.0533 4296 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll23:46:36.0634 4296 WwanSvc - ok23:46:36.0726 4296 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys23:46:36.0857 4296 yukonw7 - ok23:46:36.0975 4296 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR023:46:37.0473 4296 \Device\Harddisk0\DR0 - ok23:46:37.0482 4296 Boot (0x1200) (95099517972e5513e32c2d8ee0fc9e54) \Device\Harddisk0\DR0\Partition023:46:37.0485 4296 \Device\Harddisk0\DR0\Partition0 - ok23:46:37.0511 4296 Boot (0x1200) (fae2ec81b7c69eb5164fce781bf3e03e) \Device\Harddisk0\DR0\Partition123:46:37.0514 4296 \Device\Harddisk0\DR0\Partition1 - ok23:46:37.0546 4296 Boot (0x1200) (4385b450a436503a66ab30dec1a7a5b8) \Device\Harddisk0\DR0\Partition223:46:37.0549 4296 \Device\Harddisk0\DR0\Partition2 - ok23:46:37.0550 4296 ============================================================23:46:37.0550 4296 Scan finished23:46:37.0550 4296 ============================================================23:46:37.0580 5556 Detected object count: 223:46:37.0580 5556 Actual detected object count: 223:46:54.0426 5556 Rezip ( UnsignedFile.Multi.Generic ) - skipped by user23:46:54.0426 5556 Rezip ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:46:54.0429 5556 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user23:46:54.0429 5556 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip Link to post Share on other sites More sharing options...
MrCharlie Posted April 25, 2012 ID:545856 Share Posted April 25, 2012 That scan was clean...Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingc...to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Please include the C:\ComboFix.txt in your next reply for further review.Note:If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
RedBarron Posted April 25, 2012 Author ID:545878 Share Posted April 25, 2012 <p> </p><div>ComboFix 12-04-25.01 - Arne 26.04.2012 0:08.1.2 - x86</div><div>Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1033.18.1013.427 [GMT 8:00]</div><div>ausgeführt von:: c:\users\Arne\Desktop\ComboFix.exe</div><div>AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}</div><div>SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}</div><div>SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div><div>.</div><div>.</div><div>(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))</div><div>.</div><div>.</div><div>c:\programdata\FullRemove.exe</div><div>c:\users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\weave\toFetch</div><div>.</div><div>.</div><div>((((((((((((((((((((((( Dateien erstellt von 2012-03-25 bis 2012-04-25 ))))))))))))))))))))))))))))))</div><div>.</div><div>.</div><div>2012-04-25 16:21 . 2012-04-25 16:22<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Arne\AppData\Local\temp</div><div>2012-04-25 16:21 . 2012-04-25 16:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div><div>2012-04-25 14:53 . 2012-04-25 14:53<span class="Apple-tab-span" style="white-space:pre"> </span>29904<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F4C5142-214F-4F41-B5AC-D39979DE8E0C}\MpKsl649afcb5.sys</div><div>2012-04-25 14:52 . 2012-04-25 14:52<span class="Apple-tab-span" style="white-space:pre"> </span>13824<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\TrueSight.sys</div><div>2012-04-25 10:50 . 2012-04-13 07:36<span class="Apple-tab-span" style="white-space:pre"> </span>6734704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F4C5142-214F-4F41-B5AC-D39979DE8E0C}\mpengine.dll</div><div>2012-04-23 07:43 . 2012-04-23 07:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\igowin</div><div>2012-04-18 15:22 . 2012-04-19 04:21<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Anvisoft</div><div>2012-04-18 11:43 . 2012-04-18 11:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Arne\AppData\Roaming\Malwarebytes</div><div>2012-04-18 11:42 . 2012-04-18 11:42<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Malwarebytes</div><div>2012-04-18 11:42 . 2012-04-04 07:56<span class="Apple-tab-span" style="white-space:pre"> </span>22344<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div><div>2012-04-18 11:42 . 2012-04-18 11:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Malwarebytes' Anti-Malware</div><div>2012-04-18 07:14 . 2012-04-18 07:28<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Arne\.FBReader</div><div>2012-04-18 07:09 . 2012-04-18 07:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\FBReader</div><div>2012-04-18 06:52 . 2012-04-18 07:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Arne\AppData\Roaming\calibre</div><div>2012-04-17 16:22 . 2012-03-01 05:46<span class="Apple-tab-span" style="white-space:pre"> </span>19824<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\fs_rec.sys</div><div>2012-04-17 16:22 . 2012-03-01 05:37<span class="Apple-tab-span" style="white-space:pre"> </span>172544<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wintrust.dll</div><div>2012-04-17 16:22 . 2012-03-01 05:29<span class="Apple-tab-span" style="white-space:pre"> </span>5120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wmi.dll</div><div>2012-04-17 16:22 . 2012-03-01 05:33<span class="Apple-tab-span" style="white-space:pre"> </span>159232<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\imagehlp.dll</div><div>2012-04-17 16:21 . 2012-03-06 05:59<span class="Apple-tab-span" style="white-space:pre"> </span>3968368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntkrnlpa.exe</div><div>2012-04-17 16:21 . 2012-03-06 05:59<span class="Apple-tab-span" style="white-space:pre"> </span>3913072<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntoskrnl.exe</div><div>2012-04-17 16:18 . 2012-02-17 05:34<span class="Apple-tab-span" style="white-space:pre"> </span>826880<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\rdpcore.dll</div><div>2012-04-09 16:20 . 2012-04-09 16:20<span class="Apple-tab-span" style="white-space:pre"> </span>592824<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\gkmedias.dll</div><div>2012-04-09 16:20 . 2012-04-09 16:20<span class="Apple-tab-span" style="white-space:pre"> </span>44472<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Mozilla Firefox\mozglue.dll</div><div>.</div><div>.</div><div>.</div><div>(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))</div><div>.</div><div>2012-04-13 07:36 . 2010-08-27 13:12<span class="Apple-tab-span" style="white-space:pre"> </span>6734704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll</div><div>2012-02-25 08:00 . 2012-02-25 08:00<span class="Apple-tab-span" style="white-space:pre"> </span>414368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\FlashPlayerCPLApp.cpl</div><div>2012-02-11 09:49 . 2012-02-11 09:50<span class="Apple-tab-span" style="white-space:pre"> </span>713784<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A69CC0D8-4232-4E28-96E6-3CBF44FDAA19}\gapaengine.dll</div><div>2012-01-31 12:44 . 2010-08-25 15:07<span class="Apple-tab-span" style="white-space:pre"> </span>237072<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MpSigStub.exe</div><div>2012-04-09 16:20 . 2012-02-19 05:20<span class="Apple-tab-span" style="white-space:pre"> </span>97208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\mozilla firefox\components\browsercomps.dll</div><div>.</div><div>.</div><div>(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))</div><div>.</div><div>.</div><div>*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. </div><div>REGEDIT4</div><div>.</div><div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div><div>"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-18 8092192]</div><div>"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280]</div><div>"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]</div><div>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]</div><div>"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]</div><div>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-24 141848]</div><div>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-24 173592]</div><div>"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-24 150552]</div><div>"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]</div><div>"Google Pinyin 3 Autoupdater"="c:\program files\Google\Google Pinyin 3\GooglePinyinDaemon.exe" [2011-09-29 1181240]</div><div>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]</div><div>"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]</div><div>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]</div><div>"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]</div><div>.</div><div>c:\users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</div><div>Sticky Notes.lnk - c:\program files\Sticky Notes\StickyNotes.exe [2010-5-2 503808]</div><div>.</div><div>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\</div><div>Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 795936]</div><div>.</div><div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div><div>"ConsentPromptBehaviorAdmin"= 5 (0x5)</div><div>"ConsentPromptBehaviorUser"= 3 (0x3)</div><div>"EnableUIADesktopToggle"= 0 (0x0)</div><div>.</div><div>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]</div><div> Ime File<span class="Apple-tab-span" style="white-space:pre"> </span>REG_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>GOOGLEPINYIN3.IME</div><div>.</div><div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]</div><div>@="Service"</div><div>.</div><div>R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]</div><div>R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 135664]</div><div>R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]</div><div>R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]</div><div>R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 135664]</div><div>S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]</div><div>S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [2009-05-01 384896]</div><div>S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]</div><div>.</div><div>.</div><div>--- Andere Dienste/Treiber im Speicher ---</div><div>.</div><div>*NewlyCreated* - 84100573</div><div>*NewlyCreated* - MPKSL649AFCB5</div><div>*NewlyCreated* - TRUESIGHT</div><div>*Deregistered* - 84100573</div><div>*Deregistered* - TrueSight</div><div>.</div><div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]</div><div>LocalServiceAndNoImpersonation<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc</div><div>.</div><div>Inhalt des "geplante Tasks" Ordners</div><div>.</div><div>2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div><div>- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 13:41]</div><div>.</div><div>2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div><div>- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 13:41]</div><div>.</div><div>2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3948093705-1484294097-1952622497-1000Core.job</div><div>- c:\users\Arne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-01 18:47]</div><div>.</div><div>2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3948093705-1484294097-1952622497-1000UA.job</div><div>- c:\users\Arne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-01 18:47]</div><div>.</div><div>.</div><div>------- Zusätzlicher Suchlauf -------</div><div>.</div><div>uStart Page = hxxp://www.google.com/</div><div>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000</div><div>IE: Free YouTube to Mp3 Converter - c:\users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm</div><div>IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html</div><div>IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm</div><div>IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm</div><div>TCP: DhcpNameServer = 10.0.0.1</div><div>FF - ProfilePath - c:\users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\</div><div>FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)</div><div>FF - prefs.js: browser.startup.homepage - www.google.com</div><div>FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en-GB&q=</div><div>FF - prefs.js: network.proxy.http - http://proxy.io8.org/autoproxy/e1.pac</div><div>FF - prefs.js: network.proxy.type - 0</div><div>.</div><div>- - - - Entfernte verwaiste Registrierungseinträge - - - -</div><div>.</div><div>Toolbar-Locked - (no file)</div><div>SafeBoot-MCODS</div><div>.</div><div>.</div><div>.</div><div>--------------------- Gesperrte Registrierungsschluessel ---------------------</div><div>.</div><div>[HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]</div><div>@Denied: (2) (LocalSystem)</div><div>"Progid"="WindowsLiveMail.Email.1"</div><div>.</div><div>[HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]</div><div>@Denied: (2) (LocalSystem)</div><div>"Progid"="WindowsLiveMail.VCard.1"</div><div>.</div><div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]</div><div>@Denied: (Full) (Everyone)</div><div>.</div><div>Zeit der Fertigstellung: 2012-04-26 00:27:54</div><div>ComboFix-quarantined-files.txt 2012-04-25 16:27</div><div>.</div><div>Vor Suchlauf: 96.187.310.080 bytes free</div><div>Nach Suchlauf: 96.988.626.944 bytes free</div><div>.</div><div>- - End Of File - - 1CAF1DBA8C5172C1532731C2AED11B0F</div><div> </div> Link to post Share on other sites More sharing options...
MrCharlie Posted April 25, 2012 ID:545887 Share Posted April 25, 2012 Can you repost that log, it came out unreadable.Just hit the More Reply Options and then copy and past in it in there.MrC Link to post Share on other sites More sharing options...
RedBarron Posted April 25, 2012 Author ID:545896 Share Posted April 25, 2012 ComboFix 12-04-25.01 - Arne 26.04.2012 0:08.1.2 - x86Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1033.18.1013.427 [GMT 8:00]ausgeführt von:: c:\users\Arne\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\FullRemove.exec:\users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\weave\toFetch..((((((((((((((((((((((( Dateien erstellt von 2012-03-25 bis 2012-04-25 ))))))))))))))))))))))))))))))..2012-04-25 16:21 . 2012-04-25 16:22 -------- d-----w- c:\users\Arne\AppData\Local\temp2012-04-25 16:21 . 2012-04-25 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp2012-04-25 14:53 . 2012-04-25 14:53 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F4C5142-214F-4F41-B5AC-D39979DE8E0C}\MpKsl649afcb5.sys2012-04-25 14:52 . 2012-04-25 14:52 13824 ----a-w- c:\windows\system32\drivers\TrueSight.sys2012-04-25 10:50 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1F4C5142-214F-4F41-B5AC-D39979DE8E0C}\mpengine.dll2012-04-23 07:43 . 2012-04-23 07:43 -------- d-----w- c:\program files\igowin2012-04-18 15:22 . 2012-04-19 04:21 -------- d-----w- c:\program files\Anvisoft2012-04-18 11:43 . 2012-04-18 11:43 -------- d-----w- c:\users\Arne\AppData\Roaming\Malwarebytes2012-04-18 11:42 . 2012-04-18 11:42 -------- d-----w- c:\programdata\Malwarebytes2012-04-18 11:42 . 2012-04-04 07:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-04-18 11:42 . 2012-04-18 11:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-04-18 07:14 . 2012-04-18 07:28 -------- d-----w- c:\users\Arne\.FBReader2012-04-18 07:09 . 2012-04-18 07:09 -------- d-----w- c:\program files\FBReader2012-04-18 06:52 . 2012-04-18 07:12 -------- d-----w- c:\users\Arne\AppData\Roaming\calibre2012-04-17 16:22 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys2012-04-17 16:22 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll2012-04-17 16:22 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll2012-04-17 16:22 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll2012-04-17 16:21 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe2012-04-17 16:21 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe2012-04-17 16:18 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll2012-04-09 16:20 . 2012-04-09 16:20 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll2012-04-09 16:20 . 2012-04-09 16:20 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll...(((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))).2012-04-13 07:36 . 2010-08-27 13:12 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-02-25 08:00 . 2012-02-25 08:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-02-11 09:49 . 2012-02-11 09:50 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A69CC0D8-4232-4E28-96E6-3CBF44FDAA19}\gapaengine.dll2012-01-31 12:44 . 2010-08-25 15:07 237072 ------w- c:\windows\system32\MpSigStub.exe2012-04-09 16:20 . 2012-02-19 05:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))..*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-18 8092192]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-10 1578280]"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-24 141848]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-24 173592]"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-24 150552]"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]"Google Pinyin 3 Autoupdater"="c:\program files\Google\Google Pinyin 3\GooglePinyinDaemon.exe" [2011-09-29 1181240]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408].c:\users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sticky Notes.lnk - c:\program files\Sticky Notes\StickyNotes.exe [2010-5-2 503808].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-2 795936].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804] Ime File REG_SZ GOOGLEPINYIN3.IME.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 135664]R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 135664]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys [2009-05-01 384896]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]..--- Andere Dienste/Treiber im Speicher ---.*NewlyCreated* - 84100573*NewlyCreated* - MPKSL649AFCB5*NewlyCreated* - TRUESIGHT*Deregistered* - 84100573*Deregistered* - TrueSight.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc.Inhalt des "geplante Tasks" Ordners.2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 13:41].2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-30 13:41].2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3948093705-1484294097-1952622497-1000Core.job- c:\users\Arne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-01 18:47].2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3948093705-1484294097-1952622497-1000UA.job- c:\users\Arne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-01 18:47]..------- Zusätzlicher Suchlauf -------.uStart Page = hxxp://www.google.com/IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000IE: Free YouTube to Mp3 Converter - c:\users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htmIE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: DhcpNameServer = 10.0.0.1FF - ProfilePath - c:\users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)FF - prefs.js: browser.startup.homepage - www.google.comFF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en-GB&q=FF - prefs.js: network.proxy.http - http://proxy.io8.org/autoproxy/e1.pacFF - prefs.js: network.proxy.type - 0.- - - - Entfernte verwaiste Registrierungseinträge - - - -.Toolbar-Locked - (no file)SafeBoot-MCODS...--------------------- Gesperrte Registrierungsschluessel ---------------------.[HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Zeit der Fertigstellung: 2012-04-26 00:27:54ComboFix-quarantined-files.txt 2012-04-25 16:27.Vor Suchlauf: 96.187.310.080 bytes freeNach Suchlauf: 96.988.626.944 bytes free.- - End Of File - - 1CAF1DBA8C5172C1532731C2AED11B0F Link to post Share on other sites More sharing options...
RedBarron Posted April 25, 2012 Author ID:545898 Share Posted April 25, 2012 Thanks again for your help, I'm going to bed, will be back tomorrow. Link to post Share on other sites More sharing options...
MrCharlie Posted April 25, 2012 ID:545900 Share Posted April 25, 2012 Please let me know if there's any improvement as we go along.Run this scan......Download aswMBR to your desktop.http://public.avast....erek/aswMBR.exeDouble click the aswMBR.exe to run it.If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".Click the "Scan" button to start scan.On completion of the scan click "Save log", save it to your desktop and post in your next reply.NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.MrC Link to post Share on other sites More sharing options...
RedBarron Posted April 26, 2012 Author ID:546104 Share Posted April 26, 2012 Just as I was running the scan I had another pop up come up, this time not blocked by Malwarebytes (which I have re-enabled) aswMBR version 0.9.9.1665 Copyright© 2011 AVAST SoftwareRun date: 2012-04-26 10:22:03-----------------------------10:22:03.377 OS Version: Windows 6.1.7601 Service Pack 110:22:03.377 Number of processors: 2 586 0x1C0A10:22:03.439 ComputerName: ARNE-PC UserName: Arne10:22:15.966 Initialize success10:26:51.737 AVAST engine defs: 1204250110:27:19.286 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-010:27:19.286 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 310:27:19.349 Disk 0 MBR read successfully10:27:19.349 Disk 0 MBR scan10:27:19.442 Disk 0 unknown MBR code10:27:19.489 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 204810:27:19.645 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 3145932810:27:19.832 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 153877 MB offset 3166412810:27:19.957 Disk 0 Partition - 00 0F Extended LBA 69136 MB offset 34680422410:27:20.004 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 69135 MB offset 34680627210:27:20.160 Disk 0 scanning sectors +48839512010:27:20.394 Disk 0 scanning C:\windows\system32\drivers10:27:58.988 Service scanning10:28:30.766 Service MpKslf19de2ff c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AA898340-CC50-4996-8ECC-1C3A487DFD79}\MpKslf19de2ff.sys **LOCKED** 3210:28:31.109 Service MpNWMon C:\windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 3210:29:12.402 Modules scanning10:29:33.602 Disk 0 trace - called modules:10:29:33.649 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 10:29:33.665 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84e76268]10:29:33.680 3 CLASSPNP.SYS[86d7759e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x83753028]10:29:34.460 AVAST engine scan C:\windows10:29:45.927 AVAST engine scan C:\windows\system3210:38:55.462 AVAST engine scan C:\windows\system32\drivers10:39:42.319 AVAST engine scan C:\Users\Arne10:48:40.301 Disk 0 MBR has been saved successfully to "C:\Users\Arne\Desktop\MBR.dat"10:48:40.391 The log file has been saved successfully to "C:\Users\Arne\Desktop\aswMBR.txt" Link to post Share on other sites More sharing options...
MrCharlie Posted April 26, 2012 ID:546166 Share Posted April 26, 2012 See if you can upload this file to VirusTotal for a free scan, let me know the results (just copy back the url)c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AA898340-CC50-4996-8ECC-1C3A487DFD79}\MpKslf19de2ff.syshttp://www.virustotal.com/You may have to enable hidden files to see it:http://www.bleepingc...s-in-windows-7/MrC Link to post Share on other sites More sharing options...
RedBarron Posted April 26, 2012 Author ID:546177 Share Posted April 26, 2012 Nothing detected Link to post Share on other sites More sharing options...
MrCharlie Posted April 26, 2012 ID:546179 Share Posted April 26, 2012 Did you just install this program?Skype™ 4.2TCP: Interfaces\{581B304F-E7EA-4D69-8E16-B3D564BACED7} : DhcpNameServer = 192.168.1.1Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL----------------------------------------Click on the link that pertains to your country and see if it comes up green.http://www.dns-ok.us/ <--------for USAhttp://www.dcwg.org/detect/ <---other countries----------------------------------------Please download ListpartsRun the tool, click Scan and post the log (Result.txt) it makes---------------------------------------Please update and run a Full Scan with Microsoft Security Essentials, let me know if it finds anything.MrC Link to post Share on other sites More sharing options...
RedBarron Posted April 26, 2012 Author ID:546258 Share Posted April 26, 2012 I have Skype 4.2, but it's been on my PC for a long time. I don't know how to check for the two parameters you mentioned in connection with Skype.I tried every website and they all came back green. I am located in China, so I don't know if they work over here.Listparts scan:ListParts by Farbar Version: 12-03-2012 03Ran by Arne (administrator) on 27-04-2012 at 00:13:43Windows 7 (X86)Running From: C:\Users\Arne\DownloadsLanguage: 0409************************************************************========================= Memory info ====================== Percentage of memory in use: 76%Total physical RAM: 1013.3 MBAvailable physical RAM: 242.37 MBTotal Pagefile: 2037.3 MBAvailable Pagefile: 497.63 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1956.37 MB======================= Partitions =========================1 Drive c: () (Fixed) (Total:150.27 GB) (Free:89.9 GB) NTFS2 Drive d: () (Fixed) (Total:67.51 GB) (Free:65.42 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 232 GB 1024 KB Disk 1 No Media 0 B 0 B Partitions of Disk 0:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 15 GB 1024 KB Partition 2 Primary 100 MB 15 GB Partition 3 Primary 150 GB 15 GB Partition 0 Extended 67 GB 165 GB Partition 4 Logical 67 GB 165 GB======================================================================================================Disk: 0Partition 1Type : 27Hidden: YesActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 4 RECOVERY NTFS Partition 15 GB Healthy Hidden ======================================================================================================Disk: 0Partition 2Type : 07Hidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 1 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components) ======================================================================================================Disk: 0Partition 3Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 2 C NTFS Partition 150 GB Healthy Boot ======================================================================================================Disk: 0Partition 4Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 3 D NTFS Partition 67 GB Healthy ======================================================================================================****** End Of Log ****** I will have to get back to you with the results of the Security Essentials scan tomorrow.Thanks Link to post Share on other sites More sharing options...
MrCharlie Posted April 26, 2012 ID:546279 Share Posted April 26, 2012 The scan looks OK, let me know about MSE...MrC Link to post Share on other sites More sharing options...
RedBarron Posted April 27, 2012 Author ID:546632 Share Posted April 27, 2012 Updated and scanned, nothing found by Microsoft Security Essentials Link to post Share on other sites More sharing options...
MrCharlie Posted April 27, 2012 ID:546636 Share Posted April 27, 2012 OK, go to your control panels add/remove programs and uninstall this:Java™ 6 Update 22Then in your control panel >Java > Update Tab > Update NowJava™ 6 Update 29 <---should be Java™ 6 Update 31-------------------------------------Next....Please download OTL from one of the links below:http://oldtimer.geekstogo.com/OTL.exehttp://oldtimer.geekstogo.com/OTL.com (<---renamed version)Save it to your desktop.Double click on the icon on your desktop.Click the Scan All Users checkbox.Push the Quick Scan button.The scan will take about 10 minutes...depends on your hard drive size.Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedMrC Link to post Share on other sites More sharing options...
RedBarron Posted April 27, 2012 Author ID:546664 Share Posted April 27, 2012 OTL logfile created on: 4/27/2012 11:53:35 PM - Run 1OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Arne\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 8.0.7601.17514)Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy1013.30 Mb Total Physical Memory | 157.65 Mb Available Physical Memory | 15.56% Memory free2.10 Gb Paging File | 0.61 Gb Available in Paging File | 28.98% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program FilesDrive C: | 150.27 Gb Total Space | 90.28 Gb Free Space | 60.08% Space Free | Partition Type: NTFSDrive D: | 67.51 Gb Total Space | 65.42 Gb Free Space | 96.90% Space Free | Partition Type: NTFSComputer Name: ARNE-PC | User Name: Arne | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/04/27 23:52:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Arne\Desktop\OTL.exePRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2011/09/29 20:13:22 | 000,771,640 | ---- | M] () -- C:\Program Files\Google\Google Pinyin 3\GooglePinyinService.exePRC - [2011/09/29 20:13:19 | 001,181,240 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Pinyin 3\GooglePinyinDaemon.exePRC - [2011/08/04 04:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exePRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exePRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exePRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exePRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exePRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exePRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.binPRC - [2011/01/17 18:37:40 | 000,307,200 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\scalc.exePRC - [2010/11/23 14:26:41 | 000,503,808 | ---- | M] (Author - Igor Vigdorchik) -- C:\Program Files\Sticky Notes\StickyNotes.exePRC - [2010/11/20 20:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exePRC - [2009/11/20 12:01:36 | 002,247,168 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exePRC - [2009/10/26 19:53:14 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exePRC - [2009/10/02 23:48:26 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exePRC - [2009/10/02 23:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exePRC - [2009/03/05 17:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe========== Modules (No Company Name) ==========MOD - [2012/04/12 15:37:34 | 000,444,400 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dllMOD - [2012/04/12 15:37:33 | 003,915,248 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dllMOD - [2012/04/12 15:36:18 | 000,544,240 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\libglesv2.dllMOD - [2012/04/12 15:36:17 | 000,117,744 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\libegl.dllMOD - [2012/04/12 15:36:08 | 000,122,880 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dllMOD - [2012/04/12 15:36:06 | 000,220,672 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dllMOD - [2012/04/12 15:36:05 | 001,747,456 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dllMOD - [2012/04/12 14:51:55 | 008,743,584 | ---- | M] () -- C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dllMOD - [2011/09/29 20:13:22 | 000,771,640 | ---- | M] () -- C:\Program Files\Google\Google Pinyin 3\GooglePinyinService.exeMOD - [2011/03/15 20:40:00 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dllMOD - [2011/03/15 20:40:00 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll========== Win32 Services (SafeList) ==========SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2011/08/04 04:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)SRV - [2009/10/02 23:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2009/03/05 17:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)========== Driver Services (SafeList) ==========DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Arne\AppData\Local\Temp\phoenix\PhnxBldr.sys -- (PhnxBuilder)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\HyperSpace\PhnxBldr.sys -- (PhnxBldr)DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Arne\AppData\Local\Temp\catchme.sys -- (catchme)DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Arne\AppData\Local\Temp\aswMBR.sys -- (aswMBR)DRV - [2012/04/27 08:15:47 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{48200D8E-3AB9-437A-A139-7AE66C543B8C}\MpKsl61bf4070.sys -- (MpKsl61bf4070)DRV - [2012/04/25 22:52:35 | 000,013,824 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)DRV - [2011/12/13 03:32:24 | 002,228,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)DRV - [2011/08/04 04:27:28 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV - [2010/11/20 17:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)DRV - [2010/06/17 04:33:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)DRV - [2009/09/28 17:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)DRV - [2009/07/02 04:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)DRV - [2009/05/01 18:11:06 | 000,384,896 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CryptOSD.sys -- (CryptOSD)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSNIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\SearchScopes\{4C7AABE8-8045-4207-926A-F5EE06FA9BD6}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_enIE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\SearchScopes\{8B5AE1A3-BDD6-4CE8-8289-C5C05BBAAA7F}: "URL" = http://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}IE - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Secure Search"FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "www.google.com"FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29FF - prefs.js..keyword.URL: "http://www.google.com/search?hl=en-GB&q="FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.io8.org/autoproxy/e1.pac"FF - prefs.js..network.proxy.http: "http://proxy.io8.org/autoproxy/e1.pac"FF - prefs.js..network.proxy.type: 0FF - user.js - File not foundFF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not foundFF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not foundFF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Arne\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Arne\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/10 00:20:44 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/27 23:42:54 | 000,000,000 | ---D | M][2010/07/02 20:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arne\AppData\Roaming\Mozilla\Extensions[2012/02/25 21:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\extensions[2012/02/19 14:49:05 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}[2012/02/25 21:55:52 | 000,000,000 | ---D | M] (Perapera Chinese) -- C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\extensions\chineseperakun@gmail.com[2010/10/24 00:05:57 | 000,001,632 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\searchplugins\firefox-add-ons.xml[2010/10/24 00:09:28 | 000,001,330 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\searchplugins\wikipedia-en.xml[2010/10/24 00:36:42 | 000,001,032 | ---- | M] () -- C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\6pojc2zr.default\searchplugins\wikipedia-eng.xml[2012/04/27 23:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2012/04/27 23:43:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}[2012/04/10 00:20:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll[2012/02/16 18:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml[2010/07/08 18:12:54 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml[2012/02/16 18:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml========== Chrome ==========CHR - default_search_provider: google.com (Default) (Enabled)CHR - default_search_provider: search_url = http://www.google.com/search?hl=en&source=hp&biw=1228&bih=610&q={searchTerms}&btnG=Google+Search&aq=1&aqi=g10&aql=&oq=cowboyCHR - default_search_provider: suggest_url = CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Users\Arne\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dllCHR - plugin: Shockwave Flash (Disabled) = C:\Users\Arne\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dllCHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dllCHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dllCHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dllCHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dllCHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dllCHR - plugin: Google Update (Enabled) = C:\Users\Arne\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dllCHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dllCHR - Extension: Offline Google Mail = C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.13_0\CHR - Extension: Google Calendar = C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\CHR - Extension: Zhongwen: A Chinese-English Popup Dictionary = C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkmlkkjojmombglmlpbpapmhcaljjkde\3.2.1_0\CHR - Extension: Google Play Books = C:\Users\Arne\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.3_0\O1 HOSTS File: ([2012/04/26 00:22:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)O3 - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O4 - HKLM..\Run: [Google Pinyin 3 Autoupdater] C:\Program Files\Google\Google Pinyin 3\GooglePinyinDaemon.exe (Google Inc.)O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4 - Startup: C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sticky Notes.lnk = C:\Program Files\Sticky Notes\StickyNotes.exe (Author - Igor Vigdorchik)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not foundO8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not foundO8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24FDB2AB-187E-413F-BAF1-7D983CBF9F6D}: DhcpNameServer = 10.0.0.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{581B304F-E7EA-4D69-8E16-B3D564BACED7}: DhcpNameServer = 192.168.1.1O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2012/04/27 23:52:35 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Arne\Desktop\OTL.exe[2012/04/27 23:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java[2012/04/26 10:16:31 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Arne\Desktop\aswMBR.exe[2012/04/26 00:28:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2012/04/26 00:27:57 | 000,000,000 | ---D | C] -- C:\windows\temp[2012/04/26 00:21:51 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Local\temp[2012/04/26 00:05:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe[2012/04/26 00:05:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe[2012/04/26 00:05:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe[2012/04/26 00:05:10 | 000,000,000 | ---D | C] -- C:\windows\ERDNT[2012/04/26 00:05:00 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/04/25 23:56:45 | 004,475,034 | R--- | C] (Swearware) -- C:\Users\Arne\Desktop\ComboFix.exe[2012/04/25 22:52:28 | 000,000,000 | ---D | C] -- C:\Users\Arne\Desktop\RK_Quarantine[2012/04/23 15:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\igowin[2012/04/18 23:23:17 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft[2012/04/18 23:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft[2012/04/18 19:43:48 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Malwarebytes[2012/04/18 19:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2012/04/18 19:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2012/04/18 19:42:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys[2012/04/18 19:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2012/04/18 19:20:11 | 000,000,000 | ---D | C] -- C:\Users\Arne\Documents\China Reading[2012/04/18 15:14:04 | 000,000,000 | ---D | C] -- C:\Users\Arne\.FBReader[2012/04/18 15:09:39 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FBReader for Windows[2012/04/18 15:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FBReader for Windows[2012/04/18 15:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\FBReader[2012/04/18 14:52:12 | 000,000,000 | ---D | C] -- C:\Users\Arne\AppData\Roaming\calibre[2012/04/12 21:24:31 | 000,000,000 | ---D | C] -- C:\Users\Arne\Desktop\German[2012/04/12 21:24:05 | 000,000,000 | ---D | C] -- C:\Users\Arne\Desktop\English[2012/04/11 19:48:59 | 000,000,000 | ---D | C] -- C:\Users\Arne\Desktop\bigword[2012/04/05 20:29:36 | 000,000,000 | ---D | C] -- C:\windows\Minidump========== Files - Modified Within 30 Days ==========[2012/04/27 23:52:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Arne\Desktop\OTL.exe[2012/04/27 23:43:10 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3948093705-1484294097-1952622497-1000UA.job[2012/04/27 23:13:03 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job[2012/04/27 22:43:10 | 000,000,094 | -H-- | M] () -- C:\Users\Arne\Documents\.~lock.Plan.ods#[2012/04/27 22:43:04 | 000,001,064 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3948093705-1484294097-1952622497-1000Core.job[2012/04/27 20:13:01 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job[2012/04/27 18:28:19 | 000,037,637 | ---- | M] () -- C:\Users\Arne\Documents\Plan.ods[2012/04/27 16:45:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat[2012/04/26 16:31:18 | 000,649,912 | ---- | M] () -- C:\Users\Arne\Desktop\02.jpg[2012/04/26 16:29:54 | 000,301,135 | ---- | M] () -- C:\Users\Arne\Desktop\01.jpg[2012/04/26 10:49:37 | 000,254,651 | ---- | M] () -- C:\Users\Arne\Desktop\malware still there.jpg[2012/04/26 10:48:40 | 000,000,512 | ---- | M] () -- C:\Users\Arne\Desktop\MBR.dat[2012/04/26 10:17:24 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Arne\Desktop\aswMBR.exe[2012/04/26 00:22:24 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts[2012/04/25 23:57:15 | 004,475,034 | R--- | M] (Swearware) -- C:\Users\Arne\Desktop\ComboFix.exe[2012/04/25 23:51:07 | 000,194,984 | ---- | M] () -- C:\Users\Arne\Desktop\most recent malware.jpg[2012/04/25 22:52:35 | 000,013,824 | ---- | M] () -- C:\windows\System32\drivers\TrueSight.sys[2012/04/25 18:45:36 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/04/25 18:45:36 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/04/25 18:38:06 | 796,889,088 | -HS- | M] () -- C:\hiberfil.sys[2012/04/24 19:42:28 | 000,038,593 | ---- | M] () -- C:\Users\Arne\Desktop\outgoing malware small.jpg[2012/04/24 19:41:36 | 000,208,399 | ---- | M] () -- C:\Users\Arne\Desktop\outgoing malware.jpg[2012/04/24 13:02:27 | 154,344,779 | ---- | M] () -- C:\windows\MEMORY.DMP[2012/04/19 00:03:58 | 000,618,108 | ---- | M] () -- C:\windows\System32\perfh009.dat[2012/04/19 00:03:58 | 000,107,388 | ---- | M] () -- C:\windows\System32\perfc009.dat[2012/04/18 19:43:13 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/04/18 15:09:40 | 000,001,835 | ---- | M] () -- C:\Users\Arne\Desktop\FBReader.lnk[2012/04/18 11:31:05 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk[2012/04/18 11:07:08 | 000,349,848 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT[2012/04/14 01:14:56 | 000,002,358 | ---- | M] () -- C:\Users\Arne\Desktop\Google Chrome.lnk[2012/04/08 23:14:32 | 011,364,790 | ---- | M] () -- C:\Users\Arne\Documents\671790WP0P127500China020300complete.pdf[2012/04/04 18:44:35 | 000,726,148 | ---- | M] () -- C:\Users\Arne\Documents\chinas_12th_five-year_plan.pdf[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys========== Files Created - No Company Name ==========[2012/04/27 22:43:10 | 000,000,094 | -H-- | C] () -- C:\Users\Arne\Documents\.~lock.Plan.ods#[2012/04/26 16:24:36 | 000,301,135 | ---- | C] () -- C:\Users\Arne\Desktop\01.jpg[2012/04/26 16:24:19 | 000,649,912 | ---- | C] () -- C:\Users\Arne\Desktop\02.jpg[2012/04/26 10:49:36 | 000,254,651 | ---- | C] () -- C:\Users\Arne\Desktop\malware still there.jpg[2012/04/26 10:48:40 | 000,000,512 | ---- | C] () -- C:\Users\Arne\Desktop\MBR.dat[2012/04/26 00:05:26 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe[2012/04/26 00:05:26 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe[2012/04/26 00:05:26 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe[2012/04/26 00:05:26 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe[2012/04/26 00:05:26 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe[2012/04/25 23:51:07 | 000,194,984 | ---- | C] () -- C:\Users\Arne\Desktop\most recent malware.jpg[2012/04/25 22:52:35 | 000,013,824 | ---- | C] () -- C:\windows\System32\drivers\TrueSight.sys[2012/04/24 19:42:27 | 000,038,593 | ---- | C] () -- C:\Users\Arne\Desktop\outgoing malware small.jpg[2012/04/24 19:41:35 | 000,208,399 | ---- | C] () -- C:\Users\Arne\Desktop\outgoing malware.jpg[2012/04/18 19:43:13 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/04/18 15:09:40 | 000,001,835 | ---- | C] () -- C:\Users\Arne\Desktop\FBReader.lnk[2012/04/08 23:19:19 | 011,364,790 | ---- | C] () -- C:\Users\Arne\Documents\671790WP0P127500China020300complete.pdf[2012/04/05 20:29:31 | 154,344,779 | ---- | C] () -- C:\windows\MEMORY.DMP[2012/04/04 18:44:42 | 000,726,148 | ---- | C] () -- C:\Users\Arne\Documents\chinas_12th_five-year_plan.pdf[2011/09/29 20:13:23 | 000,305,720 | ---- | C] () -- C:\windows\System32\GooglePinyin3EnRes.dll[2011/09/25 15:47:48 | 000,018,760 | ---- | C] () -- C:\windows\System32\QQVistaHelper.dll[2011/09/02 15:11:11 | 000,004,608 | ---- | C] () -- C:\Users\Arne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2011/08/17 17:27:18 | 000,000,000 | ---- | C] () -- C:\windows\PowerReg.dat[2010/12/21 16:11:28 | 000,007,599 | ---- | C] () -- C:\Users\Arne\AppData\Local\Resmon.ResmonCfg[2010/11/23 14:57:24 | 000,000,652 | ---- | C] () -- C:\windows\System32\drivers\scdskr01.dat[2010/11/23 14:57:24 | 000,000,500 | ---- | C] () -- C:\windows\System32\drivers\RSTable.dat[2010/11/23 14:57:24 | 000,000,436 | ---- | C] () -- C:\windows\System32\drivers\scdhkr01.dat[2010/11/23 14:57:23 | 000,000,036 | ---- | C] () -- C:\windows\System32\drivers\scdstr01.dat[2010/08/25 21:14:55 | 000,000,000 | ---- | C] () -- C:\Users\Arne\AppData\Roaming\wklnhst.dat[2010/08/08 22:51:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat[2010/06/29 22:31:44 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini========== LOP Check ==========[2012/02/11 17:32:06 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\.anki[2012/02/11 10:56:25 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\.matplotlib[2012/02/17 11:00:39 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Azureus[2012/04/18 15:12:46 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\calibre[2010/10/20 05:25:17 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\DataCast[2010/10/03 21:39:22 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\DVDVideoSoftIEHelpers[2012/01/19 01:13:19 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\mplayer[2010/08/25 06:36:11 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\OpenOffice.org[2010/08/11 20:04:09 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\PDF reDirect[2011/02/09 18:45:53 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\PlayFirst[2010/08/25 21:14:56 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Template[2011/09/25 16:01:12 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Tencent[2011/06/22 10:36:37 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Windows Live Writer[2012/04/24 13:02:44 | 000,032,608 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT========== Purity Check ==================== Files - Unicode (All) ==========[2011/11/12 00:53:35 | 000,033,915 | ---- | M] ()(C:\Users\Arne\Documents\??????????????????????.docx) -- C:\Users\Arne\Documents\北京中医药大学国医堂中医门诊部专家出诊时间表.docx[2011/11/12 00:53:24 | 000,033,915 | ---- | C] ()(C:\Users\Arne\Documents\??????????????????????.docx) -- C:\Users\Arne\Documents\北京中医药大学国医堂中医门诊部专家出诊时间表.docx========== Alternate Data Streams ==========@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:E1F04E8D@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:A42A9F39@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4CF61E54@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:ABE89FFE< End of report >OTL Extras logfile created on: 4/27/2012 11:53:36 PM - Run 1OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Arne\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 8.0.7601.17514)Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy1013.30 Mb Total Physical Memory | 157.65 Mb Available Physical Memory | 15.56% Memory free2.10 Gb Paging File | 0.61 Gb Available in Paging File | 28.98% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program FilesDrive C: | 150.27 Gb Total Space | 90.28 Gb Free Space | 60.08% Space Free | Partition Type: NTFSDrive D: | 67.51 Gb Total Space | 65.42 Gb Free Space | 96.90% Space Free | Partition Type: NTFSComputer Name: ARNE-PC | User Name: Arne | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation).hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)[HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\SOFTWARE\Classes\<extension>].bat [@ = batfile] -- Reg Error: Key error. File not found========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = Reg Error: Unknown registry data type -- File not found"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]========== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{172585EC-A1E4-4B74-830F-2D7C4C2C3E2C}" = lport=2869 | protocol=6 | dir=in | app=system | "{5E81CDA4-8FC7-4303-B7A7-E0909113DFEA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{668E2972-5AC1-42D4-B84C-5B1E4B780BC1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{6AD63518-332F-4098-8F62-AE4ED8AD1BDA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{076C08A2-71AB-45FF-A705-794B0EF82BBA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{2595AB1F-AC01-4C45-A751-58A1CA407403}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{E5C6471B-A467-490A-B202-30760FFAFA80}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{0FE0F6EF-5EFF-4946-ABAF-5156CD6BBFC4}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{73D83F21-1D89-4EBE-A2B6-3B61D17820C0}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.2"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client"{45535A5E-1F81-4F35-BE1D-43D10A7D03B4}" = Easy Resolution Manager"{4725E135-CF7D-4906-B4D0-D9F5FED44254}" = PreSetup HyperSpace"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax"{C455C4E0-6D64-4CA8-9CE7-C50ADCE61674}" = Xtra Controller Pro"{CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}" = Samsung Support Center"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software"755087041320E005CB1E8A67C5C55A260EB81B90" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)"7-Zip" = 7-Zip 4.65"8461-7759-5462-8226" = Vuze"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 11.6"Anki" = Anki"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)"FBReader for Windows" = FBReader for Windows"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8"GooglePinyin3" = 谷歌拼音输入法 3.0"HDMI" = Intel® Graphics Media Accelerator Driver"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400"Marvell Miniport Driver" = Marvell Miniport Driver"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft Security Client" = Microsoft Security Essentials"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)"PokerStars" = PokerStars"SynTPDeinstKey" = Synaptics Pointing Device Driver"TIPP10_is1" = TIPP10 Version 2.0.3"Uninstall_is1" = Uninstall 1.0.0.1"VirtualCloneDrive" = VirtualCloneDrive"VLC media player" = VLC media player 1.1.5========== HKEY_USERS Uninstall List ==========[HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Google Chrome" = Google Chrome========== Last 10 Event Log Errors ==========[ Application Events ]Error - 4/11/2012 12:56:30 PM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842824Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.Error - 4/13/2012 12:52:02 AM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.Error - 4/13/2012 12:53:19 AM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785Description = Activation context generation failed for "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.Error - 4/13/2012 12:55:04 AM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842824Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.Error - 4/13/2012 12:57:35 AM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785Description = Activation context generation failed for "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.Error - 4/13/2012 12:57:41 AM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785Description = Activation context generation failed for "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.Error - 4/13/2012 1:45:50 PM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.Error - 4/13/2012 1:47:21 PM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785Description = Activation context generation failed for "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.Error - 4/16/2012 5:44:01 AM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.Error - 4/16/2012 9:14:17 PM | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.[ Cisco AnyConnect VPN Client Events ]Error - 4/26/2012 7:44:21 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line: 644 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 4/26/2012 7:44:21 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line: 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -33161196 (0xFE060014)Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cppLine: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cppLine: 7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line: 5589 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5321Invoked Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5283Invoked Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cppLine: 5045 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 4/26/2012 7:44:28 PM | Computer Name = ARNE-PC | Source = vpnagent | ID = 67108866Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line: 4971 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE [ System Events ]Error - 6/27/2011 2:38:53 AM | Computer Name = Arne-PC | Source = Disk | ID = 262155Description = The driver detected a controller error on \Device\Harddisk1\DR2.Error - 6/28/2011 12:28:51 AM | Computer Name = Arne-PC | Source = Microsoft Antimalware | ID = 2001Description = %%860 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.107.463.0 Update Source: %%859 Update Stage: %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7000.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. Error - 6/28/2011 6:36:30 AM | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7011Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.Error - 6/29/2011 7:56:51 PM | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7011Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.Error - 6/29/2011 8:00:55 PM | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7026Description = The following boot-start or system-start driver(s) failed to load: cdromError - 7/3/2011 7:24:11 AM | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7011Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.Error - 7/3/2011 11:20:11 PM | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7011Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.Error - 7/4/2011 5:10:33 AM | Computer Name = Arne-PC | Source = DCOM | ID = 10010Description = Error - 7/4/2011 5:13:03 AM | Computer Name = Arne-PC | Source = Service Control Manager | ID = 7026Description = The following boot-start or system-start driver(s) failed to load: cdromError - 7/4/2011 5:13:20 AM | Computer Name = Arne-PC | Source = Microsoft Antimalware | ID = 3002Description = %%860 Real-Time Protection feature has encountered an error and failed.Feature: %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842< End of report > Link to post Share on other sites More sharing options...
MrCharlie Posted April 27, 2012 ID:546698 Share Posted April 27, 2012 Not much showing....please do this:Download, upzip the attached file (flush.zip), don't run it yet.Please do this:Run OTLUnder the Custom Scans/Fixes box at the bottom, paste in the following :OTLO3 - HKU\S-1-5-21-3948093705-1484294097-1952622497-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.:Commands[EMPTYJAVA][emptytemp]Then click the Run Fix button at the topLet the program run unhindered, when done it will say "Fix Complete press ok to open the log"Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.This will reboot the computer.Now right click on flush.bat and choose "Run as Administrator"-------------------Please Update and run a Quick Scan with MBAM, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how it is, MrCflush.zip Link to post Share on other sites More sharing options...
RedBarron Posted April 28, 2012 Author ID:546973 Share Posted April 28, 2012 Hey, sorry I didn't see your last post, I will do it tomorrow.. btw. this is the last time Malwarebytes blocked anything: 2012/04/26 00:59:13 +0800 IP-BLOCK 60.190.222.181 (Type: outgoing, Port: 50196, Process: chrome.exe)so fingers crossed, maybe something helped along the way Link to post Share on other sites More sharing options...
MrCharlie Posted April 28, 2012 ID:546974 Share Posted April 28, 2012 OK, I changed the OTL script a little, MrC Link to post Share on other sites More sharing options...
MrCharlie Posted May 3, 2012 ID:548378 Share Posted May 3, 2012 How are we doing??Do you still need help or can I close this post?? MrC Link to post Share on other sites More sharing options...
RedBarron Posted May 3, 2012 Author ID:548409 Share Posted May 3, 2012 Ok, so I thought I was good, then I got the same thing again:2012/05/02 10:52:53 +0800 IP-BLOCK 122.70.141.101 (Type: outgoing, Port: 59021, Process: chrome.exe)Here is the OTL log:All processes killed========== OTL ==========Registry value HKEY_USERS\S-1-5-21-3948093705-1484294097-1952622497-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.========== COMMANDS ==========[EMPTYJAVA]User: All UsersUser: Arne->Java cache emptied: 10237700 bytesUser: DefaultUser: Default UserUser: PublicTotal Java Files Cleaned = 10.00 mb[EMPTYTEMP]User: All UsersUser: Arne->Temp folder emptied: 56522282 bytes->Temporary Internet Files folder emptied: 56483518 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 80288214 bytes->Google Chrome cache emptied: 363081678 bytes->Flash cache emptied: 112725 bytesUser: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: Public->Temp folder emptied: 0 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 74464 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 531.00 mbOTL by OldTimer - Version 3.2.42.1 log created on 05032012_122652Files\Folders moved on Reboot...Registry entries deleted on Reboot...Here is the MBAM, ran a full scan:Malwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.05.03.01Windows 7 Service Pack 1 x86 NTFSInternet Explorer 8.0.7601.17514 [administrator]Protection: Enabled03.05.2012 13:29:15mbam-log-2012-05-03 (13-29-15).txtScan type: Full scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 293548Time elapsed: 1 hour(s), 26 minute(s), 30 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Recommended Posts