Sign in to follow this  
Followers 0
Quinny

Laptop crashes when trying to run scan

37 posts in this topic

Merged post

Hi,I've tried to run a scan with malwarebytes,Avast and eset online scan and they all freeze and crash the laptop when they get to this file c:\boot\bcd.log1.

I then have to hold down the power button to shutdown,the same thing happens in safemode aswell.

Thanks in advance for any help. :(

My os is Windows Vista home premium 64bit.

Share this post


Link to post
Share on other sites

Hello,

You need to temporarily turn OFF your Avast before starting the online scan :excl:

Do the ESET online first, and post result for review:

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://go.eset.com/us/online-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Re-enable the antivirus program.

Reply with copy of the Eset scan log

Share this post


Link to post
Share on other sites

Thanks for your reply.I tried to run eset online scan again,but like i said in my first post it freezes and crashes the laptop.

This time it got to11% and 18 files and froze at the file c:\boot\bootstat.dat i did try a second time and it froze at the same place

and crashed the laptop.

Share this post


Link to post
Share on other sites

Let's forget the ESET online. Do as much as you can of the following.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT by doing a Right-Click on it & select Run As Admisnistrator

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Show all files:

  • Click the Start button, and then click Computer.
  • On the Organize menu, click Folder and Search Options.
  • Click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders.
  • Click Apply > OK.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Turn OFF your AVAST so that it does not interfere.

Please follow my guidance. Ask if you have questions.

I am going to ask you to read very carefully. I am asking you to download to unique folder !!

Step 1. Close and save any open documents, and exit programs that you started.

Step 2. Download TDSSKiller.exe and SAVE it to a special folder

http://support.kaspe.../tdsskiller.exe

and be sure to SAVE it in this folder --> C:\Program Files\Malwarebytes' Anti-Malware\Chameleon

Step 3. Install the Chameleon driver by doing the following:

Press the Windows key + R and in the Run box, copy and paste the following command then press Enter. Copy All of the line from beginning to end {from the double-quote ...all the way to the last o ......ALL

"C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o

A black DOS prompt will appear with a prompt to press any key to continue, please do.

Step 4

Please read carefully and follow these steps.

  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please Copy & Paste that log in reply.

Step 5

Re-enable your AVAST.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

I also need for you to Copy & Paste the Checkup.txt log for review.

Share this post


Link to post
Share on other sites

Logfile of random's system information tool 1.09 (written by random/random)

Run by Wools at 2012-06-28 21:00:16

Microsoft® Windows Vista™ Home Premium Service Pack 2

System drive C: has 72 GB (32%) free of 224 GB

Total RAM: 4093 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:00:34, on 28/06/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16446)

Boot mode: Normal

Running processes:

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Windows Live\Companion\companionuser.exe

C:\Users\Wools\Desktop\RSIT.exe

C:\Program Files (x86)\trend micro\Wools.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=5ac17d93000000000000001f3c2b07eb&tlver=1.4.19.19&affID=17162

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

R3 - URLSearchHook: AF-HSS Toolbar - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll

R3 - URLSearchHook: (no name) - {90eee664-34b1-422a-a782-779af65cdf6d} - (no file)

R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

R3 - URLSearchHook: (no name) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02464DDC-3187-11D8-8004-0020ED227566} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - (no file)

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: AF-HSS Toolbar - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll

O3 - Toolbar: AF-HSS Toolbar - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Program Files (x86)\AF-HSS\tbAF-H.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: (no name) - !{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: C:\PROGRA~2\WI9130~1\Datamngr\datamngr.dll C:\PROGRA~2\WI9130~1\Datamngr\IEBHO.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe

O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: BecHelperService - Unknown owner - C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 12219 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\FreeFileViewerUpdateChecker.job

C:\Windows\tasks\GlaryInitialize.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3560542134-3112040110-2959616142-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3560542134-3112040110-2959616142-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Wools\AppData\Roaming\Mozilla\Firefox\Profiles\m54eyri2.default

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

"fe_9.0@nokia.com"=C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0

"{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]

"Description"=DivX Plus Web Player

"Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]

"Description"=DivX VOD Helper Plug-in

"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]

"Description"=Windows Presentation Foundation plug-in for Mozilla browsers

"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53]

"Description"=RealPlayer LiveConnect-Enabled Plug-In

"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53]

"Description"=RealJukebox Netscape Plugin

"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53]

"Description"=RealNetworks RealPlayer Chrome Background Extension Plug-In

"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53]

"Description"=RealPlayer HTML5VideoShim Plug-In

"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53]

"Description"=RealPlayer Download Plugin

"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\

nppdf32.dll

nppl3260.dll

nppl3260.xpt

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

npqtplugin6.dll

npqtplugin7.dll

nprjplug.dll

nprpplugin.dll

QuickTimePlugin.class

C:\Program Files (x86)\Mozilla Firefox\searchplugins\

amazondotcom.xml

babylon.xml

bing.xml

eBay.xml

google.xml

Search_Results.xml

twitter.xml

wikipedia.xml

yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02464DDC-3187-11D8-8004-0020ED227566}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-05-30 425680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]

DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-03-16 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]

Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-03-16 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0381dbd-e018-4e07-ae40-d96ab15083f0}]

AF-HSS Toolbar - C:\Program Files (x86)\AF-HSS\tbAF-H.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{f0381dbd-e018-4e07-ae40-d96ab15083f0} - AF-HSS Toolbar - C:\Program Files (x86)\AF-HSS\tbAF-H.dll [2010-10-18 3908192]

{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll [2010-10-18 3908192]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]

!{99079a25-328f-4bd4-be04-00955acaa0a7}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]

"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]

"Conime"=C:\Windows\system32\conime.exe [2009-04-11 69120]

C:\Users\Wools\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\PROGRA~2\WI9130~1\Datamngr\datamngr.dll C:\PROGRA~2\WI9130~1\Datamngr\IEBHO.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutorun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm

"vidc.cvid"=iccvid.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"VIDC.SCLS"=SCLS.dll

"VIDC.FFDS"=ff_vfw.dll

"vidc.yv12"=DivX.dll

"msacm.siren"=sirenacm.dll

"vidc.DIVX"=DivX.dll

======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1

.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-06-28 21:00:16 ----D---- C:\rsit

2012-06-28 21:00:16 ----D---- C:\Program Files (x86)\trend micro

2012-06-28 20:42:54 ----D---- C:\Windows\ERDNT

2012-06-28 20:41:06 ----D---- C:\Program Files (x86)\ERUNT

2012-06-28 18:34:24 ----D---- C:\Users\Wools\AppData\Roaming\Windows Live Writer

2012-06-27 20:20:29 ----D---- C:\Users\Wools\AppData\Roaming\dvdcss

2012-06-24 08:54:43 ----A---- C:\Windows\SysWOW64\wups.dll

2012-06-24 08:54:43 ----A---- C:\Windows\SysWOW64\wudriver.dll

2012-06-24 08:54:43 ----A---- C:\Windows\SysWOW64\wuapi.dll

2012-06-24 08:54:30 ----A---- C:\Windows\SysWOW64\wuwebv.dll

2012-06-24 08:54:30 ----A---- C:\Windows\SysWOW64\wuapp.exe

2012-06-23 15:52:12 ----D---- C:\Program Files (x86)\ESET

2012-06-22 18:22:26 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service

2012-06-22 17:47:35 ----D---- C:\Users\Wools\AppData\Roaming\Malwarebytes

2012-06-22 17:47:26 ----D---- C:\ProgramData\Malwarebytes

2012-06-22 17:47:25 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-22 15:51:19 ----SD---- C:\Windows\SysWOW64\Microsoft

2012-06-20 14:54:35 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-06-20 09:13:03 ----D---- C:\ProgramData\Mozilla

2012-06-16 19:50:27 ----D---- C:\Program Files (x86)\iTunes

2012-06-13 22:06:02 ----A---- C:\Windows\SysWOW64\url.dll

2012-06-13 22:06:02 ----A---- C:\Windows\SysWOW64\mshtmled.dll

2012-06-13 22:06:01 ----A---- C:\Windows\SysWOW64\urlmon.dll

2012-06-13 22:06:01 ----A---- C:\Windows\SysWOW64\iertutil.dll

2012-06-13 22:06:00 ----A---- C:\Windows\SysWOW64\ieui.dll

2012-06-13 22:05:59 ----A---- C:\Windows\SysWOW64\ieUnatt.exe

2012-06-13 22:05:58 ----A---- C:\Windows\SysWOW64\wininet.dll

2012-06-13 22:05:57 ----A---- C:\Windows\SysWOW64\jsproxy.dll

2012-06-13 22:05:57 ----A---- C:\Windows\SysWOW64\jscript9.dll

2012-06-13 22:05:57 ----A---- C:\Windows\SysWOW64\jscript.dll

2012-06-13 22:05:56 ----A---- C:\Windows\SysWOW64\mshtml.dll

2012-06-13 22:05:53 ----A---- C:\Windows\SysWOW64\ieframe.dll

2012-06-13 21:13:28 ----A---- C:\Windows\SysWOW64\cryptsvc.dll

2012-06-13 21:13:28 ----A---- C:\Windows\SysWOW64\cryptnet.dll

2012-06-13 21:13:28 ----A---- C:\Windows\SysWOW64\crypt32.dll

2012-06-10 19:25:33 ----D---- C:\Program Files (x86)\Dropbox

2012-05-30 19:35:02 ----D---- C:\Program Files (x86)\Common Files\xing shared

======List of files/folders modified in the last 1 month======

2012-06-28 21:00:20 ----D---- C:\Windows\Temp

2012-06-28 21:00:16 ----RD---- C:\Program Files (x86)

2012-06-28 20:42:54 ----D---- C:\Windows

2012-06-28 20:16:03 ----D---- C:\Windows\System32

2012-06-28 20:16:03 ----D---- C:\Windows\inf

2012-06-28 20:07:04 ----RD---- C:\Program Files

2012-06-28 20:00:16 ----D---- C:\Windows\Prefetch

2012-06-28 19:59:30 ----D---- C:\ProgramData\Kodak

2012-06-28 18:02:18 ----D---- C:\Program Files (x86)\Vuze

2012-06-28 17:37:32 ----D---- C:\Users\Wools\AppData\Roaming\Dropbox

2012-06-27 20:46:46 ----D---- C:\Users\Wools\AppData\Roaming\Azureus

2012-06-27 20:44:04 ----D---- C:\Windows\Debug

2012-06-27 20:20:46 ----D---- C:\Users\Wools\AppData\Roaming\vlc

2012-06-26 18:24:40 ----D---- C:\Windows\rescache

2012-06-26 18:13:39 ----SHD---- C:\System Volume Information

2012-06-26 07:18:16 ----D---- C:\Windows\SysWOW64\en-US

2012-06-26 07:18:15 ----D---- C:\Windows\SysWOW64

2012-06-25 22:25:22 ----D---- C:\Windows\winsxs

2012-06-23 16:12:39 ----D---- C:\Program Files (x86)\Windows Searchqu Toolbar

2012-06-23 15:36:30 ----D---- C:\ProgramData\Norton

2012-06-23 15:27:12 ----SHD---- C:\Windows\Installer

2012-06-23 15:27:12 ----SD---- C:\Users\Wools\AppData\Roaming\Microsoft

2012-06-22 18:22:24 ----D---- C:\Program Files (x86)\Mozilla Firefox

2012-06-22 17:47:26 ----HD---- C:\ProgramData

2012-06-22 15:53:02 ----D---- C:\Windows\Tasks

2012-06-22 15:16:24 ----D---- C:\Users\Wools\AppData\Roaming\Skype

2012-06-22 15:16:17 ----D---- C:\Windows\ModemLogs

2012-06-22 15:16:16 ----D---- C:\Windows\Logs

2012-06-16 19:50:28 ----D---- C:\Program Files (x86)\Common Files\Apple

2012-06-14 19:36:01 ----D---- C:\Windows\Microsoft.NET

2012-06-14 19:11:46 ----RSD---- C:\Windows\assembly

2012-06-13 22:45:14 ----D---- C:\Windows\SysWOW64\migration

2012-06-13 22:45:14 ----D---- C:\Program Files (x86)\Internet Explorer

2012-05-30 19:35:12 ----D---- C:\Program Files (x86)\Real

2012-05-30 19:35:02 ----D---- C:\Program Files (x86)\Common Files

2012-05-30 19:34:47 ----A---- C:\Windows\SysWOW64\rmoc3260.dll

2012-05-30 19:34:26 ----A---- C:\Windows\SysWOW64\pndx5032.dll

2012-05-30 19:34:26 ----A---- C:\Windows\SysWOW64\pndx5016.dll

2012-05-30 19:34:22 ----A---- C:\Windows\SysWOW64\pncrt.dll

2012-05-30 19:34:11 ----A---- C:\Windows\SysWOW64\msvcr71.dll

2012-05-30 19:34:11 ----A---- C:\Windows\SysWOW64\msvcp71.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []

R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys []

R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys []

R1 archlp;archlp; C:\Windows\system32\drivers\archlp.sys []

R1 aswRdr;aswRdr; C:\Windows\SysWOW64\drivers\aswRdr.sys []

R1 aswSnx;aswSnx; C:\Windows\SysWOW64\drivers\aswSnx.sys []

R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []

R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []

R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []

R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []

R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []

R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdpx64.sys []

R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2010-12-01 125512]

R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []

R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys []

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []

R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []

R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV6.SYS []

R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL6.SYS []

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []

R3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETw3v64.sys []

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []

R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-06-12 1729152]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS []

R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys []

R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys []

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []

S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys []

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []

S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys []

S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys []

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []

S3 pwdrvio;pwdrvio; \??\C:\Windows\system32\pwdrvio.sys []

S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys []

S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys []

S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys []

S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []

S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []

S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys []

S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys []

S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys []

S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys []

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []

S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys []

S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys []

S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys []

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8; C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-05-24 55184]

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]

R2 BecHelperService;BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]

R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]

R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-11-22 358936]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service; C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]

R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

R2 McciCMService;McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [2011-03-23 319488]

R2 TVersityMediaServer;TVersity Media Server; C:\ProgramData\TVersity\Media Server\MediaServer.exe [2011-07-29 1249064]

R2 VideoAcceleratorService;VideoAcceleratorService; C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe [2012-03-20 313624]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]

S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 257224]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-02-17 867080]

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]

S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-06-07 936848]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]

S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]

S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]

S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.09 2012-06-28 21:00:37

======Uninstall list======

-->C:\Program Files (x86)\MAGIX\Speed2_burnR_mxcdr\unwise.exe

3Connect-->"C:\Program Files (x86)\InstallShield Installation Information\{A899DA1F-D626-401C-8651-F2921E3B4CB3}\setup.exe" -runfromtemp -l0x0009 -removeonly /z"Uninstall"

Acer Crystal Eye webcam-->C:\Program Files (x86)\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly -u

Acoustica Effects Pack-->C:\PROGRA~2\ACOUST~2\UNWISE.EXE C:\PROGRA~2\ACOUST~2\INSTALL.LOG

Acronis Disk Director Suite-->MsiExec.exe /X{2300EE96-0A41-4FAB-BD03-989EC44577A0}

Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{FE23D063-934D-4829-A0D8-00634CE79B4A}

Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe -maintain activex

Adobe Photoshop Elements 8.0-->msiexec /i {17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}

Adobe Reader X (10.1.3)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}

AF-HSS Toolbar-->C:\PROGRA~2\AF-HSS\UNWISE.EXE /U C:\PROGRA~2\AF-HSS\INSTALL.LOG

aioscnnr-->MsiExec.exe /X{376348C2-E372-48BC-A138-E896757BD86A}

aioscnnr-->MsiExec.exe /X{EF53BFAB-4C10-40DB-A82D-9B07111715C6}

AnyDVD-->"C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files (x86)\SlySoft\AnyDVD"

Apple Application Support-->MsiExec.exe /I{122ADF8C-DDA1-480C-9936-C88F2825B265}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

ArcSoft TotalMedia Theatre 3-->C:\Program Files (x86)\InstallShield Installation Information\{B5F47039-9B19-4AC3-9A4A-E1CA3068E59F}\setup.exe

ArcSoft TotalMedia Theatre 3-->C:\Program Files (x86)\InstallShield Installation Information\{B5F47039-9B19-4AC3-9A4A-E1CA3068E59F}\setup.exe -runfromtemp -l0x0409

avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup

AviSynth 2.5-->"C:\Program Files (x86)\AviSynth 2.5\Uninstall.exe"

C4USelfUpdater-->MsiExec.exe /I{48B41C3A-9A92-4B81-B653-C97FEB85C910}

Catalyst Control Center - Branding-->MsiExec.exe /I{01C08A7D-4CCD-41F8-B020-4B4BB8C08C68}

center-->MsiExec.exe /I{56BA241F-580C-43D2-8403-947241AAE633}

Conduit Engine-->C:\PROGRA~2\CONDUI~1\ConduitEngineUninstall.exe

D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}

DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall

Driver Genius Professional Edition-->"C:\Program Files (x86)\Driver-Soft\DriverGenius\unins000.exe"

DVD Shrink 3.2-->"C:\Program Files (x86)\DVD Shrink\unins000.exe"

ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"

essentials-->MsiExec.exe /I{BE94C681-68E2-4561-8ABC-8D2E799168B4}

ffdshow v1.1.4225 [2012-01-05]-->"C:\Program Files (x86)\ffdshow\unins000.exe"

File Type Assistant-->"C:\Program Files (x86)\File Type Assistant\unins000.exe"

Firebird SQL Server - MAGIX Edition-->MsiExec.exe /X{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}

Free File Viewer 2011-->"C:\Program Files (x86)\FreeFileViewer\unins000.exe"

Free Mp3 Wma Converter V 2.2-->"C:\Program Files (x86)\Free mp3 Wma Converter\unins001.exe"

Glary Utilities Pro 2.31.0.1098-->"C:\Program Files (x86)\Glary Utilities\unins000.exe"

Gygan-->"C:\Program Files (x86)\Gygan BETA\unins000.exe"

Haali Media Splitter-->"C:\Program Files (x86)\Haali\MatroskaSplitter\uninstall.exe"

HandBrake 0.9.6-->C:\Program Files (x86)\Handbrake\uninst.exe

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""

ImgBurn-->"C:\Program Files (x86)\ImgBurn\uninstall.exe"

ImTOO DVD Ripper Ultimate-->C:\Program Files (x86)\ImTOO\DVD Ripper ultimate 5\Uninstall.exe

Java 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022F0}

Java 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}

Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}

KODAK AiO Software-->C:\ProgramData\Kodak\Installer\Setup.exe /Web /x "{E0F274B7-592B-4669-8FB8-8D9825A09858}" CompanyName="Eastman Kodak Company" /code "1033"

Logitech Harmony Remote Software 7-->C:\Program Files (x86)\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x0009 -removeonly

MAGIX 3D Maker (embedded MSI)-->MsiExec.exe /X{5BE364B5-D787-414A-B948-DD972510E679}

MAGIX Screenshare-->MsiExec.exe /X{66854780-6E02-4125-9920-1C5414CC5983}

MAGIX Speed 2 (MSI)-->MsiExec.exe /X{5061491D-F30D-4A33-8D9F-721D9201D15D}

MAGIX Video Pro X2 Download Version-->"C:\Program Files (x86)\MAGIX\Video_Pro_X2\Video_Pro_X2_en-GB_setup.exe"

MAGIX Video Pro X2 Download Version-->MsiExec.exe /I{0AC4E3A1-1152-4674-8C64-E4B969421633}

Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}

Messenger Companion-->MsiExec.exe /I{50816F92-1652-4A7C-B9BC-48F682742C4B}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft_VC100_CRT_SP1_x86-->MsiExec.exe /I{E3B64CC5-C011-40C0-92BC-7316CD5E5688}

Mozilla Firefox 13.0.1 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"

MSU Screen Capture Lossless Codec v1.2 (Remove Only)-->RunDLL32.exe advpack.dll,LaunchINFSection SCLS.INF, DefaultUnInstall

MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}

MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}

MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}

MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Nokia Connectivity Cable Driver-->MsiExec.exe /I{4AA68A73-DB9C-439D-9481-981C82BD008B}

Nokia Lifeblog 2.5-->MsiExec.exe /I{E94603CA-2996-4154-8EE2-A5FCD4BFB500}

Nokia Suite-->C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}\Installer.exe

Nokia Suite-->MsiExec.exe /X{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}

ocr-->MsiExec.exe /I{BFBCF96F-7361-486A-965C-54B17AC35421}

OpenOffice.org 3.3-->MsiExec.exe /I{82AF3E91-57E1-4754-84D0-40A46E2479AB}

PC Connectivity Solution-->MsiExec.exe /I{A2AA4204-C05A-4013-888A-AD153139297F}

PreReq-->MsiExec.exe /I{DA5BDB2A-12F0-4343-8351-21AAEB293990}

QuickTime-->MsiExec.exe /I{0E64B098-8018-4256-BA23-C316A43AD9B0}

RealNetworks - Microsoft Visual C++ 2005 Runtime-->MsiExec.exe /I{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}

RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}

RealPlayer-->c:\program files (x86)\real\realplayer\Update\r1puninst.exe RealNetworks|RealPlayer|15.0

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly

RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}

Remote Control USB Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly

Safari-->MsiExec.exe /I{C779648B-410E-4BBA-B75B-5815BCEFE71D}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {480E8A87-3B8C-3ECE-8CEA-6B2349AE1C1F} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {897A5D64-963A-3C11-A176-F6766BD09D16} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client

Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}

Skype™ 5.8-->MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}

TVersity Codec Pack 1.7-->C:\Program Files (x86)\TVersity Codec Pack\uninst.exe

TVersity Media Server 1.9.7-->C:\ProgramData\TVersity\Media Server\uninst.exe

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client

VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}

Visual Studio 2008 x64 Redistributables-->MsiExec.exe /I{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}

VLC media player 2.0.1-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe

Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}

Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}

Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}

Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}

Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}

Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}

Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}

Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}

Windows Live Messenger Companion Core-->MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}

Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}

Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}

Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}

Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}

Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}

Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}

Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}

Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}

Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}

Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}

Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}

Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}

Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}

Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}

WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe

Xiph.Org Open Codecs 0.85.17777-->C:\Program Files (x86)\Xiph.Org\Open Codecs\uninst.exe

ZTE_1.2059.0.8-->C:\Program Files (x86)\ZTE_1.2059.0.8\ZTE_1.2059.0.8Uninstall.exe

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Wools-PC

Event Code: 1003

Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001F3C2B07EB. The following error occurred:

The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Record Number: 136197

Source Name: Microsoft-Windows-Dhcp-Client

Time Written: 20120107105528.000000-000

Event Type: Warning

User:

Computer Name: Wools-PC

Event Code: 1003

Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001F3C2B07EB. The following error occurred:

The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Record Number: 136196

Source Name: Microsoft-Windows-Dhcp-Client

Time Written: 20120107105528.000000-000

Event Type: Warning

User:

Computer Name: Wools-PC

Event Code: 225

Message: The application \Device\HarddiskVolume2\Windows\explorer.exe with process id 1568 stopped the removal or ejection for the device USB\VID_0420&PID_1307\110074973765.

Record Number: 136156

Source Name: Microsoft-Windows-Kernel-PnP

Time Written: 20120106161608.686886-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Wools-PC

Event Code: 4

Message: Broadcom NetLink Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 135976

Source Name: b57nd60a

Time Written: 20120106100847.513334-000

Event Type: Warning

User:

Computer Name: Wools-PC

Event Code: 4001

Message: WLAN AutoConfig service has successfully stopped.

Record Number: 135966

Source Name: Microsoft-Windows-WLAN-AutoConfig

Time Written: 20120105132447.166876-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Wools-PC

Event Code: 1530

Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -

3 user registry handles leaked from \Registry\User\S-1-5-21-3560542134-3112040110-2959616142-1000:

Process 3496 (\Device\HarddiskVolume2\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000

Process 3580 (\Device\HarddiskVolume2\PROGRA~2\SPEEDB~1\VideoAcceleratorEngine.exe) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000

Process 3580 (\Device\HarddiskVolume2\PROGRA~2\SPEEDB~1\VideoAcceleratorEngine.exe) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000

Record Number: 95900

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20110831225133.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Wools-PC

Event Code: 1036

Message: InitializePrintProvider failed for provider win32spl.dll. This can occur because of system instability or a lack of system resources.

Record Number: 95877

Source Name: Microsoft-Windows-SpoolerSpoolss

Time Written: 20110831221702.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Wools-PC

Event Code: 1530

Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -

16 user registry handles leaked from \Registry\User\S-1-5-21-3560542134-3112040110-2959616142-1000:

Process 3600 (\Device\HarddiskVolume2\PROGRA~2\SPEEDB~1\VideoAcceleratorEngine.exe) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000

Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000

Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000

Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000

Process 3508 (\Device\HarddiskVolume2\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000

Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\SmartCardRoot

Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\My

Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\CA

Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Policies\Microsoft\SystemCertificates

Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Policies\Microsoft\SystemCertificates

Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Policies\Microsoft\SystemCertificates

Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\Root

Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\TrustedPeople

Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\Disallowed

Process 3600 (\Device\HarddiskVolume2\PROGRA~2\SPEEDB~1\VideoAcceleratorEngine.exe) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000

Process 3564 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\trust

Record Number: 95864

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20110831191651.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Wools-PC

Event Code: 1036

Message: InitializePrintProvider failed for provider win32spl.dll. This can occur because of system instability or a lack of system resources.

Record Number: 95837

Source Name: Microsoft-Windows-SpoolerSpoolss

Time Written: 20110831183028.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Wools-PC

Event Code: 1530

Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -

18 user registry handles leaked from \Registry\User\S-1-5-21-3560542134-3112040110-2959616142-1000:

Process 3616 (\Device\HarddiskVolume2\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000

Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000

Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000

Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000

Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000

Process 9156 (\Device\HarddiskVolume2\PROGRA~2\SPEEDB~1\VideoAcceleratorEngine.exe) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000

Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\SmartCardRoot

Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\My

Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\CA

Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Policies\Microsoft\SystemCertificates

Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Policies\Microsoft\SystemCertificates

Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Policies\Microsoft\SystemCertificates

Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Policies\Microsoft\SystemCertificates

Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\Root

Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\TrustedPeople

Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\Disallowed

Process 9156 (\Device\HarddiskVolume2\PROGRA~2\SPEEDB~1\VideoAcceleratorEngine.exe) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000

Process 3692 (\Device\HarddiskVolume2\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3560542134-3112040110-2959616142-1000\Software\Microsoft\SystemCertificates\trust

Record Number: 95827

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20110831104303.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: Wools-PC

Event Code: 4634

Message: An account was logged off.

Subject:

Security ID: S-1-5-7

Account Name: ANONYMOUS LOGON

Account Domain: NT AUTHORITY

Logon ID: 0x3c84c

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.

Record Number: 20573

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110809124955.804222-000

Event Type: Audit Success

User:

Computer Name: Wools-PC

Event Code: 1100

Message: The event logging service has shut down.

Record Number: 20572

Source Name: Microsoft-Windows-Eventlog

Time Written: 20110809124955.320622-000

Event Type: Audit Success

User:

Computer Name: Wools-PC

Event Code: 4672

Message: Special privileges assigned to new logon.

Subject:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 20571

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110809124952.840222-000

Event Type: Audit Success

User:

Computer Name: Wools-PC

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-5-18

Account Name: WOOLS-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon Type: 5

New Logon:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x2ec

Process Name: C:\Windows\System32\services.exe

Network Information:

Workstation Name:

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: Advapi

Authentication Package: Negotiate

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 20570

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110809124952.840222-000

Event Type: Audit Success

User:

Computer Name: Wools-PC

Event Code: 4648

Message: A logon was attempted using explicit credentials.

Subject:

Security ID: S-1-5-18

Account Name: WOOLS-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:

Target Server Name: localhost

Additional Information: localhost

Process Information:

Process ID: 0x2ec

Process Name: C:\Windows\System32\services.exe

Network Information:

Network Address: -

Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.

Record Number: 20569

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20110809124952.840222-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Program Files (x86)\PC Connectivity Solution\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 13, GenuineIntel

"PROCESSOR_REVISION"=0f0d

"NUMBER_OF_PROCESSORS"=2

"TRACE_FORMAT_SEARCH_PATH"=\\winseqfe\release\Windows6.0\lh_sp2rtm\6002.18005.090410-1830\amd64fre\symbols.pri\TraceFormat

"DFSTRACINGON"=FALSE

"asl.log"=Destination=file

"KDS_LANGUAGE"=13

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Share this post


Link to post
Share on other sites

When i hit enter after pasting this command "C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o

i get this alert 7462836226_378f1a2747_n.jpg

Share this post


Link to post
Share on other sites

Please note malwarebytes is not in program files but is in program files (86).But i did alter command to (86)

but the same alert came up.

Share this post


Link to post
Share on other sites

My bad on the location of MalwareBytes MBAM :(

Please follow my guidance. Ask if you have questions.

I am going to ask you to read very carefully. I am asking you to download to unique folder !!

Step 1. Close and save any open documents, and exit programs that you started.

Step 2. Download TDSSKiller.exe and SAVE it to a special folder

>> download from here<<

and be sure to SAVE it in this folder --> C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon :excl:

Step 3. Install the Chameleon driver by doing the following:

Press the Windows key + R and in the Run box, copy and paste the following command then press Enter. Copy All of the line from beginning to end {from the double-quote ...all the way to the last o ......ALL

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o

A black DOS prompt will appear with a prompt to press any key to continue, please do.

Step 4

Please read carefully and follow these steps.

  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please Copy & Paste that log in reply.

Step 5

Re-enable your AVAST.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

I also need for you to Copy & Paste the Checkup.txt log for review.

Share this post


Link to post
Share on other sites

From your new instructions i managed to get the dos screen to show,i then clicked any key and it said "done" then prompted me to press any key again then the dos screen disappeared.

So i opened up chameleon and ran TDSSKiller.exe from there(hope thats right)

TDSSKiller reports "no threats found".Here's the logfile.

09:28:56.0309 4960 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44

09:28:56.0590 4960 ============================================================

09:28:56.0590 4960 Current date / time: 2012/06/29 09:28:56.0590

09:28:56.0605 4960 SystemInfo:

09:28:56.0605 4960

09:28:56.0605 4960 OS Version: 6.0.6002 ServicePack: 2.0

09:28:56.0605 4960 Product type: Workstation

09:28:56.0605 4960 ComputerName: WOOLS-PC

09:28:56.0605 4960 UserName: Wools

09:28:56.0605 4960 Windows directory: C:\Windows

09:28:56.0605 4960 System windows directory: C:\Windows

09:28:56.0605 4960 Running under WOW64

09:28:56.0605 4960 Processor architecture: Intel x64

09:28:56.0605 4960 Number of processors: 2

09:28:56.0605 4960 Page size: 0x1000

09:28:56.0605 4960 Boot type: Normal boot

09:28:56.0605 4960 ============================================================

09:28:57.0167 4960 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

09:28:57.0167 4960 ============================================================

09:28:57.0167 4960 \Device\Harddisk0\DR0:

09:28:57.0167 4960 MBR partitions:

09:28:57.0167 4960 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x157B000, BlocksNum 0x1B5C4000

09:28:57.0167 4960 ============================================================

09:28:57.0198 4960 C: <-> \Device\Harddisk0\DR0\Partition0

09:28:57.0198 4960 ============================================================

09:28:57.0198 4960 Initialize success

09:28:57.0198 4960 ============================================================

09:29:27.0197 4564 ============================================================

09:29:27.0197 4564 Scan started

09:29:27.0197 4564 Mode: Manual;

09:29:27.0197 4564 ============================================================

09:29:27.0665 4564 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

09:29:27.0680 4564 ACPI - ok

09:29:27.0946 4564 AcronisOSSReinstallSvc (e2769e2699af88ca3c57289a8a32ed19) C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe

09:29:27.0961 4564 AcronisOSSReinstallSvc - ok

09:29:28.0039 4564 AdobeActiveFileMonitor8.0 (34400005de52842c4d6d4ee978b4d7ce) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

09:29:28.0039 4564 AdobeActiveFileMonitor8.0 - ok

09:29:28.0133 4564 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

09:29:28.0133 4564 AdobeARMservice - ok

09:29:28.0304 4564 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

09:29:28.0320 4564 AdobeFlashPlayerUpdateSvc - ok

09:29:28.0460 4564 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

09:29:28.0476 4564 adp94xx - ok

09:29:28.0538 4564 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

09:29:28.0554 4564 adpahci - ok

09:29:28.0585 4564 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

09:29:28.0601 4564 adpu160m - ok

09:29:28.0648 4564 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

09:29:28.0663 4564 adpu320 - ok

09:29:28.0710 4564 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll

09:29:28.0710 4564 AeLookupSvc - ok

09:29:28.0772 4564 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys

09:29:28.0804 4564 AFD - ok

09:29:28.0835 4564 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

09:29:28.0835 4564 agp440 - ok

09:29:28.0866 4564 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

09:29:28.0866 4564 aic78xx - ok

09:29:28.0897 4564 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe

09:29:28.0897 4564 ALG - ok

09:29:28.0913 4564 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

09:29:28.0913 4564 aliide - ok

09:29:28.0944 4564 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

09:29:28.0944 4564 amdide - ok

09:29:28.0960 4564 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

09:29:28.0960 4564 AmdK8 - ok

09:29:29.0006 4564 AnyDVD (821e7e501226ee344fdb0f40ee46109d) C:\Windows\system32\Drivers\AnyDVD.sys

09:29:29.0022 4564 AnyDVD - ok

09:29:29.0053 4564 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll

09:29:29.0069 4564 Appinfo - ok

09:29:29.0194 4564 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

09:29:29.0194 4564 Apple Mobile Device - ok

09:29:29.0225 4564 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

09:29:29.0225 4564 arc - ok

09:29:29.0272 4564 archlp (f97c3aaf0699e0b85df1a02de8aae333) C:\Windows\system32\drivers\archlp.sys

09:29:29.0287 4564 archlp - ok

09:29:29.0318 4564 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

09:29:29.0334 4564 arcsas - ok

09:29:29.0381 4564 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys

09:29:29.0381 4564 aswFsBlk - ok

09:29:29.0459 4564 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys

09:29:29.0459 4564 aswMonFlt - ok

09:29:29.0506 4564 aswRdr (ee1e8fea9d6dfe066aba3a8ea455a1f2) C:\Windows\system32\drivers\aswRdr.sys

09:29:29.0506 4564 aswRdr - ok

09:29:29.0615 4564 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys

09:29:29.0630 4564 aswSnx - ok

09:29:29.0677 4564 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys

09:29:29.0693 4564 aswSP - ok

09:29:29.0708 4564 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys

09:29:29.0708 4564 aswTdi - ok

09:29:29.0740 4564 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

09:29:29.0755 4564 AsyncMac - ok

09:29:29.0771 4564 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

09:29:29.0771 4564 atapi - ok

09:29:29.0896 4564 Ati External Event Utility (4c972c5bf89ce87cdc06edbf655e11b1) C:\Windows\system32\Ati2evxx.exe

09:29:29.0927 4564 Ati External Event Utility - ok

09:29:30.0426 4564 atikmdag (418dc1a36586eed9af4bc60e3c6f2ea7) C:\Windows\system32\DRIVERS\atikmdag.sys

09:29:30.0520 4564 atikmdag - ok

09:29:30.0676 4564 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

09:29:30.0722 4564 AudioEndpointBuilder - ok

09:29:30.0722 4564 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

09:29:30.0738 4564 AudioSrv - ok

09:29:30.0816 4564 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

09:29:30.0832 4564 avast! Antivirus - ok

09:29:30.0894 4564 b57nd60a (1777e5ac9fc74f7991b2aba25ea34759) C:\Windows\system32\DRIVERS\b57nd60a.sys

09:29:30.0910 4564 b57nd60a - ok

09:29:31.0175 4564 BecHelperService (553e94ae71d233c14a8c8b4af9286ed0) C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe

09:29:31.0190 4564 BecHelperService - ok

09:29:31.0346 4564 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll

09:29:31.0362 4564 BFE - ok

09:29:31.0518 4564 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll

09:29:31.0549 4564 BITS - ok

09:29:31.0612 4564 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

09:29:31.0612 4564 blbdrive - ok

09:29:31.0721 4564 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

09:29:31.0736 4564 Bonjour Service - ok

09:29:31.0783 4564 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

09:29:31.0799 4564 bowser - ok

09:29:31.0814 4564 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

09:29:31.0830 4564 BrFiltLo - ok

09:29:31.0846 4564 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

09:29:31.0846 4564 BrFiltUp - ok

09:29:31.0877 4564 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll

09:29:31.0892 4564 Browser - ok

09:29:31.0924 4564 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

09:29:31.0939 4564 Brserid - ok

09:29:31.0955 4564 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

09:29:31.0970 4564 BrSerWdm - ok

09:29:31.0986 4564 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

09:29:31.0986 4564 BrUsbMdm - ok

09:29:32.0002 4564 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

09:29:32.0002 4564 BrUsbSer - ok

09:29:32.0033 4564 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

09:29:32.0048 4564 BTHMODEM - ok

09:29:32.0064 4564 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

09:29:32.0080 4564 cdfs - ok

09:29:32.0111 4564 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

09:29:32.0111 4564 cdrom - ok

09:29:32.0142 4564 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

09:29:32.0142 4564 CertPropSvc - ok

09:29:32.0158 4564 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys

09:29:32.0173 4564 circlass - ok

09:29:32.0251 4564 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

09:29:32.0267 4564 CLFS - ok

09:29:32.0329 4564 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:29:32.0329 4564 clr_optimization_v2.0.50727_32 - ok

09:29:32.0376 4564 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

09:29:32.0392 4564 clr_optimization_v2.0.50727_64 - ok

09:29:32.0454 4564 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:29:32.0470 4564 clr_optimization_v4.0.30319_32 - ok

09:29:32.0516 4564 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

09:29:32.0516 4564 clr_optimization_v4.0.30319_64 - ok

09:29:32.0548 4564 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys

09:29:32.0548 4564 CmBatt - ok

09:29:32.0579 4564 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

09:29:32.0579 4564 cmdide - ok

09:29:32.0610 4564 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys

09:29:32.0610 4564 Compbatt - ok

09:29:32.0626 4564 COMSysApp - ok

09:29:32.0626 4564 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

09:29:32.0626 4564 crcdisk - ok

09:29:32.0719 4564 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll

09:29:32.0719 4564 CryptSvc - ok

09:29:32.0844 4564 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

09:29:32.0860 4564 DcomLaunch - ok

09:29:32.0922 4564 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

09:29:32.0938 4564 DfsC - ok

09:29:33.0390 4564 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe

09:29:33.0499 4564 DFSR - ok

09:29:33.0640 4564 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll

09:29:33.0671 4564 Dhcp - ok

09:29:33.0718 4564 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

09:29:33.0718 4564 disk - ok

09:29:33.0764 4564 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll

09:29:33.0780 4564 Dnscache - ok

09:29:33.0827 4564 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll

09:29:33.0842 4564 dot3svc - ok

09:29:33.0889 4564 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll

09:29:33.0905 4564 DPS - ok

09:29:33.0936 4564 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

09:29:33.0936 4564 drmkaud - ok

09:29:34.0076 4564 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

09:29:34.0108 4564 DXGKrnl - ok

09:29:34.0139 4564 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

09:29:34.0154 4564 E1G60 - ok

09:29:34.0201 4564 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll

09:29:34.0201 4564 EapHost - ok

09:29:34.0232 4564 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

09:29:34.0248 4564 Ecache - ok

09:29:34.0357 4564 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe

09:29:34.0404 4564 ehRecvr - ok

09:29:34.0435 4564 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe

09:29:34.0451 4564 ehSched - ok

09:29:34.0498 4564 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll

09:29:34.0498 4564 ehstart - ok

09:29:34.0529 4564 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys

09:29:34.0529 4564 ElbyCDIO - ok

09:29:34.0576 4564 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

09:29:34.0638 4564 elxstor - ok

09:29:34.0716 4564 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll

09:29:34.0732 4564 EMDMgmt - ok

09:29:34.0778 4564 ErrDev (c2d322c84530db37d3e8e1c7e011bf16) C:\Windows\system32\drivers\errdev.sys

09:29:34.0778 4564 ErrDev - ok

09:29:34.0841 4564 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll

09:29:34.0841 4564 EventSystem - ok

09:29:34.0872 4564 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

09:29:34.0888 4564 exfat - ok

09:29:34.0950 4564 Fabs - ok

09:29:34.0997 4564 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

09:29:34.0997 4564 fastfat - ok

09:29:35.0028 4564 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

09:29:35.0028 4564 fdc - ok

09:29:35.0044 4564 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll

09:29:35.0044 4564 fdPHost - ok

09:29:35.0059 4564 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll

09:29:35.0059 4564 FDResPub - ok

09:29:35.0075 4564 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

09:29:35.0075 4564 FileInfo - ok

09:29:35.0106 4564 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

09:29:35.0106 4564 Filetrace - ok

09:29:35.0340 4564 FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe

09:29:35.0371 4564 FirebirdServerMAGIXInstance - ok

09:29:35.0512 4564 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

09:29:35.0527 4564 FLEXnet Licensing Service - ok

09:29:35.0636 4564 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

09:29:35.0652 4564 flpydisk - ok

09:29:35.0683 4564 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

09:29:35.0699 4564 FltMgr - ok

09:29:35.0839 4564 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll

09:29:35.0886 4564 FontCache - ok

09:29:35.0964 4564 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

09:29:35.0964 4564 FontCache3.0.0.0 - ok

09:29:36.0026 4564 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys

09:29:36.0042 4564 fssfltr - ok

09:29:36.0229 4564 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

09:29:36.0245 4564 fsssvc - ok

09:29:36.0354 4564 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys

09:29:36.0354 4564 Fs_Rec - ok

09:29:36.0401 4564 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

09:29:36.0401 4564 gagp30kx - ok

09:29:36.0448 4564 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

09:29:36.0448 4564 GEARAspiWDM - ok

09:29:36.0541 4564 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll

09:29:36.0557 4564 gpsvc - ok

09:29:36.0604 4564 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys

09:29:36.0619 4564 HdAudAddService - ok

09:29:36.0697 4564 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

09:29:36.0728 4564 HDAudBus - ok

09:29:36.0744 4564 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

09:29:36.0760 4564 HidBth - ok

09:29:36.0775 4564 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys

09:29:36.0775 4564 HidIr - ok

09:29:36.0838 4564 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll

09:29:36.0838 4564 hidserv - ok

09:29:36.0853 4564 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

09:29:36.0853 4564 HidUsb - ok

09:29:36.0900 4564 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll

09:29:36.0900 4564 hkmsvc - ok

09:29:36.0916 4564 HpCISSs (a27e8af2caac5e2693e6d4e2fce9b54f) C:\Windows\system32\drivers\hpcisss.sys

09:29:36.0931 4564 HpCISSs - ok

09:29:36.0978 4564 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

09:29:36.0994 4564 HSFHWAZL - ok

09:29:37.0134 4564 HSF_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

09:29:37.0165 4564 HSF_DPV - ok

09:29:37.0337 4564 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

09:29:37.0352 4564 HTTP - ok

09:29:37.0384 4564 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

09:29:37.0384 4564 i2omp - ok

09:29:37.0399 4564 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

09:29:37.0415 4564 i8042prt - ok

09:29:37.0493 4564 IAANTMON (681ef6e0cc7bbaa0c09acabeb91f669e) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

09:29:37.0524 4564 IAANTMON - ok

09:29:37.0571 4564 iaStor (16a4671255cfb842225f0fdb6dbdb414) C:\Windows\system32\DRIVERS\iaStor.sys

09:29:37.0586 4564 iaStor - ok

09:29:37.0618 4564 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

09:29:37.0633 4564 iaStorV - ok

09:29:37.0789 4564 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

09:29:37.0789 4564 idsvc - ok

09:29:37.0836 4564 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

09:29:37.0836 4564 iirsp - ok

09:29:37.0914 4564 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll

09:29:37.0945 4564 IKEEXT - ok

09:29:38.0117 4564 IntcAzAudAddService (f1a17d24959b942ca290ee976a0e2175) C:\Windows\system32\drivers\RTKVHD64.sys

09:29:38.0164 4564 IntcAzAudAddService - ok

09:29:38.0179 4564 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

09:29:38.0179 4564 intelide - ok

09:29:38.0195 4564 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

09:29:38.0210 4564 intelppm - ok

09:29:38.0226 4564 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll

09:29:38.0242 4564 IPBusEnum - ok

09:29:38.0273 4564 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

09:29:38.0273 4564 IpFilterDriver - ok

09:29:38.0335 4564 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll

09:29:38.0351 4564 iphlpsvc - ok

09:29:38.0366 4564 IpInIp - ok

09:29:38.0382 4564 IPMIDRV (e41dd7038db14ae9d35b47b10bdce58a) C:\Windows\system32\drivers\ipmidrv.sys

09:29:38.0398 4564 IPMIDRV - ok

09:29:38.0429 4564 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

09:29:38.0444 4564 IPNAT - ok

09:29:38.0647 4564 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe

09:29:38.0663 4564 iPod Service - ok

09:29:38.0678 4564 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

09:29:38.0678 4564 IRENUM - ok

09:29:38.0694 4564 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

09:29:38.0710 4564 isapnp - ok

09:29:38.0741 4564 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

09:29:38.0741 4564 iScsiPrt - ok

09:29:38.0772 4564 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

09:29:38.0772 4564 iteatapi - ok

09:29:38.0803 4564 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

09:29:38.0803 4564 iteraid - ok

09:29:38.0819 4564 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

09:29:38.0819 4564 kbdclass - ok

09:29:38.0850 4564 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

09:29:38.0850 4564 kbdhid - ok

09:29:38.0866 4564 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

09:29:38.0881 4564 KeyIso - ok

09:29:39.0022 4564 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

09:29:39.0022 4564 Kodak AiO Network Discovery Service - ok

09:29:39.0115 4564 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys

09:29:39.0146 4564 KSecDD - ok

09:29:39.0162 4564 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

09:29:39.0162 4564 ksthunk - ok

09:29:39.0224 4564 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll

09:29:39.0256 4564 KtmRm - ok

09:29:39.0302 4564 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll

09:29:39.0334 4564 LanmanServer - ok

09:29:39.0380 4564 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll

09:29:39.0396 4564 LanmanWorkstation - ok

09:29:39.0427 4564 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

09:29:39.0427 4564 lltdio - ok

09:29:39.0521 4564 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll

09:29:39.0536 4564 lltdsvc - ok

09:29:39.0583 4564 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll

09:29:39.0583 4564 lmhosts - ok

09:29:39.0614 4564 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

09:29:39.0630 4564 LSI_FC - ok

09:29:39.0677 4564 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

09:29:39.0677 4564 LSI_SAS - ok

09:29:39.0724 4564 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

09:29:39.0739 4564 LSI_SCSI - ok

09:29:39.0770 4564 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

09:29:39.0786 4564 luafv - ok

09:29:39.0817 4564 massfilter (23488767cb18fc3ff39e3af1db3fb02c) C:\Windows\system32\drivers\massfilter.sys

09:29:39.0817 4564 massfilter - ok

09:29:39.0880 4564 mbamchameleon (08aa34bc5f95f4fdd58dd7528a9c63cc) C:\Windows\system32\drivers\mbamchameleon.sys

09:29:39.0880 4564 mbamchameleon - ok

09:29:39.0942 4564 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

09:29:39.0942 4564 MBAMProtector - ok

09:29:40.0082 4564 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

09:29:40.0082 4564 MBAMService - ok

09:29:40.0176 4564 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

09:29:40.0176 4564 McciCMService - ok

09:29:40.0207 4564 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll

09:29:40.0223 4564 Mcx2Svc - ok

09:29:40.0270 4564 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

09:29:40.0270 4564 megasas - ok

09:29:40.0332 4564 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

09:29:40.0348 4564 MegaSR - ok

09:29:40.0394 4564 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

09:29:40.0410 4564 MMCSS - ok

09:29:40.0426 4564 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

09:29:40.0426 4564 Modem - ok

09:29:40.0457 4564 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

09:29:40.0457 4564 monitor - ok

09:29:40.0472 4564 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

09:29:40.0472 4564 mouclass - ok

09:29:40.0488 4564 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

09:29:40.0488 4564 mouhid - ok

09:29:40.0519 4564 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

09:29:40.0519 4564 MountMgr - ok

09:29:40.0582 4564 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

09:29:40.0582 4564 MozillaMaintenance - ok

09:29:40.0628 4564 mpio (cbb01a298cb24d250017cea54884bba8) C:\Windows\system32\drivers\mpio.sys

09:29:40.0628 4564 mpio - ok

09:29:40.0660 4564 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

09:29:40.0675 4564 mpsdrv - ok

09:29:40.0769 4564 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll

09:29:40.0800 4564 MpsSvc - ok

09:29:40.0816 4564 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

09:29:40.0816 4564 Mraid35x - ok

09:29:40.0847 4564 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

09:29:40.0878 4564 MRxDAV - ok

09:29:40.0956 4564 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

09:29:40.0956 4564 mrxsmb - ok

09:29:41.0034 4564 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys

09:29:41.0034 4564 mrxsmb10 - ok

09:29:41.0065 4564 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

09:29:41.0081 4564 mrxsmb20 - ok

09:29:41.0096 4564 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys

09:29:41.0096 4564 msahci - ok

09:29:41.0128 4564 msdsm (0db324146494d45417905b7009858937) C:\Windows\system32\drivers\msdsm.sys

09:29:41.0143 4564 msdsm - ok

09:29:41.0190 4564 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe

09:29:41.0206 4564 MSDTC - ok

09:29:41.0252 4564 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

09:29:41.0252 4564 Msfs - ok

09:29:41.0268 4564 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

09:29:41.0268 4564 msisadrv - ok

09:29:41.0315 4564 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll

09:29:41.0330 4564 MSiSCSI - ok

09:29:41.0330 4564 msiserver - ok

09:29:41.0362 4564 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

09:29:41.0362 4564 MSKSSRV - ok

09:29:41.0393 4564 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

09:29:41.0393 4564 MSPCLOCK - ok

09:29:41.0408 4564 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

09:29:41.0424 4564 MSPQM - ok

09:29:41.0486 4564 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

09:29:41.0502 4564 MsRPC - ok

09:29:41.0518 4564 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

09:29:41.0518 4564 mssmbios - ok

09:29:41.0533 4564 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

09:29:41.0549 4564 MSTEE - ok

09:29:41.0564 4564 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

09:29:41.0564 4564 Mup - ok

09:29:41.0611 4564 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll

09:29:41.0642 4564 napagent - ok

09:29:41.0689 4564 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

09:29:41.0705 4564 NativeWifiP - ok

09:29:41.0814 4564 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

09:29:41.0830 4564 NDIS - ok

09:29:41.0861 4564 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

09:29:41.0861 4564 NdisTapi - ok

09:29:41.0892 4564 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

09:29:41.0892 4564 Ndisuio - ok

09:29:41.0923 4564 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

09:29:41.0954 4564 NdisWan - ok

09:29:41.0970 4564 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

09:29:41.0970 4564 NDProxy - ok

09:29:42.0001 4564 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

09:29:42.0001 4564 NetBIOS - ok

09:29:42.0048 4564 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

09:29:42.0064 4564 netbt - ok

09:29:42.0095 4564 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

09:29:42.0095 4564 Netlogon - ok

09:29:42.0173 4564 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll

09:29:42.0188 4564 Netman - ok

09:29:42.0251 4564 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll

09:29:42.0266 4564 netprofm - ok

09:29:42.0344 4564 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

09:29:42.0360 4564 NetTcpPortSharing - ok

09:29:42.0750 4564 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys

09:29:42.0844 4564 NETw3v64 - ok

09:29:43.0000 4564 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

09:29:43.0000 4564 nfrd960 - ok

09:29:43.0062 4564 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll

09:29:43.0078 4564 NlaSvc - ok

09:29:43.0140 4564 nmwcd (5fe6f8c05f0769bbb74afac11453b182) C:\Windows\system32\drivers\ccdcmbx64.sys

09:29:43.0140 4564 nmwcd - ok

09:29:43.0171 4564 nmwcdc (73c929945c0850b8d1fe2fea05fdf05d) C:\Windows\system32\drivers\ccdcmbox64.sys

09:29:43.0171 4564 nmwcdc - ok

09:29:43.0202 4564 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

09:29:43.0202 4564 Npfs - ok

09:29:43.0234 4564 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll

09:29:43.0234 4564 nsi - ok

09:29:43.0280 4564 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

09:29:43.0296 4564 nsiproxy - ok

09:29:43.0483 4564 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

09:29:43.0530 4564 Ntfs - ok

09:29:43.0655 4564 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

09:29:43.0655 4564 Null - ok

09:29:43.0702 4564 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

09:29:43.0702 4564 nvraid - ok

09:29:43.0733 4564 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

09:29:43.0733 4564 nvstor - ok

09:29:43.0764 4564 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

09:29:43.0780 4564 nv_agp - ok

09:29:43.0795 4564 NwlnkFlt - ok

09:29:43.0795 4564 NwlnkFwd - ok

09:29:43.0842 4564 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys

09:29:43.0842 4564 ohci1394 - ok

09:29:43.0998 4564 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

09:29:44.0029 4564 p2pimsvc - ok

09:29:44.0045 4564 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

09:29:44.0060 4564 p2psvc - ok

09:29:44.0092 4564 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

09:29:44.0107 4564 Parport - ok

09:29:44.0170 4564 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys

09:29:44.0185 4564 partmgr - ok

09:29:44.0201 4564 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll

09:29:44.0216 4564 PcaSvc - ok

09:29:44.0263 4564 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys

09:29:44.0263 4564 pccsmcfd - ok

09:29:44.0310 4564 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

09:29:44.0310 4564 pci - ok

09:29:44.0341 4564 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys

09:29:44.0341 4564 pciide - ok

09:29:44.0388 4564 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

09:29:44.0404 4564 pcmcia - ok

09:29:44.0497 4564 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

09:29:44.0528 4564 PEAUTH - ok

09:29:44.0638 4564 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe

09:29:44.0653 4564 PerfHost - ok

09:29:44.0856 4564 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll

09:29:44.0918 4564 pla - ok

09:29:44.0981 4564 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll

09:29:44.0996 4564 PlugPlay - ok

09:29:45.0121 4564 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

09:29:45.0137 4564 PNRPAutoReg - ok

09:29:45.0168 4564 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

09:29:45.0184 4564 PNRPsvc - ok

09:29:45.0262 4564 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll

09:29:45.0277 4564 PolicyAgent - ok

09:29:45.0355 4564 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

09:29:45.0371 4564 PptpMiniport - ok

09:29:45.0402 4564 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

09:29:45.0402 4564 Processor - ok

09:29:45.0480 4564 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll

09:29:45.0496 4564 ProfSvc - ok

09:29:45.0527 4564 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

09:29:45.0527 4564 ProtectedStorage - ok

09:29:45.0558 4564 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

09:29:45.0574 4564 PSched - ok

09:29:45.0589 4564 pwdrvio (41ad0fcf47275a9bc70fa1b56bfd3e23) C:\Windows\system32\pwdrvio.sys

09:29:45.0605 4564 pwdrvio - ok

09:29:45.0652 4564 pwdspio (19cf17076f2524af6746b528584aa3c9) C:\Windows\system32\pwdspio.sys

09:29:45.0652 4564 pwdspio - ok

09:29:45.0698 4564 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

09:29:45.0698 4564 PxHlpa64 - ok

09:29:45.0854 4564 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

09:29:45.0886 4564 ql2300 - ok

09:29:45.0948 4564 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

09:29:45.0995 4564 ql40xx - ok

09:29:46.0042 4564 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll

09:29:46.0073 4564 QWAVE - ok

09:29:46.0088 4564 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

09:29:46.0104 4564 QWAVEdrv - ok

09:29:46.0120 4564 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

09:29:46.0120 4564 RasAcd - ok

09:29:46.0135 4564 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll

09:29:46.0151 4564 RasAuto - ok

09:29:46.0182 4564 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

09:29:46.0198 4564 Rasl2tp - ok

09:29:46.0260 4564 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll

09:29:46.0276 4564 RasMan - ok

09:29:46.0291 4564 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

09:29:46.0291 4564 RasPppoe - ok

09:29:46.0307 4564 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

09:29:46.0322 4564 RasSstp - ok

09:29:46.0354 4564 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

09:29:46.0369 4564 rdbss - ok

09:29:46.0400 4564 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

09:29:46.0400 4564 RDPCDD - ok

09:29:46.0478 4564 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\drivers\rdpdr.sys

09:29:46.0494 4564 rdpdr - ok

09:29:46.0510 4564 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

09:29:46.0510 4564 RDPENCDD - ok

09:29:46.0603 4564 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys

09:29:46.0619 4564 RDPWD - ok

09:29:46.0650 4564 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll

09:29:46.0666 4564 RemoteAccess - ok

09:29:46.0697 4564 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll

09:29:46.0712 4564 RemoteRegistry - ok

09:29:46.0759 4564 rismxdp (2a43f9e6dbde12bc0c104785c3b3f5df) C:\Windows\system32\DRIVERS\rixdpx64.sys

09:29:46.0759 4564 rismxdp - ok

09:29:46.0775 4564 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe

09:29:46.0790 4564 RpcLocator - ok

09:29:46.0884 4564 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

09:29:46.0900 4564 RpcSs - ok

09:29:46.0946 4564 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

09:29:46.0962 4564 rspndr - ok

09:29:46.0993 4564 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

09:29:46.0993 4564 SamSs - ok

09:29:47.0040 4564 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

09:29:47.0040 4564 sbp2port - ok

09:29:47.0087 4564 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll

09:29:47.0102 4564 SCardSvr - ok

09:29:47.0243 4564 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll

09:29:47.0274 4564 Schedule - ok

09:29:47.0321 4564 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

09:29:47.0321 4564 SCPolicySvc - ok

09:29:47.0352 4564 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys

09:29:47.0368 4564 sdbus - ok

09:29:47.0399 4564 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll

09:29:47.0414 4564 SDRSVC - ok

09:29:47.0446 4564 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

09:29:47.0446 4564 secdrv - ok

09:29:47.0461 4564 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll

09:29:47.0492 4564 seclogon - ok

09:29:47.0524 4564 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll

09:29:47.0524 4564 SENS - ok

09:29:47.0555 4564 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

09:29:47.0570 4564 Serenum - ok

09:29:47.0586 4564 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

09:29:47.0602 4564 Serial - ok

09:29:47.0633 4564 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

09:29:47.0633 4564 sermouse - ok

09:29:47.0820 4564 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

09:29:47.0836 4564 ServiceLayer - ok

09:29:47.0882 4564 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll

09:29:47.0898 4564 SessionEnv - ok

09:29:47.0914 4564 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys

09:29:47.0914 4564 sffdisk - ok

09:29:47.0945 4564 sffp_mmc (dbbd3fd8af718966af768a754e07e8c0) C:\Windows\system32\drivers\sffp_mmc.sys

09:29:47.0945 4564 sffp_mmc - ok

09:29:47.0976 4564 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys

09:29:47.0976 4564 sffp_sd - ok

09:29:47.0992 4564 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

09:29:47.0992 4564 sfloppy - ok

09:29:48.0085 4564 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll

09:29:48.0116 4564 SharedAccess - ok

09:29:48.0226 4564 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll

09:29:48.0241 4564 ShellHWDetection - ok

09:29:48.0288 4564 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

09:29:48.0304 4564 SiSRaid2 - ok

09:29:48.0319 4564 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

09:29:48.0350 4564 SiSRaid4 - ok

09:29:48.0444 4564 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe

09:29:48.0460 4564 SkypeUpdate - ok

09:29:48.0803 4564 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe

09:29:48.0881 4564 slsvc - ok

09:29:49.0084 4564 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll

09:29:49.0099 4564 SLUINotify - ok

09:29:49.0162 4564 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

09:29:49.0177 4564 Smb - ok

09:29:49.0240 4564 snapman (b84440e7554fc85e900eef0a7aaba228) C:\Windows\system32\DRIVERS\snapman.sys

09:29:49.0255 4564 snapman - ok

09:29:49.0271 4564 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe

09:29:49.0286 4564 SNMPTRAP - ok

09:29:49.0505 4564 SNP2UVC (ac4ef2990921fed4189d1ffdef7feaf1) C:\Windows\system32\DRIVERS\snp2uvc.sys

09:29:49.0552 4564 SNP2UVC - ok

09:29:49.0708 4564 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

09:29:49.0723 4564 spldr - ok

09:29:49.0770 4564 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe

09:29:49.0786 4564 Spooler - ok

09:29:49.0879 4564 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

09:29:49.0895 4564 srv - ok

09:29:49.0942 4564 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

09:29:49.0973 4564 srv2 - ok

09:29:50.0020 4564 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

09:29:50.0035 4564 srvnet - ok

09:29:50.0113 4564 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll

09:29:50.0129 4564 SSDPSRV - ok

09:29:50.0160 4564 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll

09:29:50.0176 4564 SstpSvc - ok

09:29:50.0269 4564 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll

09:29:50.0300 4564 stisvc - ok

09:29:50.0316 4564 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

09:29:50.0332 4564 swenum - ok

09:29:50.0394 4564 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll

09:29:50.0425 4564 swprv - ok

09:29:50.0456 4564 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

09:29:50.0456 4564 Symc8xx - ok

09:29:50.0488 4564 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

09:29:50.0488 4564 Sym_hi - ok

09:29:50.0503 4564 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

09:29:50.0519 4564 Sym_u3 - ok

09:29:50.0628 4564 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll

09:29:50.0675 4564 SysMain - ok

09:29:50.0690 4564 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll

09:29:50.0706 4564 TabletInputService - ok

09:29:50.0753 4564 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys

09:29:50.0753 4564 taphss - ok

09:29:50.0800 4564 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll

09:29:50.0831 4564 TapiSrv - ok

09:29:50.0878 4564 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll

09:29:50.0893 4564 TBS - ok

09:29:51.0096 4564 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys

09:29:51.0158 4564 Tcpip - ok

09:29:51.0190 4564 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys

09:29:51.0205 4564 Tcpip6 - ok

09:29:51.0252 4564 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

09:29:51.0252 4564 tcpipreg - ok

09:29:51.0283 4564 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

09:29:51.0283 4564 TDPIPE - ok

09:29:51.0314 4564 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

09:29:51.0314 4564 TDTCP - ok

09:29:51.0361 4564 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

09:29:51.0377 4564 tdx - ok

09:29:51.0392 4564 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

09:29:51.0392 4564 TermDD - ok

09:29:51.0470 4564 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll

09:29:51.0502 4564 TermService - ok

09:29:51.0580 4564 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll

09:29:51.0595 4564 Themes - ok

09:29:51.0642 4564 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

09:29:51.0642 4564 THREADORDER - ok

09:29:51.0689 4564 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll

09:29:51.0704 4564 TrkWks - ok

09:29:51.0767 4564 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe

09:29:51.0767 4564 TrustedInstaller - ok

09:29:51.0798 4564 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

09:29:51.0798 4564 tssecsrv - ok

09:29:51.0845 4564 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

09:29:51.0845 4564 tunmp - ok

09:29:51.0876 4564 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

09:29:51.0876 4564 tunnel - ok

09:29:52.0094 4564 TVersityMediaServer (06bccb3bf0d06adccc4ebc8ef682dd59) C:\ProgramData\TVersity\Media Server\MediaServer.exe

09:29:52.0110 4564 TVersityMediaServer - ok

09:29:52.0141 4564 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

09:29:52.0141 4564 uagp35 - ok

09:29:52.0204 4564 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

09:29:52.0219 4564 udfs - ok

09:29:52.0266 4564 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe

09:29:52.0282 4564 UI0Detect - ok

09:29:52.0313 4564 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

09:29:52.0328 4564 uliagpkx - ok

09:29:52.0375 4564 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

09:29:52.0391 4564 uliahci - ok

09:29:52.0422 4564 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

09:29:52.0438 4564 UlSata - ok

09:29:52.0469 4564 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

09:29:52.0500 4564 ulsata2 - ok

09:29:52.0516 4564 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

09:29:52.0531 4564 umbus - ok

09:29:52.0578 4564 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll

09:29:52.0609 4564 upnphost - ok

09:29:52.0640 4564 upperdev (34afb83c7bba370e404e52cc2290350c) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys

09:29:52.0640 4564 upperdev - ok

09:29:52.0718 4564 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

09:29:52.0718 4564 USBAAPL64 - ok

09:29:52.0765 4564 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

09:29:52.0781 4564 usbccgp - ok

09:29:52.0812 4564 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

09:29:52.0828 4564 usbcir - ok

09:29:52.0859 4564 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

09:29:52.0859 4564 usbehci - ok

09:29:52.0906 4564 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

09:29:52.0937 4564 usbhub - ok

09:29:52.0952 4564 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

09:29:52.0952 4564 usbohci - ok

09:29:52.0984 4564 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

09:29:52.0999 4564 usbprint - ok

09:29:53.0030 4564 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

09:29:53.0030 4564 usbscan - ok

09:29:53.0062 4564 usbser (f7386007fb19e7685fc7b298560aa81f) C:\Windows\system32\drivers\usbser.sys

09:29:53.0062 4564 usbser - ok

09:29:53.0093 4564 UsbserFilt (aa75e1efbee7186b4cbaaacf1f15e6ca) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys

09:29:53.0108 4564 UsbserFilt - ok

09:29:53.0140 4564 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

09:29:53.0155 4564 USBSTOR - ok

09:29:53.0171 4564 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

09:29:53.0171 4564 usbuhci - ok

09:29:53.0233 4564 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys

09:29:53.0249 4564 usbvideo - ok

09:29:53.0296 4564 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll

09:29:53.0311 4564 UxSms - ok

09:29:53.0389 4564 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe

09:29:53.0420 4564 vds - ok

09:29:53.0436 4564 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

09:29:53.0436 4564 vga - ok

09:29:53.0467 4564 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

09:29:53.0467 4564 VgaSave - ok

09:29:53.0498 4564 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

09:29:53.0498 4564 viaide - ok

09:29:53.0561 4564 VideoAcceleratorService - ok

09:29:53.0576 4564 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

09:29:53.0576 4564 volmgr - ok

09:29:53.0639 4564 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

09:29:53.0670 4564 volmgrx - ok

09:29:53.0717 4564 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

09:29:53.0717 4564 volsnap - ok

09:29:53.0764 4564 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

09:29:53.0764 4564 vsmraid - ok

09:29:53.0951 4564 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe

09:29:53.0998 4564 VSS - ok

09:29:54.0060 4564 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll

09:29:54.0107 4564 W32Time - ok

09:29:54.0169 4564 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

09:29:54.0169 4564 WacomPen - ok

09:29:54.0200 4564 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

09:29:54.0216 4564 Wanarp - ok

09:29:54.0232 4564 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

09:29:54.0232 4564 Wanarpv6 - ok

09:29:54.0310 4564 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll

09:29:54.0341 4564 wcncsvc - ok

09:29:54.0372 4564 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll

09:29:54.0388 4564 WcsPlugInService - ok

09:29:54.0419 4564 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

09:29:54.0419 4564 Wd - ok

09:29:54.0466 4564 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys

09:29:54.0481 4564 WDC_SAM - ok

09:29:54.0590 4564 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

09:29:54.0606 4564 Wdf01000 - ok

09:29:54.0637 4564 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

09:29:54.0653 4564 WdiServiceHost - ok

09:29:54.0668 4564 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

09:29:54.0684 4564 WdiSystemHost - ok

09:29:54.0731 4564 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll

09:29:54.0746 4564 WebClient - ok

09:29:54.0824 4564 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll

09:29:54.0840 4564 Wecsvc - ok

09:29:54.0871 4564 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll

09:29:54.0887 4564 wercplsupport - ok

09:29:54.0902 4564 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll

09:29:54.0918 4564 WerSvc - ok

09:29:55.0027 4564 winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

09:29:55.0043 4564 winachsf - ok

09:29:55.0105 4564 winbondcir (54d68b92dc59fbba95919c804a7c3e07) C:\Windows\system32\DRIVERS\winbondcir.sys

09:29:55.0121 4564 winbondcir - ok

09:29:55.0168 4564 WinDefend - ok

09:29:55.0183 4564 WinHttpAutoProxySvc - ok

09:29:55.0277 4564 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll

09:29:55.0292 4564 Winmgmt - ok

09:29:55.0573 4564 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll

09:29:55.0651 4564 WinRM - ok

09:29:55.0901 4564 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll

09:29:55.0932 4564 Wlansvc - ok

09:29:56.0010 4564 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

09:29:56.0010 4564 wlcrasvc - ok

09:29:56.0306 4564 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

09:29:56.0338 4564 wlidsvc - ok

09:29:56.0431 4564 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys

09:29:56.0431 4564 WmiAcpi - ok

09:29:56.0525 4564 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe

09:29:56.0540 4564 wmiApSrv - ok

09:29:56.0587 4564 WMPNetworkSvc - ok

09:29:56.0650 4564 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll

09:29:56.0665 4564 WPCSvc - ok

09:29:56.0712 4564 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll

09:29:56.0728 4564 WPDBusEnum - ok

09:29:56.0806 4564 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys

09:29:56.0806 4564 WpdUsb - ok

09:29:57.0040 4564 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

09:29:57.0118 4564 WPFFontCache_v0400 - ok

09:29:57.0164 4564 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

09:29:57.0164 4564 ws2ifsl - ok

09:29:57.0196 4564 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll

09:29:57.0211 4564 wscsvc - ok

09:29:57.0227 4564 WSearch - ok

09:29:57.0539 4564 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

09:29:57.0617 4564 wuauserv - ok

09:29:57.0757 4564 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

09:29:57.0773 4564 WudfPf - ok

09:29:57.0820 4564 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

09:29:57.0851 4564 WUDFRd - ok

09:29:57.0882 4564 wudfsvc (3dcc7bf5afa921b479e622bd999121f3) C:\Windows\System32\WUDFSvc.dll

09:29:57.0898 4564 wudfsvc - ok

09:29:57.0976 4564 ZTEusbmdm6k (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys

09:29:57.0991 4564 ZTEusbmdm6k - ok

09:29:58.0007 4564 ZTEusbnmea (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys

09:29:58.0022 4564 ZTEusbnmea - ok

09:29:58.0054 4564 ZTEusbser6k (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys

09:29:58.0100 4564 ZTEusbser6k - ok

09:29:58.0132 4564 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

09:29:58.0506 4564 \Device\Harddisk0\DR0 - ok

09:29:58.0522 4564 Boot (0x1200) (7f113e94e8cb47f517de92ca4d79ed6e) \Device\Harddisk0\DR0\Partition0

09:29:58.0522 4564 \Device\Harddisk0\DR0\Partition0 - ok

09:29:58.0522 4564 ============================================================

09:29:58.0522 4564 Scan finished

09:29:58.0522 4564 ============================================================

09:29:58.0537 4420 Detected object count: 0

09:29:58.0537 4420 Actual detected object count: 0

09:33:00.0901 4716 Deinitialize success

Share this post


Link to post
Share on other sites

Results of screen317's Security Check version 0.99.42

Windows Vista Service Pack 2 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.61.0.1400

Java 6 Update 22

Java 6 Update 31

Java version out of Date!

Adobe Flash Player 11.3.300.262

Adobe Reader X (10.1.3)

Mozilla Firefox (13.0.1)

Google Chrome 19.0.1084.52

Google Chrome 19.0.1084.56

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1 %

````````````````````End of Log``````````````````````

Share this post


Link to post
Share on other sites

The TDSSKILLER run shows nothing detected. Which is a good start.

These steps are for Quinny only. If you are a casual viewer, do NOT try this on your system!

If you are not Quinny and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to any other system :excl:

1

Your logs showed some peer-to-peer filesharing apps: Azureus I do not recommend the use of P-2-P programs since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

De-install Azureus & any other peer-to-peer app via Programs and Features, AND confirm for me that you have done that.

These type apps will cause re-infection, and should I see you still have those, I will cease helping you.

2

What anti-virus application was installed before you installed AVAST, was your subscription still current, and did you uninstall it before you installed AVAST?

Did you install a Norton application on June 23rd or therabouts?

Did a Norton free-trial or a McAfee free-trial come preinstalled on the computer when you bought it? (Doesn't matter if you never used or Activated it.)

Incomplete de-installs of antivirus programs lead to conflicts and dealocks. It is important you reply to my questions.

3

This pc has a "AF-HHS" toolbar from Conduit. It is reputed to have "trackware" capability. I would suggest you de-install it via Programs and Features.

4

This pc also has the Searchqu toolbar (or remnants) which need removing.

We Need to Run a Batch Script

  1. Press the Windows-key on keyboard.
  2. In the 10-16-2011%204-33-46%20PM.png box, type notepad and press Enter.
  3. Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
    reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar /v !{99079a25-328f-4bd4-be04-00955acaa0a7} /f
    rd /s /q C:\Program Files (x86)\Windows Searchqu Toolbar
    del /f /q "%~f0"


  4. Select File -> Save AS.
  5. Press the Desktop button on the left side of the save dialog.
  6. In the 10-16-2011%204-37-58%20PM.png box, type in Fix.bat.
  7. Press 10-16-2011%204-36-39%20PM.png.
  8. Close Notepad.
  9. Right click 10-16-2011%204-34-34%20PM.png on your desktop, and choose 10-16-2011%204-40-48%20PM.png.
  10. Press Yes if prompted by User Account Control.

Java runtime

javaicon.gifYour Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of >> Windows Offline << from here and save it to your desktop.
  • Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u5-windows-i586.exe to install the newest version.
    ( jre-7u5-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: Java 7 Update 5 from Sun Microsystems Inc.

Confirmation, answers, and new RSIT run

CONFIRM that all peer-to-peer apps are removed.

Answer my questions (from above).

Right Click on RSIT and select Run as Administrator. Run it, and Copy & Paste the new LOG.txt + Info.txt for review.

Share this post


Link to post
Share on other sites

Hi Maurice,Thanks for your help.The laptop is my brother-in-laws and it's aprox 4yrs old.

Before my first post i uninstalled Vuze i just had a look for Azureus on add and remove but can't see it.

I did find a folder called Azureus which i deleted,i can't find anything Azureus in program files either.

I think in the past he's had Norton and Macafee installed.Should i run removel tools for these antiviruses?

Share this post


Link to post
Share on other sites

Logfile of random's system information tool 1.09 (written by random/random)

Run by Wools at 2012-06-29 20:25:33

Microsoft® Windows Vista™ Home Premium Service Pack 2

System drive C: has 71 GB (32%) free of 224 GB

Total RAM: 4093 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:25:36, on 29/06/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16446)

Boot mode: Normal

Running processes:

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Users\Wools\Desktop\RSIT.exe

C:\Program Files (x86)\trend micro\Wools.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=5ac17d93000000000000001f3c2b07eb&tlver=1.4.19.19&affID=17162

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

R3 - URLSearchHook: (no name) - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - (no file)

R3 - URLSearchHook: (no name) - {90eee664-34b1-422a-a782-779af65cdf6d} - (no file)

R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

R3 - URLSearchHook: (no name) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02464DDC-3187-11D8-8004-0020ED227566} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - (no file)

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: (no name) - !{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll

O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~1\sblsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: C:\PROGRA~2\WI9130~1\Datamngr\datamngr.dll C:\PROGRA~2\WI9130~1\Datamngr\IEBHO.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe

O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: BecHelperService - Unknown owner - C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - C:\ProgramData\TVersity\Media Server\MediaServer.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11638 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

C:\Windows\tasks\FreeFileViewerUpdateChecker.job

C:\Windows\tasks\GlaryInitialize.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3560542134-3112040110-2959616142-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3560542134-3112040110-2959616142-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Wools\AppData\Roaming\Mozilla\Firefox\Profiles\m54eyri2.default

prefs.js - "browser.startup.homepage" - "google.com"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

"fe_9.0@nokia.com"=C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0

"{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.3.300.262 Plugin

"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]

"Description"=DivX Plus Web Player

"Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]

"Description"=DivX VOD Helper Plug-in

"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.0]

"Description"=

"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]

"Description"=WLPG Install MIME type

"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]

"Description"=Windows Presentation Foundation plug-in for Mozilla browsers

"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53]

"Description"=RealPlayer LiveConnect-Enabled Plug-In

"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53]

"Description"=RealJukebox Netscape Plugin

"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53]

"Description"=RealNetworks RealPlayer Chrome Background Extension Plug-In

"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53]

"Description"=RealPlayer HTML5VideoShim Plug-In

"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53]

"Description"=RealPlayer Download Plugin

"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\

nppdf32.dll

nppl3260.dll

nppl3260.xpt

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

npqtplugin6.dll

npqtplugin7.dll

nprjplug.dll

nprpplugin.dll

QuickTimePlugin.class

C:\Program Files (x86)\Mozilla Firefox\searchplugins\

amazondotcom.xml

babylon.xml

bing.xml

eBay.xml

google.xml

Search_Results.xml

twitter.xml

wikipedia.xml

yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02464DDC-3187-11D8-8004-0020ED227566}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-05-30 425680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]

DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-06-29 453104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]

Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-06-29 157680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-03-07 1003704]

!{99079a25-328f-4bd4-be04-00955acaa0a7}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]

"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]

"Conime"=C:\Windows\system32\conime.exe [2009-04-11 69120]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

C:\Users\Wools\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\PROGRA~2\WI9130~1\Datamngr\datamngr.dll C:\PROGRA~2\WI9130~1\Datamngr\IEBHO.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutorun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm

"vidc.cvid"=iccvid.dll

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"VIDC.SCLS"=SCLS.dll

"VIDC.FFDS"=ff_vfw.dll

"vidc.yv12"=DivX.dll

"msacm.siren"=sirenacm.dll

"vidc.DIVX"=DivX.dll

======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1

.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-06-29 20:21:57 ----D---- C:\Program Files (x86)\Common Files\Java

2012-06-29 20:20:10 ----A---- C:\Windows\SysWOW64\javaws.exe

2012-06-29 20:19:57 ----A---- C:\Windows\SysWOW64\javaw.exe

2012-06-29 20:19:57 ----A---- C:\Windows\SysWOW64\java.exe

2012-06-29 10:23:11 ----D---- C:\Program Files (x86)\Oracle

2012-06-29 10:22:47 ----A---- C:\Windows\SysWOW64\npDeployJava1.dll

2012-06-29 09:28:56 ----A---- C:\TDSSKiller.2.7.42.0_29.06.2012_09.28.56_log.txt

2012-06-28 21:00:16 ----D---- C:\rsit

2012-06-28 21:00:16 ----D---- C:\Program Files (x86)\trend micro

2012-06-28 20:42:54 ----D---- C:\Windows\ERDNT

2012-06-28 20:41:06 ----D---- C:\Program Files (x86)\ERUNT

2012-06-28 18:34:24 ----D---- C:\Users\Wools\AppData\Roaming\Windows Live Writer

2012-06-27 20:20:29 ----D---- C:\Users\Wools\AppData\Roaming\dvdcss

2012-06-24 08:54:43 ----A---- C:\Windows\SysWOW64\wups.dll

2012-06-24 08:54:43 ----A---- C:\Windows\SysWOW64\wudriver.dll

2012-06-24 08:54:43 ----A---- C:\Windows\SysWOW64\wuapi.dll

2012-06-24 08:54:30 ----A---- C:\Windows\SysWOW64\wuwebv.dll

2012-06-24 08:54:30 ----A---- C:\Windows\SysWOW64\wuapp.exe

2012-06-22 18:22:26 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service

2012-06-22 17:47:35 ----D---- C:\Users\Wools\AppData\Roaming\Malwarebytes

2012-06-22 17:47:26 ----D---- C:\ProgramData\Malwarebytes

2012-06-22 17:47:25 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-22 15:51:19 ----SD---- C:\Windows\SysWOW64\Microsoft

2012-06-20 14:54:35 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-06-20 09:13:03 ----D---- C:\ProgramData\Mozilla

2012-06-16 19:50:27 ----D---- C:\Program Files (x86)\iTunes

2012-06-13 22:06:02 ----A---- C:\Windows\SysWOW64\url.dll

2012-06-13 22:06:02 ----A---- C:\Windows\SysWOW64\mshtmled.dll

2012-06-13 22:06:01 ----A---- C:\Windows\SysWOW64\urlmon.dll

2012-06-13 22:06:01 ----A---- C:\Windows\SysWOW64\iertutil.dll

2012-06-13 22:06:00 ----A---- C:\Windows\SysWOW64\ieui.dll

2012-06-13 22:05:59 ----A---- C:\Windows\SysWOW64\ieUnatt.exe

2012-06-13 22:05:58 ----A---- C:\Windows\SysWOW64\wininet.dll

2012-06-13 22:05:57 ----A---- C:\Windows\SysWOW64\jsproxy.dll

2012-06-13 22:05:57 ----A---- C:\Windows\SysWOW64\jscript9.dll

2012-06-13 22:05:57 ----A---- C:\Windows\SysWOW64\jscript.dll

2012-06-13 22:05:56 ----A---- C:\Windows\SysWOW64\mshtml.dll

2012-06-13 22:05:53 ----A---- C:\Windows\SysWOW64\ieframe.dll

2012-06-13 21:13:28 ----A---- C:\Windows\SysWOW64\cryptsvc.dll

2012-06-13 21:13:28 ----A---- C:\Windows\SysWOW64\cryptnet.dll

2012-06-13 21:13:28 ----A---- C:\Windows\SysWOW64\crypt32.dll

2012-06-10 19:25:33 ----D---- C:\Program Files (x86)\Dropbox

2012-05-30 19:35:02 ----D---- C:\Program Files (x86)\Common Files\xing shared

======List of files/folders modified in the last 1 month======

2012-06-29 20:25:37 ----D---- C:\Windows\Prefetch

2012-06-29 20:25:32 ----D---- C:\Windows\Temp

2012-06-29 20:21:57 ----SHD---- C:\Windows\Installer

2012-06-29 20:21:57 ----D---- C:\Program Files (x86)\Common Files

2012-06-29 20:20:10 ----D---- C:\Windows\SysWOW64

2012-06-29 20:19:23 ----A---- C:\Windows\SysWOW64\deployJava1.dll

2012-06-29 20:19:20 ----D---- C:\Program Files (x86)\Java

2012-06-29 20:19:16 ----SHD---- C:\System Volume Information

2012-06-29 20:10:15 ----D---- C:\Windows\System32

2012-06-29 20:09:29 ----RD---- C:\Program Files

2012-06-29 20:09:24 ----D---- C:\Windows\inf

2012-06-29 20:03:19 ----D---- C:\ProgramData\Kodak

2012-06-29 20:02:26 ----RD---- C:\Program Files (x86)

2012-06-28 23:43:31 ----SD---- C:\Users\Wools\AppData\Roaming\Microsoft

2012-06-28 20:42:54 ----D---- C:\Windows

2012-06-28 18:02:18 ----D---- C:\Program Files (x86)\Vuze

2012-06-28 17:37:32 ----D---- C:\Users\Wools\AppData\Roaming\Dropbox

2012-06-27 20:46:46 ----D---- C:\Users\Wools\AppData\Roaming\Azureus

2012-06-27 20:44:04 ----D---- C:\Windows\Debug

2012-06-27 20:20:46 ----D---- C:\Users\Wools\AppData\Roaming\vlc

2012-06-26 18:24:40 ----D---- C:\Windows\rescache

2012-06-26 07:18:16 ----D---- C:\Windows\SysWOW64\en-US

2012-06-25 22:25:22 ----D---- C:\Windows\winsxs

2012-06-23 16:12:39 ----D---- C:\Program Files (x86)\Windows Searchqu Toolbar

2012-06-23 15:36:30 ----D---- C:\ProgramData\Norton

2012-06-22 18:22:24 ----D---- C:\Program Files (x86)\Mozilla Firefox

2012-06-22 17:47:26 ----HD---- C:\ProgramData

2012-06-22 15:53:02 ----D---- C:\Windows\Tasks

2012-06-22 15:16:24 ----D---- C:\Users\Wools\AppData\Roaming\Skype

2012-06-22 15:16:17 ----D---- C:\Windows\ModemLogs

2012-06-22 15:16:16 ----D---- C:\Windows\Logs

2012-06-16 19:50:28 ----D---- C:\Program Files (x86)\Common Files\Apple

2012-06-14 19:36:01 ----D---- C:\Windows\Microsoft.NET

2012-06-14 19:11:46 ----RSD---- C:\Windows\assembly

2012-06-13 22:45:14 ----D---- C:\Windows\SysWOW64\migration

2012-06-13 22:45:14 ----D---- C:\Program Files (x86)\Internet Explorer

2012-05-30 19:35:12 ----D---- C:\Program Files (x86)\Real

2012-05-30 19:34:47 ----A---- C:\Windows\SysWOW64\rmoc3260.dll

2012-05-30 19:34:26 ----A---- C:\Windows\SysWOW64\pndx5032.dll

2012-05-30 19:34:26 ----A---- C:\Windows\SysWOW64\pndx5016.dll

2012-05-30 19:34:22 ----A---- C:\Windows\SysWOW64\pncrt.dll

2012-05-30 19:34:11 ----A---- C:\Windows\SysWOW64\msvcr71.dll

2012-05-30 19:34:11 ----A---- C:\Windows\SysWOW64\msvcp71.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []

R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys []

R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys []

R1 archlp;archlp; C:\Windows\system32\drivers\archlp.sys []

R1 aswRdr;aswRdr; C:\Windows\SysWOW64\drivers\aswRdr.sys []

R1 aswSnx;aswSnx; C:\Windows\SysWOW64\drivers\aswSnx.sys []

R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []

R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []

R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []

R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []

R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []

R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdpx64.sys []

R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2010-12-01 125512]

R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []

R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys []

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []

R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []

R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV6.SYS []

R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL6.SYS []

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []

R3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETw3v64.sys []

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []

R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-06-12 1729152]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS []

R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys []

R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys []

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []

S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys []

S3 mbamchameleon;mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys []

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []

S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys []

S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys []

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []

S3 pwdrvio;pwdrvio; \??\C:\Windows\system32\pwdrvio.sys []

S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys []

S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys []

S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys []

S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []

S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []

S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys []

S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys []

S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys []

S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys []

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []

S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys []

S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys []

S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys []

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8; C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-05-24 55184]

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]

R2 BecHelperService;BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]

R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]

R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-11-22 358936]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service; C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]

R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

R2 McciCMService;McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [2011-03-23 319488]

R2 TVersityMediaServer;TVersity Media Server; C:\ProgramData\TVersity\Media Server\MediaServer.exe [2011-07-29 1249064]

R2 VideoAcceleratorService;VideoAcceleratorService; C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe [2012-03-20 313624]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]

S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-28 250056]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-02-17 867080]

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]

S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-06-07 936848]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]

S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]

S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]

S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

Share this post


Link to post
Share on other sites

ID: 14   Posted (edited)

.....

....

I think in the past he's had Norton and Macafee installed.Should i run removel tools for these antiviruses?

Download & SAVE the removal tools, and then, run each (one time)

Yes, Mcafee --> http://service.mcafe...033&id=TS100507 <<-- Do Steps 1 & 2 only & then reboot.

Norton / Symantec -- > http://service1.syma...005033108162039

Logoff and Restart fresh when all done.

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

Once you have finished the above, the.............do the following:

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Quinny only. If you are a casual viewer, do NOT try this on your system!

If you are not Quinny and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 1

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

When all done, Re-Enable your antivirus.

Reply with a copy of the C:\Combofix.txt log

Share this post


Link to post
Share on other sites

I run the Norton removel tool but can't find an option to run Mcaffe removel tool from your link.

Share this post


Link to post
Share on other sites

Managed to find Mcaffe removel tool from mod on Mcafee forum.Here's the combo fix logfile.

ComboFix 12-06-28.03 - Wools 29/06/2012 23:11:29.1.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4093.2718 [GMT 1:00]

Running from: c:\users\Wools\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Windows Searchqu Toolbar

c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe

c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll

c:\program files (x86)\Windows Searchqu Toolbar\Datamngr\x64\DnsBHO.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))

.

.

2012-06-29 22:29 . 2012-06-29 22:29 -------- d-----w- c:\users\Wools\AppData\Local\temp

2012-06-29 22:29 . 2012-06-29 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-29 19:21 . 2012-06-29 19:21 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-06-29 08:27 . 2012-06-29 08:27 33096 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-06-28 22:43 . 2012-06-28 22:43 -------- d-----w- c:\users\Wools\AppData\Local\Macromedia

2012-06-28 20:00 . 2012-06-29 19:25 -------- d-----w- c:\program files (x86)\trend micro

2012-06-28 20:00 . 2012-06-28 20:00 -------- d-----w- C:\rsit

2012-06-28 19:41 . 2012-06-28 19:41 -------- d-----w- c:\program files (x86)\ERUNT

2012-06-28 19:07 . 2012-06-28 19:07 -------- d-----w- c:\program files\Speccy

2012-06-28 17:34 . 2012-06-28 17:34 -------- d-----w- c:\users\Wools\AppData\Local\Windows Live Writer

2012-06-28 17:34 . 2012-06-28 17:34 -------- d-----w- c:\users\Wools\AppData\Roaming\Windows Live Writer

2012-06-27 19:20 . 2012-06-27 19:20 -------- d-----w- c:\users\Wools\AppData\Roaming\dvdcss

2012-06-24 07:55 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-24 07:55 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-24 07:55 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-24 07:55 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-24 07:54 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-24 07:54 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll

2012-06-24 07:54 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-24 07:54 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll

2012-06-24 07:54 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-24 07:54 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll

2012-06-24 07:54 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-24 07:54 . 2012-06-02 14:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll

2012-06-24 07:54 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-24 07:54 . 2012-06-02 14:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe

2012-06-22 16:47 . 2012-06-22 16:47 -------- d-----w- c:\users\Wools\AppData\Roaming\Malwarebytes

2012-06-22 16:47 . 2012-06-22 16:47 -------- d-----w- c:\programdata\Malwarebytes

2012-06-22 16:47 . 2012-06-22 16:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-22 16:47 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-22 14:51 . 2012-06-22 14:51 -------- d-s---w- c:\windows\SysWow64\Microsoft

2012-06-20 13:54 . 2012-06-28 22:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-16 18:50 . 2012-06-16 18:50 -------- d-----w- c:\program files\iPod

2012-06-16 18:50 . 2012-06-16 18:51 -------- d-----w- c:\program files\iTunes

2012-06-16 18:50 . 2012-06-16 18:51 -------- d-----w- c:\program files (x86)\iTunes

2012-06-13 21:05 . 2012-05-18 02:51 754808 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2012-06-13 20:13 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys

2012-06-13 20:13 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 20:13 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-13 20:13 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-13 20:13 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 20:13 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-13 20:13 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-13 20:13 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-10 18:25 . 2012-06-10 18:25 -------- d-----w- c:\program files (x86)\Dropbox

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-29 19:19 . 2011-01-12 15:56 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-06-28 22:43 . 2011-07-27 07:15 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-30 18:34 . 2011-11-25 15:40 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-05-30 18:34 . 2011-11-25 15:40 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2012-04-03 08:22 . 2012-05-09 16:48 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Wools\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Wools\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\users\Wools\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-12-12 2234288]

.

c:\users\Wools\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"NokiaMServer"=c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-28 250056]

S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 22:43]

.

2012-06-29 c:\windows\Tasks\FreeFileViewerUpdateChecker.job

- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-02-14 14:24]

.

2012-06-29 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Glary Utilities\initialize.exe [2011-01-10 14:13]

.

2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3560542134-3112040110-2959616142-1000Core.job

- c:\users\Wools\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 19:15]

.

2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3560542134-3112040110-2959616142-1000UA.job

- c:\users\Wools\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 19:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Wools\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Wools\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Wools\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 97792 ----a-w- c:\users\Wools\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.co.uk/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = local

LSP: c:\progra~2\SPEEDB~1\sblsp.dll

TCP: DhcpNameServer = 192.168.1.254

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Wools\AppData\Roaming\Mozilla\Firefox\Profiles\m54eyri2.default\

FF - prefs.js: browser.startup.homepage - google.com

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

URLSearchHooks-{f0381dbd-e018-4e07-ae40-d96ab15083f0} - (no file)

URLSearchHooks-{90eee664-34b1-422a-a782-779af65cdf6d} - (no file)

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

URLSearchHooks-{66bd2442-241b-44cd-8c7a-b51037053cdb} - (no file)

Toolbar-10 - (no file)

SafeBoot-WudfPf

SafeBoot-WudfRd

BHO-{9D717F81-9148-4f12-8568-69135F087DB0} - c:\progra~2\WI9130~1\Datamngr\x64\BROWSE~1.DLL

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)

Toolbar-10 - (no file)

Toolbar-!{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

WebBrowser-{F0381DBD-E018-4E07-AE40-D96AB15083F0} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

WebBrowser-{66BD2442-241B-44CD-8C7A-B51037053CDB} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\09\01\05\09\02\18y"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-06-29 23:32:27

ComboFix-quarantined-files.txt 2012-06-29 22:32

.

Pre-Run: 69,197,070,336 bytes free

Post-Run: 69,128,617,984 bytes free

.

- - End Of File - - F450109BC79883826E478BBE5930E578

Share this post


Link to post
Share on other sites

Good run of Combofix. ok, now I want to follow-up with a scan using drWeb Cure-It utility (free download).

once you start this tool, do not run any other app (eg, do not use the system during the run).

Close any programs you started.

Download Dr.Web CureIt to the desktop.

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

Share this post


Link to post
Share on other sites

Hi,For some reason i am unable to copy&paste the DrWeb logfile or send it as an attachment.

Share this post


Link to post
Share on other sites

I found out the reason i can't post the DrWeb logfile is because it's size is 58.8mb.

Share this post


Link to post
Share on other sites

I can see why the DrWeb complete scan took over 6 hrs to complete is because there must be aprox 10gb of cd's he's backed up in his music folder,Here's a small section of logfile at the end.

Scan statistics

-----------------------------------------------------------------------------

Scanned: 431599

Infected: 1

Modifications: 0

Suspicious: 2

Adware: 14

Dialers: 0

Jokes: 0

Riskware: 0

Hacktools: 2

Cured: 0

Deleted: 0

Renamed: 0

Moved: 2

Ignored: 0

Scan speed: 154 Kb/s

Scan time: 4:42:29

-----------------------------------------------------------------------------

C:\Documents and Settings\Wools\Downloads\BflixInstaller.exe - incurable - moved

=============================================================================

Total session statistics

=============================================================================

Scanned: 478462

Infected: 1

Modifications: 0

Suspicious: 2

Adware: 14

Dialers: 0

Jokes: 0

Riskware: 0

Hacktools: 2

Cured: 0

Deleted: 0

Renamed: 0

Moved: 3

Ignored: 0

Scan speed: 118 Kb/s

Share this post


Link to post
Share on other sites

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and paste the new MBAM scan log into a reply.

NEXT:

Download, & save & then run the MS Safety scanner

http://www.microsoft.com/security/scanner/en-us/default.aspx

Let me know the result.

Share this post


Link to post
Share on other sites

Sorry Maurice,i've been away from the laptop for a couple of hrs (dinner at my sisters).I just followed you latest instructions.

When updating MBAM it sticks on "connecting to server" for aprox 5mins and then takes about another 5mins on downloading.

Acting like i've got really slow broadband but i have'nt (22 mpbs DL).

MBAM quick scan detected no malware.

You never mentioned wether to run a quick or full scan with MS safety scanner so i ran a quick scan which detected no malware.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.01.08

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Wools :: WOOLS-PC [administrator]

Protection: Enabled

01/07/2012 20:37:24

mbam-log-2012-07-01 (20-37-24).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 215194

Time elapsed: 3 minute(s), 44 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

The MBAM scan is very good result. Go ahead & get & run the MS Safety scanner, as I outlined before.

Share this post


Link to post
Share on other sites

Hi Maurice,I have already run a quick scan with the MS Safety scanner as instructed by you,

and the results were clean.

Do you want me to run it again?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.