Jump to content


Photo

Malwarebytes says "program blocked by group policy" - 2 dupes deleted


  • This topic is locked This topic is locked
43 replies to this topic

#1 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 23 March 2013 - 01:14 PM

Doing my usual weekly checks and diagnostics.  Spybot, Malwarebyes, all have worked well...but today after running Spybot, Mawarebytes would not open.  I get the message "program blocked by group policy".  I was able to run the log, and here it is...What can I do to repair this?  Thanks, 

 

mbam-check result log version: 2.0.0.1000

Malwarebytes Version: REG_SZ  1.70.0.1100

Date Log Created: 03/23/13
Time Log Created: 15:10:58

User Account type: Administrator

64 bit Operating System

Product Name: REG_SZ  Windows 7 Home Premium

Current Build Number: 7601

Current Version Number: 6.1

Current CSDVersion: Service Pack 1

Proxy Status: No proxy is Set

Proxy Override:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\
 ProxyOverride REG_SZ  *.local

LAN Settings:
=============

only 'Automatically detect settings' is selected

SystemPartition:
================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\
 SystemPartition REG_SZ  \Device\HarddiskVolume2

Balloon Tips Status:
====================

Enabled

Time Format Settings:
=====================

Should be:
  h:mm:ss tt
  AM
  PM
  :

Currently:
REG_SZ  h:mm:ss tt
REG_SZ  AM
REG_SZ  PM
REG_SZ  :

Language and Regional Settings:
===============================

ACP:  Language is English (United States)
MACCP:  Language is English (United States)
OEMCP:  Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:
====================================================

All Users Startup Folder Exists.
Current User's Startup Folder Exists.


Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================

TERMService:
==============
Type    : 32
State    : 1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE  : 1077
SERVICE_EXIT_CODE : 0
CHECKPOINT  : 0
WAIT_HINT  : 0


TermService Start is set to: 3 (Manual Startup)

Compatibility Flag Settings (Any MBAM file listings should be removed):
=======================================================================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
 SIGN.IE=0458C4E8 kav6.0.4.1424_winserven.exeREG_SZ  WINXPSP2
 C:\Program Files\ExpensAble\expensable41.exeREG_SZ  WINXPSP2
 SIGN.MEDIA=4858 Print Drivers\setup.exeREG_SZ  WINXPSP2
 C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exeREG_SZ  VISTARTM
 C:\Program Files (x86)\iTunes\iTunes.exeREG_SZ  DISABLEUSERCALLBACKEXCEPTION
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
 C:\Program Files\ExpensAble\Qex.exeREG_SZ  WIN7RTM
 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeREG_SZ  # WINXPSP2
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exeREG_SZ  ELEVATECREATEPROCESS


Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================

 

MBAM Startup Entries:
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Service and Driver Status:
==========================

  <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector


  <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService


  <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler


  <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon


MBAMProtector Registry Values:
==============================


MBAMService Registry Values:
============================


MBAMScheduler Registry Values:
==============================

 

MBAM DLL's and Runtime Files:
=============================

HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid
 (Default):                    REG_SZ  vbAccelerator Grid Control
HKEY_CLASSES_ROOT\vbAcceleratorSGrid6.vbalGrid\Clsid
 (Default):                    REG_SZ  {C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}

HKEY_CLASSES_ROOT\SSubTimer6.GSubclass
 (Default):                    REG_SZ  SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\SSubTimer6.GSubclass\Clsid
 (Default):                    REG_SZ  {71A27032-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.CTimer
 (Default):                    REG_SZ  SSubTimer6.CTimer
HKEY_CLASSES_ROOT\SSubTimer6.CTimer\Clsid
 (Default):                    REG_SZ  {71A27034-C7D8-11D2-BEF8-525400DFB47A}

HKEY_CLASSES_ROOT\SSubTimer6.ISubclass
 (Default):                    REG_SZ  SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\SSubTimer6.ISubclass\Clsid
 (Default):                    REG_SZ  {71A2702F-C7D8-11D2-BEF8-525400DFB47A}

 


HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}
 (Default):                    REG_SZ  SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\ProgID
 (Default):                    REG_SZ  SSubTimer6.ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
 (Default):                    REG_SZ  {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\VERSION
 (Default):                    REG_SZ  1.0

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}
 (Default):                    REG_SZ  SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
 ThreadingModel                REG_SZ  Apartment
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\ProgID
 (Default):                    REG_SZ  SSubTimer6.GSubclass
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
 (Default):                    REG_SZ  {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\VERSION
 (Default):                    REG_SZ  1.0

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}
 (Default):                    REG_SZ  SSubTimer6.CTimer
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
 ThreadingModel                REG_SZ  Apartment
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\ProgID
 (Default):                    REG_SZ  SSubTimer6.CTimer
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Programmable
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
 (Default):                    REG_SZ  {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION
 (Default):                    REG_SZ  1.0


HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1
 (Default):                    REG_SZ  vbAccelerator VB6 SGrid Control 2.0
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS
 (Default):                    REG_SZ  2
HKEY_CLASSES_ROOT\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1
 (Default):                    REG_SZ  vbAccelerator VB6 SGrid Control 2.0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\FLAGS
 (Default):                    REG_SZ  2
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\HELPDIR
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0
 (Default):                    REG_SZ  vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS
 (Default):                    REG_SZ  0
HKEY_CLASSES_ROOT\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0
 (Default):                    REG_SZ  vbAccelerator VB6 Subclassing and Timer Assistant (with configurable message response, multi-control support + timer bug fix)
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\0\win32
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\FLAGS
 (Default):                    REG_SZ  0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{71A2702D-C7D8-11D2-BEF8-525400DFB47A}\1.0\HELPDIR
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}
 (Default):                    REG_SZ  _ISubclass
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
 (Default):                    REG_SZ  {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
 (Default):                    REG_SZ  {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
 Version                       REG_SZ  1.0
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}
 (Default):                    REG_SZ  ISubclass
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
 (Default):                    REG_SZ  {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
 (Default):                    REG_SZ  {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
 (Default):                    REG_SZ  {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
 Version                       REG_SZ  1.0
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}
 (Default):                    REG_SZ  __CTimer
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
 (Default):                    REG_SZ  {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
 (Default):                    REG_SZ  {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
 Version                       REG_SZ  1.0
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}
 (Default):                    REG_SZ  CTimer
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid
 (Default):                    REG_SZ  {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32
 (Default):                    REG_SZ  {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\TypeLib
 (Default):                    REG_SZ  {71A2702D-C7D8-11D2-BEF8-525400DFB47A}
 Version                       REG_SZ  1.0
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}
 (Default):                    REG_SZ  __vbalGrid
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32
 (Default):                    REG_SZ  {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib
 (Default):                    REG_SZ  {DE8CE233-DD83-481D-844C-C07B96589D3A}
 Version                       REG_SZ  1.1
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}
 (Default):                    REG_SZ  vbalGrid
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid
 (Default):                    REG_SZ  {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32
 (Default):                    REG_SZ  {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib
 (Default):                    REG_SZ  {DE8CE233-DD83-481D-844C-C07B96589D3A}
 Version                       REG_SZ  1.1
MBAM Registry Settings and License Info:
========================================


HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware
 InstallPath                   REG_SZ  C:\Program Files (x86)\Malwarebytes' Anti-Malware
 Affiliate                     REG_SZ  https://store.malwar...kout&cart=29945
 dbversion                     REG_SZ  v2013.02.27.01
 programversion                REG_SZ  1.70.0.1100
 dbdate                        REG_SZ  Wed, 27 Feb 2013 00:44:21 GMT
 hidereg                       REG_DWORD  0
 startipdisabled               REG_DWORD  0
 useproxy                      REG_DWORD  0
 useauthentication             REG_DWORD  0
 downloadprogram               REG_DWORD  1
 advancedheuristics            REG_DWORD  1
 detectpup                     REG_DWORD  2
 detectpum                     REG_DWORD  1
 detectp2p                     REG_DWORD  0
 updatewarn                    REG_DWORD  1
 updatewarndays                REG_DWORD  7
 notifyinstallprogram          REG_DWORD  1
 contextmenu                   REG_DWORD  1
 reportthreats                 REG_DWORD  1
 silentipmode                  REG_DWORD  0
 trialpromptshown              REG_DWORD  1
 startwithwindows              REG_DWORD  1
 startfsdisabled               REG_DWORD  0
 autoquarantine                REG_DWORD  1
 autoquarantinenotify          REG_DWORD  1
 programbuild                  REG_SZ  consumer
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware\UUID
 There is data here but it is hidden.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware\UUID
 LicenseIdLastSent2            REG_SZ  30182429 4198046594
 LicenseId                     REG_SZ  dfa12169-4a93-4eef-9ac0-8069f49c85c6
 LicenseIdVerification         REG_SZ  ab08f322bd189ffd81422a864bed19ce
 LicenseIdLastSent1            REG_SZ  30134359 381230573


HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware
 language                      REG_SZ  english.lng
 selectedrives                 REG_SZ  C:\|D:\|
 terminateie                   REG_DWORD  0
 autosavelog                   REG_DWORD  1
 openlog                       REG_DWORD  1
 alwaysscanmemory              REG_DWORD  1
 alwaysscanregistry            REG_DWORD  1
 alwaysscanfiles               REG_DWORD  1
 alwaysscanheuristics          REG_DWORD  1
 defaultscan                   REG_DWORD  0
 alwaysscanstartups            REG_DWORD  1

 

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1
 Inno Setup: Setup Version     REG_SZ  5.5.3-dev (a)
 Inno Setup: App Path          REG_SZ  C:\Program Files (x86)\Malwarebytes' Anti-Malware
 InstallLocation               REG_SZ  C:\Program Files (x86)\Malwarebytes' Anti-Malware\
 Inno Setup: Icon Group        REG_SZ  Malwarebytes' Anti-Malware
 Inno Setup: User              REG_SZ  Carl's office
 Inno Setup: Selected Tasks    REG_DWORD  0
 Inno Setup: Deselected Tasks  REG_SZ  desktopicon,quicklaunchicon
 Inno Setup: Language          REG_SZ  English
 DisplayName                   REG_SZ  Malwarebytes Anti-Malware version 1.70.0.1100
 DisplayIcon                   REG_SZ  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
 UninstallString               REG_SZ  "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
 QuietUninstallString          REG_SZ  "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" /SILENT
 DisplayVersion                REG_SZ  1.70.0.1100
 Publisher                     REG_SZ  Malwarebytes Corporation
 URLInfoAbout                  REG_SZ  http://www.malwarebytes.org
 NoModify                      REG_DWORD  1
 NoRepair                      REG_DWORD  1
 InstallDate                   REG_SZ  20130108
 MajorVersion                  REG_DWORD  1
 MinorVersion                  REG_DWORD  70
 EstimatedSize                 REG_DWORD  18895
Pending File Rename Operations:
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
 PendingFileRenameOperations REG_MULTI_SZ \??\C:\Windows\TEMP\logishrd\LVPrcInj01.dll

 

Scheduler Queue:
================

 

Context Menu Entries:
=====================

HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
 (Default):                    REG_SZ  {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\MBAMShlExt
 (Default):                    REG_SZ  {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
 (Default):                    REG_SZ  MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CLSID
 (Default):                    REG_SZ  {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt\CurVer
 (Default):                    REG_SZ  MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
 (Default):                    REG_SZ  MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1\CLSID
 (Default):                    REG_SZ  {57CE581A-0CB6-4266-9CA0-19364C90A0B3}


HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
 (Default):                    REG_SZ  IMBAMShlExt
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32
 (Default):                    REG_SZ  {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib
 (Default):                    REG_SZ  {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
 Version                       REG_SZ  1.0
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
 (Default):                    REG_SZ  MBAMShlExt Class
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
 ThreadingModel                REG_SZ  Apartment
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\ProgID
 (Default):                    REG_SZ  MBAMExt.MBAMShlExt.1
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\TypeLib
 (Default):                    REG_SZ  {AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID
 (Default):                    REG_SZ  MBAMExt.MBAMShlExt

HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
 (Default):                    REG_SZ  MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
 (Default):                    REG_SZ  0
HKEY_CLASSES_ROOT\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes' Anti-Malware
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0
 (Default):                    REG_SZ  MBAMExt 1.0 Type Library
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win32
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\FLAGS
 (Default):                    REG_SZ  0
HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\HELPDIR
 (Default):                    REG_SZ  C:\Program Files (x86)\Malwarebytes' Anti-Malware


MBAM Drivers:
=============

C:\Windows\system32\drivers\mbam.sys File Size: 24176     BYTES FileVersion: 1.60.2.0


Required Dependencies:
======================

BFE:
==============
Type    : 32
State    : 4 (The service is running.)
WIN32_EXIT_CODE  : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT  : 0
WAIT_HINT  : 0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
 DisplayName                   REG_SZ  @%SystemRoot%\system32\bfe.dll,-1001
 Group                         REG_SZ  NetworkProvider
 ImagePath                     REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
 Description                   REG_SZ  @%SystemRoot%\system32\bfe.dll,-1002
 ObjectName                    REG_SZ  NT AUTHORITY\LocalService
 ErrorControl                  REG_DWORD  1
 Start                         REG_DWORD  2
 Type                          REG_DWORD  32
 DependOnService               REG_MULTI_SZ RpcSs

 ServiceSidType                REG_DWORD  3
 RequiredPrivileges            REG_MULTI_SZ SeAuditPrivilege

 FailureActions                REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
 ServiceDll                    REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll
 ServiceDllUnloadOnStop        REG_DWORD  1
 ServiceMain                   REG_SZ  BfeServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
 {dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data

 {0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data

 {12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data

 {c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data

 {0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data

 {074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data

 {c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data

 {a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data

 {0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data

 {2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data

 {2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data

 {c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data

 {935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data

 {941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
 {b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY Binary Data

 {d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY Binary Data

 {8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}REG_BINARY Binary Data

 {4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY Binary Data

 {3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY Binary Data

 {17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY Binary Data

 {567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY Binary Data

 {4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY Binary Data

 {3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY Binary Data

 {dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data

 {f444c576-6e60-4ea2-9faa-80d57ed12cd2}REG_BINARY Binary Data

 {0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data

 {12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data

 {c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data

 {0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data

 {4d9581d2-aef8-4993-84cd-b986ced80d42}REG_BINARY Binary Data

 {be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc}REG_BINARY Binary Data

 {716b48eb-0a35-4a76-92ab-1d987230d288}REG_BINARY Binary Data

 {1165065e-4996-4338-abaf-4b8556b4d431}REG_BINARY Binary Data

 {07a24961-a760-4e80-b263-6d275e1b09cb}REG_BINARY Binary Data

 {5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9}REG_BINARY Binary Data

 {b6b2ca61-fb98-4422-adc2-e7cf56b3680c}REG_BINARY Binary Data

 {0aa7fff8-919f-453c-928c-28a12122ba38}REG_BINARY Binary Data

 {074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data

 {c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data

 {a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data

 {0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data

 {91ffecf0-0a9e-4572-95f1-a7111af86967}REG_BINARY Binary Data

 {64e55933-15a5-495d-a928-ccca43d44875}REG_BINARY Binary Data

 {13bfd422-6f75-4408-8924-9400ec0cb19c}REG_BINARY Binary Data

 {cbfb56db-3c85-4543-9bc2-76ea28cdd74e}REG_BINARY Binary Data

 {2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data

 {375fb39b-08c6-40f2-bdf2-08fa63f970a2}REG_BINARY Binary Data

 {2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data

 {c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data

 {b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}REG_BINARY Binary Data

 {3697a558-3ed3-49be-a4c1-c1a4448653b4}REG_BINARY Binary Data

 {935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data

 {941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
 {decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data

 {4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data

 {1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data

 {aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
 {b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data

 {b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data

 {b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data

 {9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data

fltmgr:
==============
Type    : 2
State    : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE  : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT  : 0
WAIT_HINT  : 0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
 AttachWhenLoaded              REG_DWORD  1
 DisplayName                   REG_SZ  @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
 Group                         REG_SZ  FSFilter Infrastructure
 ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys
 Description                   REG_SZ  @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
 ErrorControl                  REG_DWORD  3
 Start                         REG_DWORD  0
 Tag                           REG_DWORD  1
 Type                          REG_DWORD  2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
 0                             REG_SZ  Root\LEGACY_FLTMGR\0000
 Count                         REG_DWORD  1
 NextInstance                  REG_DWORD  1
C:\Windows\system32\drivers\fltmgr.sys File Size: 289664    BYTES FileVersion: 6.1.7601.17514
C:\Windows\SysWOW64\comctl32.ocx File Size: 608448    BYTES FileVersion: 6.0.81.5
C:\Windows\SysWOW64\mscomctl.ocx File Size: 1070152   BYTES FileVersion: 6.1.98.34
C:\Windows\SysWOW64\olepro32.dll File Size: 90112     BYTES FileVersion: 6.1.7601.17514


List of MBAM Related Directories:
=================================

C:\Program Files (x86)\Malwarebytes' Anti-Malware
changes.rtf                    File Size:       785 BYTES
changes.txt                    File Size:      2128 BYTES
license.rtf                    File Size:     17916 BYTES
license.txt                    File Size:     11141 BYTES
mbam.chm                       File Size:    469873 BYTES
mbam.dll                       File Size:    508264 BYTES FileVersion: 1.70.0.0
mbam.exe                       File Size:    824232 BYTES FileVersion: 1.70.0.9
mbamcore.dll                   File Size:   1091432 BYTES FileVersion: 1.70.0.0
mbamext.dll                    File Size:     93544 BYTES FileVersion: 1.70.0.0
mbamgui.exe                    File Size:    512360 BYTES FileVersion: 1.70.0.0
mbamnet.dll                    File Size:   2171240 BYTES FileVersion: 1.70.0.0
mbampt.exe                     File Size:     38248 BYTES FileVersion: 1.70.0.0
mbamscheduler.exe              File Size:    398184 BYTES FileVersion: 1.70.0.0
mbamservice.exe                File Size:    682344 BYTES FileVersion: 1.70.0.0
ssubtmr6.dll                   File Size:     46416 BYTES FileVersion: 1.1.0.3
unins000.dat                   File Size:    126897 BYTES
unins000.exe                   File Size:    710504 BYTES FileVersion: 51.52.0.0
unins000.msg                   File Size:     11277 BYTES
vbalsgrid6.ocx                 File Size:    496976 BYTES FileVersion: 2.0.0.40

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon
chameleon.chm                  File Size:    186068 BYTES
firefox.com                    File Size:    216424 BYTES
firefox.exe                    File Size:    216424 BYTES
firefox.pif                    File Size:    216424 BYTES
firefox.scr                    File Size:    216424 BYTES
iexplore.exe                   File Size:    216424 BYTES
mbam-chameleon.com             File Size:    216424 BYTES
mbam-chameleon.exe             File Size:    216424 BYTES
mbam-chameleon.pif             File Size:    216424 BYTES
mbam-chameleon.scr             File Size:    216424 BYTES
mbam-killer.exe                File Size:    984648 BYTES FileVersion: 1.60.0.47
rundll32.exe                   File Size:    216424 BYTES
svchost.exe                    File Size:    216424 BYTES
winlogon.exe                   File Size:    216424 BYTES

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages
arabic.lng                     File Size:     21728 BYTES
belarusian.lng                 File Size:     26766 BYTES
bosnian.lng                    File Size:     26988 BYTES
bulgarian.lng                  File Size:     27400 BYTES
catalan.lng                    File Size:     28114 BYTES
chineseSI.lng                  File Size:     10970 BYTES
chineseTR.lng                  File Size:     11894 BYTES
croatian.lng                   File Size:     26576 BYTES
czech.lng                      File Size:     24682 BYTES
danish.lng                     File Size:     26434 BYTES
dutch.lng                      File Size:     28142 BYTES
english.lng                    File Size:     24418 BYTES
estonian.lng                   File Size:     25014 BYTES
finnish.lng                    File Size:     25770 BYTES
french.lng                     File Size:     29674 BYTES
german.lng                     File Size:     29698 BYTES
greek.lng                      File Size:     29116 BYTES
hebrew.lng                     File Size:     19202 BYTES
hungarian.lng                  File Size:     28430 BYTES
italian.lng                    File Size:     28022 BYTES
japanese.lng                   File Size:     16140 BYTES
korean.lng                     File Size:     14096 BYTES
latvian.lng                    File Size:     26916 BYTES
lithuanian.lng                 File Size:     27664 BYTES
macedonian.lng                 File Size:     28864 BYTES
norwegian.lng                  File Size:     24978 BYTES
polish.lng                     File Size:     26484 BYTES
portugueseBR.lng               File Size:     28544 BYTES
portuguesePT.lng               File Size:     28904 BYTES
romanian.lng                   File Size:     28090 BYTES
russian.lng                    File Size:     27134 BYTES
serbian.lng                    File Size:     26662 BYTES
slovak.lng                     File Size:     25486 BYTES
slovenian.lng                  File Size:     24696 BYTES
spanish.lng                    File Size:     29902 BYTES
swedish.lng                    File Size:     25800 BYTES
thai.lng            


#2 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 24 March 2013 - 06:42 AM

I'm very sorry, I didn't realize what had happened.  The site was telling me that it couldn't post my topic.  Anyway, I am having no success opening Malwarebytes, I couldn't open Kaspersky online , BitDefender online, F-Secure online. I did get HiJack this going, and I'm posting the log below.  Maybe this will help.  Thank you.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:11:45 PM, on 3/23/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16521)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
C:\Users\Carl's office\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.UI.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_user_customer.exe
C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\AVG\AVG2013\avgcsrvx.exe
C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\pavcl.exe
C:\Users\Carl's office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KOZB0952\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ACTSchedulerUI] "C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.UI.exe" -Dfalse
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-21-1426207626-2938278142-1790814872-1011\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-21-1426207626-2938278142-1790814872-1011\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LogMeInRemoteUser')
O4 - Startup: DING!.lnk = C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
O4 - Startup: Dropbox.lnk = Carl's office\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} (TNetworkScanner Control) - http://optimum.net/d...nerXControl.ocx
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} (iCloud Web App Plugin) - https://www.icloud.c...stem/iCloud.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Device Handle Service - ASUSTeK Computer Inc. - C:\Windows\SysWOW64\AsHookDevice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist Remote Support Customer - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\Windows\system32\mqsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - arvato digital services llc - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Sage ACT! Scheduler - Sage Software, Inc. - C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14760 bytes



#3 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 24 March 2013 - 09:04 AM

Hi Carlgrus, and welcome back.

Please see Instructions for posting requested logs for the logs we need to start providing help. HijackThis is not really effective against today's malware, and it's not fully compatible with Windows 7.
 
Also, please run Notepad and paste the following text into a new file:
 

regedit /e HKCU-Policy.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies"
regedit /e HKLM-Policy.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies"

Save the file to the Desktop as log.bat, and make sure the "Save as type" field says "All files". Then double-click on the log.bat file on the desktop. This will create 2 text files on the desktop called HKCU-Policy.txt and HKLM-Policy.txt.
 
Please post the content of both files in your next reply, along with the logs from DDS and Security Check, and note any errors encountered.


Carlgrus: Our email notifications to you are being refused: "SMTP error from remote mail server after MAIL FROM:
503 you must authenticate first (#5.5.1)"  - cnm


Edited by cnm, 24 March 2013 - 09:23 AM.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#4 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 24 March 2013 - 12:40 PM

O.K. so I ran what I could, and followed all instructions.  1) Malewarebytes will not open.  I get the message "program blocked by group policy"; 2)  the DDS.txt and Attach.txt files are attached;  3)  Security Check opened, and I've attached Checkup.txt;  4) the HijackThis log is attached;  5) Kaspersky online would not open, BitDefender online would not open, F-Secure online would not open, Panda did open but after it ran the scan, said that it was "without detections"  and ESET online would not open; and finally 6) I ran Notepad, and pasted the text into it, double clicked, and it did not make the 2 text files, it ran, and did something, but not 2 or any text files...sorry...Let me know how bad I've been bitten.   Thanks,  Carl

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16521
Run by Carl's office at 13:54:09 on 2013-03-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.1730 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\AsHookDevice.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_service.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\mqsvc.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_comm_customer.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_system_customer.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_user_customer.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.UI.exe
C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
C:\Users\Carl's office\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\AVG\AVG2013\avgcsrvx.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNGGA.EXE
C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNGGA.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {D5233FCD-D258-4903-89B8-FB1568E7413D} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [ACTSchedulerUI] "C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.UI.exe" -Dfalse
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\CARL'S~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DING!.lnk - C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
StartupFolder: C:\Users\CARL'S~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Carl's office\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\CARL'S~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} -
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} - hxxp://optimum.net/downloads/TNetworkScannerXControl.ocx
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0F22216E-F638-476A-8E54-CDA95E468051} : DHCPNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist Express Customer - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_winlogonx64.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-16 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-24 55280]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R2 ActService;ACT! Service Host;C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe [2011-11-15 18432]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-26 203776]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2010-5-26 203392]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-9-12 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-9-12 128512]
R2 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_service.exe [2013-2-12 611400]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-1-25 376168]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-11-29 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-3-4 72216]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 MSSQL$ACT7;SQL Server (ACT7);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2011-6-17 43040096]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 Sage ACT! Scheduler;Sage ACT! Scheduler;C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2011-11-15 81920]
R2 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2011-12-16 25504]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-21 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-21 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-21 168384]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
R3 LVUVC64;Logitech QuickCam S7500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-8-29 38456]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-5-26 1301504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SessionLauncher;SessionLauncher; [x]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-11-14 35840]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-8-13 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2010-2-24 726816]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-27 19456]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2011-12-16 27584]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-27 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-30 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-5-5 44896]
S4 SQLAgent$ACT7;SQL Server Agent (ACT7);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 370016]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-03-24 02:50:49 -------- d-----w- C:\Program Files (x86)\Panda Security
2013-03-23 19:42:35 -------- d-----w- C:\Program Files (x86)\RealNetworks
2013-03-23 19:42:29 -------- d-----w- C:\ProgramData\RealNetworks
2013-03-23 19:42:08 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2013-03-23 19:38:35 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-03-20 20:12:09 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-05 02:15:11 -------- d-----w- C:\Users\Carl's office\AppData\Local\LogMeIn
2013-03-05 02:15:06 60776 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMIproc.dll
2013-03-05 02:15:05 88448 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2013-03-05 02:15:05 35688 ----a-w- C:\Windows\System32\LMIport.dll
2013-03-05 02:15:04 72216 ----a-w- C:\Windows\System32\drivers\LMIRfsDriver.sys
2013-03-05 02:15:02 11552 ----a-w- C:\Windows\System32\drivers\lmimirr.sys
2013-03-05 02:15:01 84328 ----a-w- C:\Windows\System32\LMIinit.dll
2013-03-05 02:14:56 -------- d-----w- C:\ProgramData\LogMeIn
2013-03-05 02:14:45 -------- d-----w- C:\Program Files (x86)\LogMeIn
2013-03-02 15:25:50 -------- d-----w- C:\Program Files\iPod
2013-03-02 15:25:49 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-02 15:25:49 -------- d-----w- C:\Program Files\iTunes
2013-03-02 15:25:49 -------- d-----w- C:\Program Files (x86)\iTunes
2013-02-26 23:13:08 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-26 13:33:46 -------- d-----w- C:\Users\Carl's office\AppData\Local\{AE9FBB99-01C2-42C5-BFED-ED9DF5641DD8}
2013-02-24 16:28:45 -------- d-----w- C:\Users\Carl's office\AppData\Local\{DAF29AE1-3479-4B84-9328-48DACC877A5D}
2013-02-23 20:58:40 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
.
==================== Find3M  ====================
.
2013-03-23 19:38:25 963488 ----a-w- C:\Windows\System32\deployJava1.dll
2013-03-23 19:38:25 1085344 ----a-w- C:\Windows\System32\npdeployJava1.dll
2013-03-19 12:44:12 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-19 12:44:12 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-26 23:13:08 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-12 11:35:28 173128 ----a-w- C:\Windows\System32\g2ax_credential_provider64_498.dll
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-01-29 23:15:06 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
2013-01-29 23:15:06 828872 ----a-w- C:\Windows\System32\msvcr110.dll
2013-01-29 23:15:06 661448 ----a-w- C:\Windows\System32\msvcp110.dll
2013-01-29 23:15:06 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
2013-01-29 23:15:06 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
2013-01-29 23:15:06 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
2013-01-29 23:15:04 50800 ----a-w- C:\Windows\System32\drivers\point64.sys
2013-01-29 23:15:04 29312 ----a-w- C:\Windows\System32\drivers\nuidfltr.sys
2013-01-24 15:32:08 2177648 ----a-w- C:\Windows\System32\coin93.dll
2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 13:54:56.18 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/29/2010 2:47:56 PM
System Uptime: 3/24/2013 7:41:29 AM (6 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | CM1630
Processor: AMD Athlon™ II X2 220 Processor | AM3 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 238 GiB total, 100.027 GiB free.
D: is FIXED (NTFS) - 339 GiB total, 276.228 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SD/MMC         
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F63626420&0#
Manufacturer: Generic-
Name: G:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#058F63626420&0#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SM/xD Picture  
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD_PICTURE&REV_1.02#058F63626420&2#
Manufacturer: Generic-
Name: I:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD_PICTURE&REV_1.02#058F63626420&2#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Compact Flash  
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626420&1#
Manufacturer: Generic-
Name: H:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626420&1#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: MS/MS-Pro      
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.03#058F63626420&3#
Manufacturer: Generic-
Name: J:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.03#058F63626420&3#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP732: 3/19/2013 9:31:50 PM - Windows Update
RP733: 3/20/2013 6:00:14 PM - Windows Update
RP734: 3/20/2013 9:42:35 PM - Windows Update
RP735: 3/21/2013 6:00:12 PM - Windows Update
RP736: 3/21/2013 9:42:45 PM - Windows Update
RP737: 3/22/2013 6:00:12 PM - Windows Update
RP738: 3/22/2013 10:23:07 PM - Windows Update
RP739: 3/23/2013 3:34:41 PM - Installed Evernote v. 4.6.4
RP740: 3/23/2013 3:37:28 PM - Installed Java 7 Update 17 (64-bit)
RP741: 3/23/2013 6:00:12 PM - Windows Update
RP742: 3/23/2013 11:17:13 PM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
µTorrent
64 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe PageMaker 7.0
Adobe Photoshop 7.0
Adobe Reader XI (11.0.02)
AI Manager
AirPort
AMD USB Filter Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS Backup Wizard
ASUS VIBE
ASUSUpdate
ATI Catalyst Install Manager
Auction!® V3
Auction!® V3 Manual
AutoUpdate
AVG 2013
AVG PC Tuneup
BCL easyConverter SDK 1.0.0 Module
Bonjour
Boston University
Canon Inkjet Printer Driver Add-On Module
Canon SELPHY CP720
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Compatibility Pack for the 2007 Office system
CustomShortMaker 1.0.3a
D3DX10
DING!
DirectXInstallService
DivX
Dropbox
EMC 10 Content
EMCGadgets64
Epson CreativeZone
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Event Manager
EPSON NX125 NX127 Series Printer Uninstall
EPSON Scan
EPU-4 Engine
Evernote v. 4.6.4
Facebook Video Calling 1.2.0.159
Family Tree Maker 2010
Family Tree Maker 2012
FileHippo.com Update Checker
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Customer 1.6.0.498
Handheld Contact 3.2.13.0
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
iCloud
ImgBurn
iTunes
Java 7 Update 17 (64-bit)
Java Auto Updater
Java™ 6 Update 24
Junk Mail filter update
LiveUpload to Facebook
Logitech Desktop Messenger
Logitech Harmony Remote Software
Logitech Harmony Remote Software 7
Logitech Vid HD
Logitech Webcam Software
Logitech Webcam Software Driver Package
LogMeIn
Malwarebytes Anti-Malware version 1.70.0.1100
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Browser
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft WSE 3.0
MP3 Recorder Studio 6.0
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
OGA Notifier 1.7.0105.14.0
Panda Cloud Cleaner
Photo Explosion Album SE
Platform
proDAD Heroglyph 2.5
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek 8136 8168 8169 Ethernet Driver
RealUpgrade 1.1
RedMon - Redirection Port Monitor
Remote Control USB Driver
Revo Uninstaller 1.94
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio File Backup
Roxio Update Manager
Safari
Sage ACT! Network Sync Service
Sage ACT! Premium 2012
Sage Download Manager
Samsung AllShare
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Service Pack 1 for SQL Server 2008 R2 (KB2528583)
Skype Click to Call
Skype™ 6.3
SmartSound Quicktracks Plugin
SnagScreen 1.0
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
SQL Server 2008 R2 SP1 Common Files
SQL Server 2008 R2 SP1 Database Engine Services
SQL Server 2008 R2 SP1 Database Engine Shared
Sql Server Customer Experience Improvement Program
Studio 10
Studio 10 Bonus DVD
Studio 10.8 Patch
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VIA Platform Device Manager
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
.
==== Event Viewer Messages From Past Week ========
.
3/24/2013 7:42:43 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Lbd PCLEPCI RxFilter
3/24/2013 7:42:31 AM, Error: Service Control Manager [7000]  - The SessionLauncher service failed to start due to the following error:  The system cannot find the path specified.
3/24/2013 7:42:23 AM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
3/24/2013 7:41:57 AM, Error: volmgr [46]  - Crash dump initialization failed!
3/24/2013 7:41:36 AM, Error: Application Popup [1060]  - \??\C:\Windows\SysWow64\drivers\pclepci.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
3/23/2013 11:53:27 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk5\DR5.
3/23/2013 11:09:50 PM, Error: Service Control Manager [7034]  - The HHC7ServiceMonitor service terminated unexpectedly.  It has done this 1 time(s).
3/23/2013 11:09:49 PM, Error: Service Control Manager [7034]  - The Sage ACT! Network Sync Service service terminated unexpectedly.  It has done this 1 time(s).
3/23/2013 11:09:48 PM, Error: Service Control Manager [7034]  - The HHC7Service service terminated unexpectedly.  It has done this 1 time(s).
3/23/2013 1:32:54 PM, Error: Service Control Manager [7022]  - The Internet Connection Sharing (ICS) service hung on starting.
3/23/2013 1:25:55 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
3/23/2013 1:25:52 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
3/23/2013 1:25:52 PM, Error: Service Control Manager [7000]  - The Application Experience service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/23/2013 1:25:25 PM, Error: Service Control Manager [7043]  - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
3/23/2013 1:25:22 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/23/2013 1:24:52 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
3/23/2013 1:24:22 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.
3/23/2013 1:23:52 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
3/23/2013 1:23:52 PM, Error: Service Control Manager [7000]  - The Multimedia Class Scheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/23/2013 1:23:22 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
3/22/2013 6:39:40 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Message Queuing service to connect.
3/22/2013 6:39:40 AM, Error: Service Control Manager [7000]  - The Message Queuing service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/20/2013 3:04:41 PM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.
3/20/2013 3:04:41 PM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
3/19/2013 8:05:29 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
3/19/2013 8:05:29 AM, Error: Service Control Manager [7000]  - The Computer Browser service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/19/2013 7:19:57 AM, Error: Service Control Manager [7000]  - The Windows Update service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/19/2013 7:11:27 AM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
3/19/2013 7:07:08 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/19/2013 7:06:27 AM, Error: Service Control Manager [7022]  - The AVG WatchDog service hung on starting.
3/19/2013 7:02:26 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
3/19/2013 6:29:42 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR6.
3/17/2013 9:26:15 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk5\DR6.
.
==== End Of File ===========================

 

 Results of screen317's Security Check version 0.99.61 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
AVG AntiVirus Free Edition 2013  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.70.0.1100 
 AVG PC Tuneup  
 Panda Cloud Cleaner  
 Java™ 6 Update 24 
 Java version out of Date!
 Adobe Reader XI 
 Google Chrome 25.0.1364.152 
 Google Chrome 25.0.1364.172 
````````Process Check: objlist.exe by Laurent```````` 
 Spybot Teatimer.exe is disabled!
 AVG avgwdsvc.exe
 AVG avgemc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:11:45 PM, on 3/23/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16521)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
C:\Users\Carl's office\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.UI.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_user_customer.exe
C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\AVG\AVG2013\avgcsrvx.exe
C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\pavcl.exe
C:\Users\Carl's office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KOZB0952\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ACTSchedulerUI] "C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.UI.exe" -Dfalse
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-21-1426207626-2938278142-1790814872-1011\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-21-1426207626-2938278142-1790814872-1011\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LogMeInRemoteUser')
O4 - Startup: DING!.lnk = C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
O4 - Startup: Dropbox.lnk = Carl's office\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} (TNetworkScanner Control) - http://optimum.net/d...nerXControl.ocx
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} (iCloud Web App Plugin) - https://www.icloud.c...stem/iCloud.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Device Handle Service - ASUSTeK Computer Inc. - C:\Windows\SysWOW64\AsHookDevice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist Remote Support Customer - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\Windows\system32\mqsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - arvato digital services llc - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Sage ACT! Scheduler - Sage Software, Inc. - C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\w


#5 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 24 March 2013 - 04:05 PM

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:
http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).
Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**
**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the log at C:\ComboFix.txt in your next reply and note any errors encountered.
 


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#6 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 24 March 2013 - 05:33 PM

I ran ComboFix...at the beginning it told me to shut down AVG and Spybot...I was not able to, in each case I got the message "program blocked by group policy".  So, I continued with ComboFix, it took about 30 minutes to complete, and then it did not give me a log, so I have nothing to send you.  Where do we go from here?



#7 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 24 March 2013 - 06:19 PM

I just ran ComboFix again....and got a log...woohoo!  And here it is....Thanks,

 

ComboFix 13-03-24.03 - Carl's office 03/24/2013  19:53:41.4.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.2059 [GMT -4:00]
Running from: c:\users\Carl's office\Desktop\Spyware Utilities\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
---- Previous Run -------
.
c:\programdata\9AE7BF8A91.sys
c:\users\Carl's office\g2ax_customer_downloadhelper_win32_x86.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\wininit.ini
D:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-25 to 2013-03-25  )))))))))))))))))))))))))))))))
.
.
2013-03-25 00:10 . 2013-03-25 00:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-24 02:50 . 2013-03-24 02:50 -------- d-----w- c:\program files (x86)\Panda Security
2013-03-23 19:45 . 2013-03-23 19:45 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-03-23 19:42 . 2013-03-23 19:42 -------- d-----w- c:\program files (x86)\RealNetworks
2013-03-23 19:42 . 2013-03-23 19:42 -------- d-----w- c:\programdata\RealNetworks
2013-03-23 19:42 . 2013-03-23 19:42 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2013-03-23 19:38 . 2013-03-23 19:38 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-23 19:38 . 2013-03-23 19:38 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-23 19:38 . 2013-03-23 19:38 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-23 19:38 . 2013-03-23 19:38 188320 ----a-w- c:\windows\system32\java.exe
2013-03-23 19:38 . 2013-03-23 19:38 -------- d-----w- c:\program files\Java
2013-03-20 20:12 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-13 22:01 . 2013-03-13 22:01 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-13 22:01 . 2013-03-13 22:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-05 20:05 . 2013-03-07 11:24 -------- d-----w- c:\users\LogMeInRemoteUser
2013-03-05 02:15 . 2013-03-05 02:15 -------- d-----w- c:\users\Carl's office\AppData\Local\LogMeIn
2013-03-05 02:15 . 2013-01-25 21:37 60776 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
2013-03-05 02:15 . 2013-01-25 21:38 88448 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-03-05 02:15 . 2013-01-25 21:37 35688 ----a-w- c:\windows\system32\LMIport.dll
2013-03-05 02:15 . 2012-11-29 16:56 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2013-03-05 02:15 . 2012-11-29 16:56 11552 ----a-w- c:\windows\system32\drivers\lmimirr.sys
2013-03-05 02:15 . 2013-01-25 21:37 84328 ----a-w- c:\windows\system32\LMIinit.dll
2013-03-05 02:14 . 2013-03-24 11:42 -------- d-----w- c:\programdata\LogMeIn
2013-03-05 02:14 . 2013-03-05 20:05 -------- d-----w- c:\program files (x86)\LogMeIn
2013-03-02 15:25 . 2013-03-02 15:25 -------- d-----w- c:\program files\iPod
2013-03-02 15:25 . 2013-03-02 15:26 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-02 15:25 . 2013-03-02 15:26 -------- d-----w- c:\program files\iTunes
2013-03-02 15:25 . 2013-03-02 15:26 -------- d-----w- c:\program files (x86)\iTunes
2013-02-26 23:49 . 2013-02-17 06:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-02-26 23:13 . 2013-02-26 23:13 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-23 20:58 . 2013-02-23 20:59 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-24 23:11 . 2011-11-08 01:12 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2013-03-24 23:10 . 2012-02-15 22:31 22368 ----a-w- c:\windows\system32\drivers\AFD.SYS
2013-03-24 23:10 . 2009-07-14 00:10 22368 ----a-w- c:\windows\system32\drivers\WS2IFSL.SYS
2013-03-23 19:38 . 2011-12-14 00:57 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-23 19:38 . 2011-12-14 00:57 1085344 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-19 12:44 . 2012-03-31 13:20 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-19 12:44 . 2011-06-14 01:45 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 22:21 . 2010-09-01 00:16 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-12 11:35 . 2013-02-12 11:37 173128 ----a-w- c:\windows\system32\g2ax_credential_provider64_498.dll
2013-02-12 05:45 . 2013-03-13 10:50 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 10:50 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 10:50 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 10:50 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 10:50 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 10:50 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-29 23:15 . 2013-01-29 23:15 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2013-01-29 23:15 . 2013-01-29 23:15 828872 ----a-w- c:\windows\system32\msvcr110.dll
2013-01-29 23:15 . 2013-01-29 23:15 661448 ----a-w- c:\windows\system32\msvcp110.dll
2013-01-29 23:15 . 2013-01-29 23:15 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2013-01-29 23:15 . 2013-01-29 23:15 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2013-01-29 23:15 . 2013-01-29 23:15 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2013-01-29 23:15 . 2013-01-29 23:15 50800 ----a-w- c:\windows\system32\drivers\point64.sys
2013-01-29 23:15 . 2013-01-29 23:15 29312 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2013-01-24 15:32 . 2013-01-24 15:32 2177648 ----a-w- c:\windows\system32\coin93.dll
2013-01-05 05:53 . 2013-02-13 11:55 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 11:55 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 11:55 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 11:55 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 11:55 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 11:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 11:55 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 11:55 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 11:55 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 11:55 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 11:55 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 11:55 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 11:55 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ACTSchedulerUI"="c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.UI.exe" [2011-11-16 557056]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
c:\users\Carl's office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DING!.lnk - c:\program files (x86)\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
Dropbox.lnk - c:\users\Carl's office\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-3-19 1086816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean64.exe
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
R2 SessionLauncher;SessionLauncher; [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-30 35840]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2010-02-24 726816]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2011-12-16 27584]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-30 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 44896]
R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 370016]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S2 ActService;ACT! Service Host;c:\program files (x86)\ACT\Act for Windows\Act.Server.Host.exe [2011-11-16 18432]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_service.exe Start=service [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-01-25 376168]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-11-29 15928]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2011-06-18 43040096]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056]
S2 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2011-11-16 81920]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2011-12-16 25504]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-26 75904]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
S3 LVUVC64;Logitech QuickCam S7500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2013-01-29 50800]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1301504]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-12 20:59 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 12:44]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-19 11:47]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-19 11:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-11-29 57928]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
TCP: DhcpNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} - hxxp://optimum.net/downloads/TNetworkScannerXControl.ocx
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-24  20:17:34
ComboFix-quarantined-files.txt  2013-03-25 00:17
ComboFix2.txt  2011-11-19 15:28
ComboFix3.txt  2011-11-19 03:28
.
Pre-Run: 109,090,992,128 bytes free
Post-Run: 108,532,744,192 bytes free
.
- - End Of File - - 9F2A6A324B5D13A22A4378A16D01E854
 



#8 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 24 March 2013 - 08:07 PM

We need to make sure you have the most recent version of ComboFix.
Delete your current copy of ComboFix.exe.
Download ComboFix© by sUBs from one of these links:
http://download.blee...Bs/ComboFix.exe
http://www.forospywa...Bs/ComboFix.exe

Save the file to your Desktop.

Close any open browsers.
Close your AntiVirus and any anti-spyware programs you may be running.
For this next step, please ensure that ComboFix.exe is on your desktop:

Please open Notepad *Do Not Use Wordpad!* (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" and change the "Save as type" to "All Files" and place it on your desktop.

Driver::
Lbd
SessionLauncher
AsUpIO
GoToAssist Remote Support Customer


Save this as CFScript.txt, in the same location as ComboFix.exe




Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt. Please post that log in your next reply.

 

Next, download the Sophos Virus Removal Tool and save it to your desktop:

  • Be sure to view the 3 short How-to videos on that page.
  • Double-click Sophos Virus Removal Tool.exe. The installation files will extract and the installer will automatically run.
  • Follow the prompts to accept the license agreement, and accept the default location.
  • A message will appear "InstallShield Wizard Completed".
  • Click 'Finish' to start the program.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug you Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • A log will be in the following location:
  • Vista and above: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
    --for 64-bit C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
  • 2000/XP/Server 2003: C:\Documents and Settings\All Users\Application
    Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
  • Please post the log in your next reply.

 

Please post the new log from ComboFix (C:\ComboFix.txt), the log from Sophos Virus Removal Tool, and note any errors encountered.

 


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#9 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 25 March 2013 - 10:44 AM

Here is the Combo Fix log: 

 

ComboFix 13-03-24.03 - Carl's office 03/25/2013   8:03.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.1878 [GMT -4:00]
Running from: c:\users\Carl's office\Desktop\ComboFix.exe
Command switches used :: c:\users\Carl's office\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\9AE7BF8A91.sys
c:\users\Carl's office\g2ax_customer_downloadhelper_win32_x86.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ASUPIO
-------\Legacy_LBD
-------\Service_AsUpIO
-------\Service_GoToAssist Remote Support Customer
-------\Service_Lbd
-------\Service_SessionLauncher
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-25 to 2013-03-25  )))))))))))))))))))))))))))))))
.
.
2013-03-25 12:11 . 2013-03-25 12:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-03-25 12:11 . 2013-03-25 12:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-25 12:11 . 2013-03-25 12:11 -------- d-----w- c:\users\CARLS OFFICE\AppData\Local\temp
2013-03-24 02:50 . 2013-03-24 02:50 -------- d-----w- c:\program files (x86)\Panda Security
2013-03-23 19:45 . 2013-03-23 19:45 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-03-23 19:42 . 2013-03-23 19:42 -------- d-----w- c:\program files (x86)\RealNetworks
2013-03-23 19:42 . 2013-03-23 19:42 -------- d-----w- c:\programdata\RealNetworks
2013-03-23 19:42 . 2013-03-23 19:42 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2013-03-23 19:38 . 2013-03-23 19:38 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-23 19:38 . 2013-03-23 19:38 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-23 19:38 . 2013-03-23 19:38 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-23 19:38 . 2013-03-23 19:38 188320 ----a-w- c:\windows\system32\java.exe
2013-03-23 19:38 . 2013-03-23 19:38 -------- d-----w- c:\program files\Java
2013-03-20 20:12 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-13 22:01 . 2013-03-13 22:01 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-13 22:01 . 2013-03-13 22:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-05 20:05 . 2013-03-25 11:49 -------- d-----w- c:\users\LogMeInRemoteUser
2013-03-05 02:15 . 2013-03-05 02:15 -------- d-----w- c:\users\Carl's office\AppData\Local\LogMeIn
2013-03-05 02:15 . 2013-01-25 21:37 60776 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
2013-03-05 02:15 . 2013-01-25 21:38 88448 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-03-05 02:15 . 2013-01-25 21:37 35688 ----a-w- c:\windows\system32\LMIport.dll
2013-03-05 02:15 . 2012-11-29 16:56 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2013-03-05 02:15 . 2012-11-29 16:56 11552 ----a-w- c:\windows\system32\drivers\lmimirr.sys
2013-03-05 02:15 . 2013-01-25 21:37 84328 ----a-w- c:\windows\system32\LMIinit.dll
2013-03-05 02:14 . 2013-03-25 10:47 -------- d-----w- c:\programdata\LogMeIn
2013-03-05 02:14 . 2013-03-05 20:05 -------- d-----w- c:\program files (x86)\LogMeIn
2013-03-02 15:25 . 2013-03-02 15:25 -------- d-----w- c:\program files\iPod
2013-03-02 15:25 . 2013-03-02 15:26 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-02 15:25 . 2013-03-02 15:26 -------- d-----w- c:\program files\iTunes
2013-03-02 15:25 . 2013-03-02 15:26 -------- d-----w- c:\program files (x86)\iTunes
2013-02-26 23:49 . 2013-02-17 06:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-02-26 23:13 . 2013-02-26 23:13 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-23 20:58 . 2013-02-23 20:59 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-25 12:15 . 2011-11-08 01:12 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2013-03-23 19:38 . 2011-12-14 00:57 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-23 19:38 . 2011-12-14 00:57 1085344 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-19 12:44 . 2012-03-31 13:20 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-19 12:44 . 2011-06-14 01:45 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 22:21 . 2010-09-01 00:16 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-12 11:35 . 2013-02-12 11:37 173128 ----a-w- c:\windows\system32\g2ax_credential_provider64_498.dll
2013-02-12 05:45 . 2013-03-13 10:50 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 10:50 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 10:50 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 10:50 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 10:50 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 10:50 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-29 23:15 . 2013-01-29 23:15 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2013-01-29 23:15 . 2013-01-29 23:15 828872 ----a-w- c:\windows\system32\msvcr110.dll
2013-01-29 23:15 . 2013-01-29 23:15 661448 ----a-w- c:\windows\system32\msvcp110.dll
2013-01-29 23:15 . 2013-01-29 23:15 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2013-01-29 23:15 . 2013-01-29 23:15 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2013-01-29 23:15 . 2013-01-29 23:15 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2013-01-29 23:15 . 2013-01-29 23:15 50800 ----a-w- c:\windows\system32\drivers\point64.sys
2013-01-29 23:15 . 2013-01-29 23:15 29312 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2013-01-24 15:32 . 2013-01-24 15:32 2177648 ----a-w- c:\windows\system32\coin93.dll
2013-01-05 05:53 . 2013-02-13 11:55 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 11:55 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 11:55 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 11:55 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 11:55 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 11:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 11:55 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 11:55 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 11:55 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 11:55 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 11:55 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 11:55 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 11:55 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ACTSchedulerUI"="c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.UI.exe" [2011-11-16 557056]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
c:\users\Carl's office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DING!.lnk - c:\program files (x86)\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
Dropbox.lnk - c:\users\Carl's office\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-3-19 1086816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-30 35840]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2010-02-24 726816]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2011-12-16 27584]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-30 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 44896]
R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 370016]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S2 ActService;ACT! Service Host;c:\program files (x86)\ACT\Act for Windows\Act.Server.Host.exe [2011-11-16 18432]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-01-25 376168]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-11-29 15928]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2011-06-18 43040096]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056]
S2 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2011-11-16 81920]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2011-12-16 25504]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-26 75904]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
S3 LVUVC64;Logitech QuickCam S7500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2013-01-29 50800]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1301504]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-12 20:59 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 12:44]
.
2013-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-19 11:47]
.
2013-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-19 11:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-11-29 57928]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
TCP: DhcpNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} - hxxp://optimum.net/downloads/TNetworkScannerXControl.ocx
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
.
**************************************************************************
.
Completion time: 2013-03-25  08:24:26 - machine was rebooted
ComboFix-quarantined-files.txt  2013-03-25 12:24
ComboFix2.txt  2013-03-25 00:17
ComboFix3.txt  2011-11-19 15:28
ComboFix4.txt  2011-11-19 03:28
.
Pre-Run: 107,988,307,968 bytes free
Post-Run: 107,504,177,152 bytes free
.
- - End Of File - - 00E2DF8FEDF801374DEED4B95D22C507

 

And here is the log from Spohos:

 

2013-03-25 08:27:02 Sophos Virus Removal Tool version 2.3
2013-03-25 08:27:02 Copyright © 2009-2012 Sophos Limited. All rights reserved.

2013-03-25 08:27:02 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-03-25 08:27:02 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW64
2013-03-25 08:27:02 Checking for updates...
2013-03-25 08:27:07 Update progress: proxy server not available
2013-03-25 08:27:23 Option all = no
2013-03-25 08:27:23 Option recurse = yes
2013-03-25 08:27:23 Option archive = no
2013-03-25 08:27:23 Option service = yes
2013-03-25 08:27:23 Option confirm = yes
2013-03-25 08:27:23 Option sxl = yes
2013-03-25 08:27:23 Option max-data-age = 35
2013-03-25 08:27:23 Component SVRTcli.exe version 2.3
2013-03-25 08:27:23 Component control.dll version 2.3
2013-03-25 08:27:23 Component SVRTservice.exe version 2.3
2013-03-25 08:27:23 Component engine\osdp.dll version 1.44.0.2060
2013-03-25 08:27:23 Component engine\veex.dll version 3.41.0.2060
2013-03-25 08:27:23 Component engine\savi.dll version 7.5.11.2060
2013-03-25 08:27:23 Component rkdisk.dll version 1.5.30.0
2013-03-25 08:27:23 Version info: Product version 2.3
2013-03-25 08:27:23 Version info: Detection engine 3.41.0
2013-03-25 08:27:23 Version info: Detection data 4.87
2013-03-25 08:27:23 Version info: Build date 3/13/2013
2013-03-25 08:27:23 Version info: Data files added 344
2013-03-25 08:27:23 Version info: Last successful update (not yet updated)
2013-03-25 08:27:48 Downloading updates...
2013-03-25 08:27:49 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2013-03-25 08:27:49 Update progress: [I49502] Found supplement SAVIW32 LATEST 4
2013-03-25 08:27:49 Update progress: [I49502] Found supplement IDE488 LATEST
2013-03-25 08:27:49 Update progress: [I49502] Found supplement IDE489 LATEST
2013-03-25 08:27:49 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2013-03-25 08:27:49 Update progress: [I19463] Syncing product SAVIW32 25
2013-03-25 08:27:52 Update progress: [I19463] Syncing product IDE488 180
2013-03-25 08:27:54 Installing updates...
2013-03-25 08:27:54 Update progress: [I19463] Syncing product IDE489 166
2013-03-25 08:28:18 Update successful
2013-03-25 08:28:43 Option all = no
2013-03-25 08:28:43 Option recurse = yes
2013-03-25 08:28:43 Option archive = no
2013-03-25 08:28:43 Option service = yes
2013-03-25 08:28:43 Option confirm = yes
2013-03-25 08:28:43 Option sxl = yes
2013-03-25 08:28:43 Option max-data-age = 35
2013-03-25 08:28:43 Component SVRTcli.exe version 2.3
2013-03-25 08:28:43 Component control.dll version 2.3
2013-03-25 08:28:43 Component SVRTservice.exe version 2.3
2013-03-25 08:28:43 Component engine\osdp.dll version 1.44.0.2060
2013-03-25 08:28:43 Component engine\veex.dll version 3.41.0.2060
2013-03-25 08:28:43 Component engine\savi.dll version 7.5.11.2060
2013-03-25 08:28:43 Component rkdisk.dll version 1.5.30.0
2013-03-25 08:28:43 Version info: Product version 2.3
2013-03-25 08:28:43 Version info: Detection engine 3.41.0
2013-03-25 08:28:43 Version info: Detection data 4.87G
2013-03-25 08:28:43 Version info: Build date 3/13/2013
2013-03-25 08:28:43 Version info: Data files added 344
2013-03-25 08:28:43 Version info: Last successful update 3/25/2013 8:28:18 AM

2013-03-25 08:29:27 Couldn't apply option 'SXLLiveProtection' to the detection engine.
2013-03-25 09:51:40 Could not open C:\Boot\BCD
2013-03-25 09:51:46 Could not open C:\hiberfil.sys
2013-03-25 09:51:48 Could not open C:\pagefile.sys
2013-03-25 10:19:09 Could not open C:\System Volume Information\{13004670-93ef-11e2-8db3-485b39f26fb4}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-03-25 10:19:09 Could not open C:\System Volume Information\{13004675-93ef-11e2-8db3-485b39f26fb4}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-03-25 10:19:09 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-03-25 10:19:09 Could not open C:\System Volume Information\{527960b9-9213-11e2-a648-485b39f26fb4}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-03-25 10:19:09 Could not open C:\System Volume Information\{59fdee90-9545-11e2-be86-485b39f26fb4}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-03-25 10:19:09 Could not open C:\System Volume Information\{7777f990-93f2-11e2-91cd-485b39f26fb4}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-03-25 10:19:09 Could not open C:\System Volume Information\{7777fa02-93f2-11e2-91cd-485b39f26fb4}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-03-25 10:19:09 Could not open C:\System Volume Information\{a1d7932d-92dc-11e2-b383-485b39f26fb4}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-03-25 10:19:09 Could not open C:\System Volume Information\{a1d79391-92dc-11e2-b383-485b39f26fb4}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-03-25 10:19:09 Could not open C:\System Volume Information\{c61ba767-9477-11e2-b8af-485b39f26fb4}{3808876b-c176-4e48-b7ae-04046e6cc752}
2013-03-25 10:27:02 Could not check C:\Users\Carl's office\Documents\CI 102 New Edition\New PPTS 4-8-10\102 M1 Intro to Market Analysis 03112010.ppt (corrupt)
2013-03-25 10:28:15 Could not check C:\Users\Carl's office\Documents\Max's 10th grade\James.doc (corrupt)
2013-03-25 10:28:16 Could not check C:\Users\Carl's office\Documents\Max's 10th grade\stoker.doc (corrupt)
2013-03-25 10:30:02 Could not check C:\Users\Carl's office\Documents\My Dropbox\CI 102 New Edition\New PPTS 4-8-10\102 M1 Intro to Market Analysis 03112010.ppt (corrupt)
2013-03-25 10:44:49 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2013-03-25 10:44:49 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2013-03-25 11:24:40 Could not check D:\copy\Documents and Settings\HP_Administrator\My Documents\CI 102 New Edition\New PPTS 4-8-10\102 M1 Intro to Market Analysis 03112010.ppt (corrupt)
2013-03-25 11:25:34 Could not check D:\copy\Documents and Settings\HP_Administrator\My Documents\Max's 10th grade\James.doc (corrupt)
2013-03-25 11:25:35 Could not check D:\copy\Documents and Settings\HP_Administrator\My Documents\Max's 10th grade\stoker.doc (corrupt)
2013-03-25 11:52:23 Could not open LOGICAL:0006:00000000
2013-03-25 11:52:23 Could not open G:\
2013-03-25 11:52:23 Could not open LOGICAL:0007:00000000
2013-03-25 11:52:23 Could not open H:\
2013-03-25 11:52:23 Could not open LOGICAL:0008:00000000
2013-03-25 11:52:23 Could not open I:\
2013-03-25 11:52:23 Could not open LOGICAL:0009:00000000
2013-03-25 11:52:23 Could not open J:\
2013-03-25 11:52:23 Could not open PHYSICAL:0081:0000:0000:0001
2013-03-25 11:52:23 Could not open PHYSICAL:0082:0000:0000:0001
2013-03-25 11:52:23 Could not open PHYSICAL:0083:0000:0000:0001
2013-03-25 11:52:23 Could not open PHYSICAL:0084:0000:0000:0001


 



#10 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 25 March 2013 - 06:35 PM

Do you have any drive's that you have been unable to properly open or have had data corruption problems?

When you ran DDS, among other errors there was this:

3/23/2013 11:53:27 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk5\DR5.
3/19/2013 7:02:26 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
3/19/2013 6:29:42 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR6.
3/17/2013 9:26:15 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk5\DR6.


And when you ran Sophos Virus Removal Tool, corrupt files, and drives that could not be opened.

2013-03-25 10:27:02 Could not check C:\Users\Carl's office\Documents\CI 102 New Edition\New PPTS 4-8-10\102 M1 Intro to Market Analysis 03112010.ppt (corrupt)
2013-03-25 10:28:15 Could not check C:\Users\Carl's office\Documents\Max's 10th grade\James.doc (corrupt)
2013-03-25 10:28:16 Could not check C:\Users\Carl's office\Documents\Max's 10th grade\stoker.doc (corrupt)
2013-03-25 10:30:02 Could not check C:\Users\Carl's office\Documents\My Dropbox\CI 102 New Edition\New PPTS 4-8-10\102 M1 Intro to Market Analysis 03112010.ppt (corrupt)
2013-03-25 10:44:49 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2013-03-25 10:44:49 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2013-03-25 11:24:40 Could not check D:\copy\Documents and Settings\HP_Administrator\My Documents\CI 102 New Edition\New PPTS 4-8-10\102 M1 Intro to Market Analysis 03112010.ppt (corrupt)
2013-03-25 11:25:34 Could not check D:\copy\Documents and Settings\HP_Administrator\My Documents\Max's 10th grade\James.doc (corrupt)
2013-03-25 11:25:35 Could not check D:\copy\Documents and Settings\HP_Administrator\My Documents\Max's 10th grade\stoker.doc (corrupt)
2013-03-25 11:52:23 Could not open LOGICAL:0006:00000000
2013-03-25 11:52:23 Could not open G:\
2013-03-25 11:52:23 Could not open LOGICAL:0007:00000000
2013-03-25 11:52:23 Could not open H:\
2013-03-25 11:52:23 Could not open LOGICAL:0008:00000000
2013-03-25 11:52:23 Could not open I:\
2013-03-25 11:52:23 Could not open LOGICAL:0009:00000000
2013-03-25 11:52:23 Could not open J:\
2013-03-25 11:52:23 Could not open PHYSICAL:0081:0000:0000:0001
2013-03-25 11:52:23 Could not open PHYSICAL:0082:0000:0000:0001
2013-03-25 11:52:23 Could not open PHYSICAL:0083:0000:0000:0001
2013-03-25 11:52:23 Could not open PHYSICAL:0084:0000:0000:0001


 

Download RogueKiller (by tigzy) and save it to your the desktop

  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

 

This next step will take a while to complete.
 
Read all these directions before proceeding.

Be sure to read these:
Download Kaspersky Rescue Disk 10
How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?
How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that.  The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like BurnAware Free or ImgBurn that can burn an .ISO image.  A CD/DVD is best as there is no way anything can write on it after it is made.

Summarizing:

  • Go to a clean PC.
  • Download the .iso image file.
  • Create a CD (or flash drive if you prefer).
  • At the infected PC: put the disk in the drive and reboot.

Follow the directions here, but you will find some differences.  

 Familiarize yourself with How to create a report file in Kaspersky Rescue Disk 10?

Print the following directions:
 
Boot from Kaspersky Rescue Disk 10:

  • Insert the Kaspersky Rescue Disk CD into your CD/DVD drive and boot the computer (you may need to change the boot sequence in your system's BIOS to boot from the CD/DVD drive).
  • Press any key. A loading wizard will start (you will see the menu to
    select the required language). If you do not press any key in 10
    seconds, the computer boots from hard drive automatically.
  • Select the required interface language using the arrow-keys on your keyboard.
  • Press the Enter key on the keyboard.
  • In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode
  • Click Enter.
  • Click '1' to accept the agreement.
  • Select operating system from dropdown menu (select Windows whatever)
  • Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:
  • Click My Update Center and update if any available
  • Back to other tab and click Start Object Scan (this may take several hours)
  • When scan has completed save a report:
    • On the upper part of the Kaspersky Rescue Disk window, click on the Report link.
    • On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.
    • On the upper right hand corner of the Detailed report window, click on the Save button.
    • After clicking Detailed Report and 'SAVE', a browse window opens. 
    • Double-click on the \
    • Click 'disks'.
    • All your drives will be shown and you can easily double-click C and save the report to C:\KasperskyRescueDisk10.txt.
    • Click on the Save button.
    • The report has been saved to the file.
  • Remove the disk from the drive (or disconnect USB) and reboot normally.

 

Please post the log from Kaspersky Rescue Disk, the log from RogueKiller, and note any errors encountered.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#11 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 27 March 2013 - 05:40 AM

Sorry for the delay, been very busy...the only "error" and it might not be an error, I have 2 reports from RogueKiller.  Don't know how that happened, but I've posted both for your review.  And after those, I've posted the KasperskyRescueDisk10.txt...And yes, my CD ROM drive has given me a problem for a long time.  The only way I can open the drawer is to go into Explorer, right click on the CD drive and click on eject.  Pushing the button on the front of the PC does not open it.  Let me know how to proceed, and thanks again. 

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Carl's office [Admin rights]
Mode : Scan -- Date : 03/25/2013 21:20:23
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT721064SLA360 ATA Device +++++
--- User ---
[MBR] 33cbfbc362fafaf7d803cf8d2037917e
[BSP] b7f1af624ca415852c3eb9ae77b37bea : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 2048 | Size: 19024 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 38963200 | Size: 244190 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 539064320 | Size: 347264 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03252013_02d2120.txt >>
RKreport[1]_S_03252013_02d2120.txt

 

...The 2nd Report...

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Carl's office [Admin rights]
Mode : HOSTSFix -- Date : 03/25/2013 21:21:58
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ Reset HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[2]_H_03252013_02d2121.txt >>
RKreport[1]_S_03252013_02d2120.txt ; RKreport[2]_H_03252013_02d2121.txt

 

And the Kaspersky report

 

Objects Scan: completed 10 hours ago   (events: 2, objects: 2416, time: 00:02:27) 
3/26/13 9:18 PM Task completed   
3/26/13 9:16 PM Task started   
Objects Scan: completed 47 minutes ago   (events: 66, objects: 2290948, time: 09:18:12) 
3/27/13 6:37 AM Task completed   
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2012-0507.j C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/Ner.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2012-0507.j C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/Ner.class  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2012-0507.j C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/ka.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2012-0507.j C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/ka.class  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2011-3544.fr C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/2dd7e246-7a6a1510/Wiki.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2011-3544.fr C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/2dd7e246-7a6a1510/Wiki.class  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2011-3544.ka C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/n.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2011-3544.ka C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/n.class  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2011-3544.ka C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/m.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2011-3544.ka C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/m.class  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2011-3544.ka C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/Inc.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2011-3544.ka C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/Inc.class  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2012-0507.hz C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/16/155b5a50-77e57384/sysa/sysc.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2012-0507.hz C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/16/155b5a50-77e57384/sysa/sysc.class  
3/27/13 6:37 AM Untreated: Trojan.Win32.FakeAV.niuy C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/12/3a3f800c-410f00fb/gydhsxyxo Write not supported 
3/27/13 6:37 AM Detected: Trojan.Win32.FakeAV.niuy C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/12/3a3f800c-410f00fb/gydhsxyxo  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2012-0507.j /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/Ner.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2012-0507.j /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/Ner.class  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2012-0507.j /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/ka.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2012-0507.j /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/ka.class  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2011-3544.fr /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/2dd7e246-7a6a1510/Wiki.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2011-3544.fr /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/2dd7e246-7a6a1510/Wiki.class  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2011-3544.ka /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/n.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2011-3544.ka /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/n.class  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2011-3544.ka /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/m.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2011-3544.ka /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/m.class  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2011-3544.ka /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/Inc.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2011-3544.ka /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/Inc.class  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2012-0507.hz /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/16/155b5a50-77e57384/sysa/sysc.class Write not supported 
3/27/13 6:36 AM Detected: Exploit.Java.CVE-2012-0507.hz /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/16/155b5a50-77e57384/sysa/sysc.class  
3/27/13 6:36 AM Untreated: Trojan.Win32.FakeAV.niuy /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/12/3a3f800c-410f00fb/gydhsxyxo Write not supported 
3/27/13 12:59 AM Detected: Trojan.Win32.FakeAV.niuy /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/12/3a3f800c-410f00fb/gydhsxyxo  
3/27/13 12:02 AM Untreated: Exploit.Java.CVE-2012-0507.j /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/Ner.class Postponed 
3/27/13 12:02 AM Detected: Exploit.Java.CVE-2012-0507.j /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/Ner.class  
3/27/13 12:02 AM Untreated: Exploit.Java.CVE-2012-0507.j /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/ka.class Postponed 
3/27/13 12:02 AM Detected: Exploit.Java.CVE-2012-0507.j /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/ka.class  
3/27/13 12:02 AM Untreated: Exploit.Java.CVE-2011-3544.fr /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/2dd7e246-7a6a1510/Wiki.class Postponed 
3/27/13 12:02 AM Detected: Exploit.Java.CVE-2011-3544.fr /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/2dd7e246-7a6a1510/Wiki.class  
3/27/13 12:02 AM Untreated: Exploit.Java.CVE-2011-3544.ka /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/n.class Postponed 
3/27/13 12:02 AM Detected: Exploit.Java.CVE-2011-3544.ka /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/n.class  
3/27/13 12:02 AM Untreated: Exploit.Java.CVE-2011-3544.ka /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/m.class Postponed 
3/27/13 12:02 AM Detected: Exploit.Java.CVE-2011-3544.ka /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/m.class  
3/27/13 12:02 AM Untreated: Exploit.Java.CVE-2011-3544.ka /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/Inc.class Postponed 
3/27/13 12:02 AM Detected: Exploit.Java.CVE-2011-3544.ka /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/Inc.class  
3/27/13 12:01 AM Untreated: Exploit.Java.CVE-2012-0507.hz /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/16/155b5a50-77e57384/sysa/sysc.class Postponed 
3/27/13 12:01 AM Detected: Exploit.Java.CVE-2012-0507.hz /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/16/155b5a50-77e57384/sysa/sysc.class  
3/27/13 12:01 AM Untreated: Trojan.Win32.FakeAV.niuy /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/12/3a3f800c-410f00fb/gydhsxyxo Postponed 
3/27/13 12:01 AM Detected: Trojan.Win32.FakeAV.niuy /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/12/3a3f800c-410f00fb/gydhsxyxo  
3/26/13 10:11 PM Untreated: Exploit.Java.CVE-2012-0507.j C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/Ner.class Postponed 
3/26/13 10:11 PM Detected: Exploit.Java.CVE-2012-0507.j C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/Ner.class  
3/26/13 10:11 PM Untreated: Exploit.Java.CVE-2012-0507.j C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/ka.class Postponed 
3/26/13 10:11 PM Detected: Exploit.Java.CVE-2012-0507.j C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/ka.class  
3/26/13 10:10 PM Untreated: Exploit.Java.CVE-2011-3544.fr C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/2dd7e246-7a6a1510/Wiki.class Postponed 
3/26/13 10:10 PM Detected: Exploit.Java.CVE-2011-3544.fr C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/2dd7e246-7a6a1510/Wiki.class  
3/26/13 10:10 PM Untreated: Exploit.Java.CVE-2011-3544.ka C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/n.class Postponed 
3/26/13 10:10 PM Detected: Exploit.Java.CVE-2011-3544.ka C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/n.class  
3/26/13 10:10 PM Untreated: Exploit.Java.CVE-2011-3544.ka C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/m.class Postponed 
3/26/13 10:10 PM Detected: Exploit.Java.CVE-2011-3544.ka C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/m.class  
3/26/13 10:10 PM Untreated: Exploit.Java.CVE-2011-3544.ka C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/Inc.class Postponed 
3/26/13 10:10 PM Detected: Exploit.Java.CVE-2011-3544.ka C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/Inc.class  
3/26/13 10:10 PM Untreated: Exploit.Java.CVE-2012-0507.hz C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/16/155b5a50-77e57384/sysa/sysc.class Postponed 
3/26/13 10:10 PM Detected: Exploit.Java.CVE-2012-0507.hz C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/16/155b5a50-77e57384/sysa/sysc.class  
3/26/13 10:09 PM Untreated: Trojan.Win32.FakeAV.niuy C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/12/3a3f800c-410f00fb/gydhsxyxo Postponed 
3/26/13 10:09 PM Detected: Trojan.Win32.FakeAV.niuy C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/12/3a3f800c-410f00fb/gydhsxyxo  
3/26/13 9:18 PM Task started   
 


Edited by Carlgrus, 27 March 2013 - 05:44 AM.


#12 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 27 March 2013 - 08:48 PM

I have 2 reports from RogueKiller.  Don't know how that happened, but I've posted both for your review.



It looks like you deleted what it found, and the second report is after the items it found were deleted. That's fine.

yes, my CD ROM drive has given me a problem for a long time.  The only way I can open the drawer is to go into Explorer, right click on the CD drive and click on eject.  Pushing the button on the front of the PC does not open it.



That would appear to be a hardware problem. Replacing the CD drive might fix the problem, but since the error said controller error, there may not be anything you can do to fix that if the controller is on the motherboard short of replacing the motherboard. If the system is still under warranty, I would check with the vendor.

The items that Kaspersky found were mostly in the Java cache, but it appears that they were not removed. Some of them though said they were from a mounted device, and write was not supported. Have you ever done a backup in Windows? If so, some of those detections might have been in the backup. Did you have an option to delete an archive?

One thing to consider is do you really need Java installed? Do you have any programs or web sites that require it? If not, I would recommend you uninstall it, there have just been too many Java vulnerabilities identified recently, one after the other.

If you chose to simply uninstall Java, go to Control Panel > Programs and Features, and uninstall Java. SInce you have an x64 version of Windows, if you have both the x86 and x64 version of Java installed, you will have to uninstall both version.

Then you will need to delete the following folder:
C:/Users/Carl's office/AppData/LocalLow/Sun

 

You may need to show hidden files and folder to do that. If that's the case:

 

Reconfigure Windows to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

 

Then delete the folder, and after that, you need to reverse the process to re-hide hidden files and folders.

If instead you chose to keep Java installed, you will need to clear the Java Cache, then uninstall Java (again both x86 and x64 versions if both are installed), and then download and install the current version.

To clear the Java Cache in your current installed version of Java:

  • Click Start > Control Panel.
  • Double-click the Java icon in the control panel.
    -The Java Control Panel appears.
  • Click Settings under Temporary Internet Files.
    -The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    -The Delete Temporary Files dialog box appears.
    -There are two options on this window to clear the cache.
    • Applications and Applets
    • Trace and Log Files
  • Click OK on Delete Temporary Files window.
    -Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click OK on Temporary Files Settings window.
  • Close the Java Control Panel

Then you need to update your Java:

 

 

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) 7.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, click the "Accept License Agreement" button.
  • Download the file for Windows x86 Offline (jre-7u17-windows-i586.exe) and jre-7u17-windows-x64.exe (you need both x86 and 64-bit versions) and save to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
    • Java™ 6 Update 24
  • Then from your Desktop double-click on the new versions you downloaded and install them.
  • Even better with all the recent Java vulnerabilities would be to not reinstall if you don't have any requirement for Java.
  • If you do reinstall it, I recommend you go to Control Panel > Java, and when the Java Control Panel opens, click the Security tab and uncheck the box for :Enable Java content in the browser".

 

Again, however, you owuld be more secure if you simply uninstalled Java and did not reinstall. If you later found that you had a program or web site that required it, you could simply reinstall it at that point.

 

As a double-check, after doing the above I would run Kaspersky Rescue Disk again and post a new log, and let me know if you updated or removed Java.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#13 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 28 March 2013 - 04:47 PM

I completely removed Java.  If I need it in the future I'll reinstall it.  I ran Kaspersky again, and attached the log file below.  Nothing has changed, I'm still receiving the "program is blocked by group policy" on a number of programs.  And then I can't open them.  Like, Malwarebytes,  AVG, my virus and internet protection - it won't start at all, and others...so, I'm very frustrated.  I hope you can help.  Thanks,

 

Objects Scan: completed 2 hours ago   (events: 2, objects: 2062250, time: 03:30:40) 
3/28/13 12:32 PM Task started   
3/28/13 4:02 PM Task completed   
Objects Scan: completed 1 day ago   (events: 66, objects: 2290948, time: 09:18:12) 
3/27/13 6:37 AM Task completed   
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2012-0507.j C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/Ner.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2012-0507.j C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/Ner.class  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2012-0507.j C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/ka.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2012-0507.j C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/ka.class  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2011-3544.fr C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/2dd7e246-7a6a1510/Wiki.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2011-3544.fr C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/2dd7e246-7a6a1510/Wiki.class  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2011-3544.ka C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/n.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2011-3544.ka C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/n.class  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2011-3544.ka C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/m.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2011-3544.ka C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/m.class  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2011-3544.ka C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/Inc.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2011-3544.ka C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/Inc.class  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2012-0507.hz C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/16/155b5a50-77e57384/sysa/sysc.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2012-0507.hz C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/16/155b5a50-77e57384/sysa/sysc.class  
3/27/13 6:37 AM Untreated: Trojan.Win32.FakeAV.niuy C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/12/3a3f800c-410f00fb/gydhsxyxo Write not supported 
3/27/13 6:37 AM Detected: Trojan.Win32.FakeAV.niuy C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/12/3a3f800c-410f00fb/gydhsxyxo  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2012-0507.j /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/Ner.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2012-0507.j /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/Ner.class  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2012-0507.j /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/ka.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2012-0507.j /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/ka.class  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2011-3544.fr /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/2dd7e246-7a6a1510/Wiki.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2011-3544.fr /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/2dd7e246-7a6a1510/Wiki.class  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2011-3544.ka /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/n.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2011-3544.ka /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/n.class  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2011-3544.ka /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/m.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2011-3544.ka /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/m.class  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2011-3544.ka /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/Inc.class Write not supported 
3/27/13 6:37 AM Detected: Exploit.Java.CVE-2011-3544.ka /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/Inc.class  
3/27/13 6:37 AM Untreated: Exploit.Java.CVE-2012-0507.hz /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/16/155b5a50-77e57384/sysa/sysc.class Write not supported 
3/27/13 6:36 AM Detected: Exploit.Java.CVE-2012-0507.hz /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/16/155b5a50-77e57384/sysa/sysc.class  
3/27/13 6:36 AM Untreated: Trojan.Win32.FakeAV.niuy /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/12/3a3f800c-410f00fb/gydhsxyxo Write not supported 
3/27/13 12:59 AM Detected: Trojan.Win32.FakeAV.niuy /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/12/3a3f800c-410f00fb/gydhsxyxo  
3/27/13 12:02 AM Untreated: Exploit.Java.CVE-2012-0507.j /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/Ner.class Postponed 
3/27/13 12:02 AM Detected: Exploit.Java.CVE-2012-0507.j /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/Ner.class  
3/27/13 12:02 AM Untreated: Exploit.Java.CVE-2012-0507.j /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/ka.class Postponed 
3/27/13 12:02 AM Detected: Exploit.Java.CVE-2012-0507.j /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/ka.class  
3/27/13 12:02 AM Untreated: Exploit.Java.CVE-2011-3544.fr /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/2dd7e246-7a6a1510/Wiki.class Postponed 
3/27/13 12:02 AM Detected: Exploit.Java.CVE-2011-3544.fr /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/2dd7e246-7a6a1510/Wiki.class  
3/27/13 12:02 AM Untreated: Exploit.Java.CVE-2011-3544.ka /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/n.class Postponed 
3/27/13 12:02 AM Detected: Exploit.Java.CVE-2011-3544.ka /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/n.class  
3/27/13 12:02 AM Untreated: Exploit.Java.CVE-2011-3544.ka /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/m.class Postponed 
3/27/13 12:02 AM Detected: Exploit.Java.CVE-2011-3544.ka /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/m.class  
3/27/13 12:02 AM Untreated: Exploit.Java.CVE-2011-3544.ka /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/Inc.class Postponed 
3/27/13 12:02 AM Detected: Exploit.Java.CVE-2011-3544.ka /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/Inc.class  
3/27/13 12:01 AM Untreated: Exploit.Java.CVE-2012-0507.hz /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/16/155b5a50-77e57384/sysa/sysc.class Postponed 
3/27/13 12:01 AM Detected: Exploit.Java.CVE-2012-0507.hz /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/16/155b5a50-77e57384/sysa/sysc.class  
3/27/13 12:01 AM Untreated: Trojan.Win32.FakeAV.niuy /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/12/3a3f800c-410f00fb/gydhsxyxo Postponed 
3/27/13 12:01 AM Detected: Trojan.Win32.FakeAV.niuy /mnt/MountedDevices/PD-CB5BD2B2-00000004A5100000/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/12/3a3f800c-410f00fb/gydhsxyxo  
3/26/13 10:11 PM Untreated: Exploit.Java.CVE-2012-0507.j C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/Ner.class Postponed 
3/26/13 10:11 PM Detected: Exploit.Java.CVE-2012-0507.j C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/Ner.class  
3/26/13 10:11 PM Untreated: Exploit.Java.CVE-2012-0507.j C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/ka.class Postponed 
3/26/13 10:11 PM Detected: Exploit.Java.CVE-2012-0507.j C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/63/46f2fdff-4e0aa722/ka/ka.class  
3/26/13 10:10 PM Untreated: Exploit.Java.CVE-2011-3544.fr C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/2dd7e246-7a6a1510/Wiki.class Postponed 
3/26/13 10:10 PM Detected: Exploit.Java.CVE-2011-3544.fr C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/6/2dd7e246-7a6a1510/Wiki.class  
3/26/13 10:10 PM Untreated: Exploit.Java.CVE-2011-3544.ka C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/n.class Postponed 
3/26/13 10:10 PM Detected: Exploit.Java.CVE-2011-3544.ka C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/n.class  
3/26/13 10:10 PM Untreated: Exploit.Java.CVE-2011-3544.ka C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/m.class Postponed 
3/26/13 10:10 PM Detected: Exploit.Java.CVE-2011-3544.ka C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/m.class  
3/26/13 10:10 PM Untreated: Exploit.Java.CVE-2011-3544.ka C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/Inc.class Postponed 
3/26/13 10:10 PM Detected: Exploit.Java.CVE-2011-3544.ka C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/35/1acc6b23-37cd6c21/Inc.class  
3/26/13 10:10 PM Untreated: Exploit.Java.CVE-2012-0507.hz C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/16/155b5a50-77e57384/sysa/sysc.class Postponed 
3/26/13 10:10 PM Detected: Exploit.Java.CVE-2012-0507.hz C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/16/155b5a50-77e57384/sysa/sysc.class  
3/26/13 10:09 PM Untreated: Trojan.Win32.FakeAV.niuy C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/12/3a3f800c-410f00fb/gydhsxyxo Postponed 
3/26/13 10:09 PM Detected: Trojan.Win32.FakeAV.niuy C:/Users/Carl's office/AppData/LocalLow/Sun/Java/Deployment/cache/6.0/12/3a3f800c-410f00fb/gydhsxyxo  
3/26/13 9:18 PM Task started   
Objects Scan: completed 1 day ago   (events: 2, objects: 2416, time: 00:02:27) 
3/26/13 9:18 PM Task completed   
3/26/13 9:16 PM Task started   
 



#14 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 28 March 2013 - 07:29 PM

There's still a problem with the Kaspersky scan. It shows the detections as untreated, which means not deleted or quarantined, and again some of them look like they may have been from an archive. Did you ever use the Windows backup program to create a backup image?

 

Please download Rkill by Grinler from one of these links:

Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif

Save rkill.exe to your Desktop.
Double-click on rkill.exe to run it.
If the first one does not run successfully, try the other copies and see if one of them will run.

After the utility completes it will create a log on the desktop, rkill.txt.
Please post that log in your next reply.

 

For this next step, please ensure that ComboFix.exe is on your desktop:

Please open Notepad *Do Not Use Wordpad!* (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" and change the "Save as type" to "All Files" and place it on your desktop.
 

Killall::
ClearJavaCache::
Folder::
C:\Users\Carl's office\AppData\LocalLow\Sun


Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that log in your next reply.

 

 

Please download tdsskiller.exe and save it to your Desktop. Go here for information.

  • Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button.
    - A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt).
  • Please copy and paste the contents of that file in your next reply.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

 

Please post the log from Rkill (rkill.txt.), the log from ComboFix (C:\ComboFix.txt), the log from TDSSKiller, answer the question about having used Windows Backup, and note any errors encountered.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#15 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 29 March 2013 - 05:51 AM

I never did a Windows backup to make an image...when the ComboFix scan was over I did get a window that popped up saying:  "Microsoft .NET Framework:  Unhandled exception has occurred in your application.  If you click Continue, the application will ignore this error and attempt to continue.  If you click Quit the application will close immediately.  Illegal application attempted on a registry key that has been marked for deletion". I clicked Continue, and it just kept popping back up, so after a few tries, I clicked on Quit, and it went away. 

 

When Rkill started, it told me to turn off AVG and Spybot....I was unable to do that, I keep getting the message again, that "Program is blocked by group policy". I've posted the log from Rkill, the log from ComboFix, and the log from TDSSKiller...thanks...

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingc...opic308364.html

Program started at: 03/28/2013 10:51:17 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1 localhost

Program finished at: 03/28/2013 10:51:40 PM
Execution time: 0 hours(s), 0 minute(s), and 23 seconds(s)

 

ComboFix log:

 

ComboFix 13-03-28.01 - Carl's office 03/28/2013  23:01:22.5.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.1761 [GMT -4:00]
Running from: c:\users\Carl's office\Desktop\ComboFix.exe
Command switches used :: c:\users\Carl's office\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-28 to 2013-03-29  )))))))))))))))))))))))))))))))
.
.
2013-03-29 03:16 . 2013-03-29 03:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-03-29 03:16 . 2013-03-29 03:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-29 03:16 . 2013-03-29 03:16 -------- d-----w- c:\users\CARLS OFFICE\AppData\Local\temp
2013-03-25 22:02 . 2012-06-01 05:36 192000 ----a-w- c:\windows\system32\iisRtl.dll
2013-03-25 22:02 . 2012-06-01 05:34 55296 ----a-w- c:\windows\system32\admwprox.dll
2013-03-25 22:02 . 2012-06-01 04:37 154624 ----a-w- c:\windows\SysWow64\iisRtl.dll
2013-03-25 22:02 . 2012-06-01 04:35 50688 ----a-w- c:\windows\SysWow64\admwprox.dll
2013-03-25 22:02 . 2012-06-01 05:35 60928 ----a-w- c:\windows\system32\ahadmin.dll
2013-03-25 22:02 . 2012-06-01 05:33 16896 ----a-w- c:\windows\system32\iisreset.exe
2013-03-25 22:02 . 2012-06-01 04:34 15360 ----a-w- c:\windows\SysWow64\iisreset.exe
2013-03-25 22:02 . 2012-06-01 05:39 14848 ----a-w- c:\windows\system32\wamregps.dll
2013-03-25 22:02 . 2012-06-01 04:40 10752 ----a-w- c:\windows\SysWow64\wamregps.dll
2013-03-25 22:02 . 2012-06-01 04:35 26624 ----a-w- c:\windows\SysWow64\ahadmin.dll
2013-03-25 22:02 . 2012-06-01 05:36 11264 ----a-w- c:\windows\system32\iisrstap.dll
2013-03-25 22:02 . 2012-06-01 04:37 8192 ----a-w- c:\windows\SysWow64\iisrstap.dll
2013-03-25 21:44 . 2013-03-25 21:44 -------- d-----w- c:\windows\SysWow64\BestPractices
2013-03-25 21:44 . 2013-03-25 21:44 -------- d-----w- c:\windows\system32\BestPractices
2013-03-25 21:44 . 2013-03-25 21:44 -------- d-----w- C:\inetpub
2013-03-25 12:27 . 2013-03-25 12:27 -------- d-----w- c:\programdata\Sophos
2013-03-25 12:26 . 2013-03-25 12:26 73728 ----a-r- c:\users\Carl's office\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-03-25 12:26 . 2013-03-25 12:26 73728 ----a-r- c:\users\Carl's office\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-03-25 12:26 . 2013-03-25 12:26 73728 ----a-r- c:\users\Carl's office\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-03-25 12:26 . 2013-03-25 12:26 -------- d-----w- c:\program files (x86)\Sophos
2013-03-24 02:50 . 2013-03-24 02:50 -------- d-----w- c:\program files (x86)\Panda Security
2013-03-23 19:45 . 2013-03-23 19:45 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-03-23 19:42 . 2013-03-23 19:42 -------- d-----w- c:\program files (x86)\RealNetworks
2013-03-23 19:42 . 2013-03-23 19:42 -------- d-----w- c:\programdata\RealNetworks
2013-03-23 19:42 . 2013-03-23 19:42 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2013-03-20 20:12 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-13 22:01 . 2013-03-13 22:01 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-13 22:01 . 2013-03-13 22:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-05 20:05 . 2013-03-25 21:55 -------- d-----w- c:\users\LogMeInRemoteUser
2013-03-05 02:15 . 2013-03-05 02:15 -------- d-----w- c:\users\Carl's office\AppData\Local\LogMeIn
2013-03-05 02:15 . 2013-01-25 21:37 60776 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
2013-03-05 02:15 . 2013-01-25 21:38 88448 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-03-05 02:15 . 2013-01-25 21:37 35688 ----a-w- c:\windows\system32\LMIport.dll
2013-03-05 02:15 . 2012-11-29 16:56 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2013-03-05 02:15 . 2012-11-29 16:56 11552 ----a-w- c:\windows\system32\drivers\lmimirr.sys
2013-03-05 02:15 . 2013-01-25 21:37 84328 ----a-w- c:\windows\system32\LMIinit.dll
2013-03-05 02:14 . 2013-03-28 12:16 -------- d-----w- c:\programdata\LogMeIn
2013-03-05 02:14 . 2013-03-05 20:05 -------- d-----w- c:\program files (x86)\LogMeIn
2013-03-02 15:25 . 2013-03-02 15:25 -------- d-----w- c:\program files\iPod
2013-03-02 15:25 . 2013-03-02 15:26 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-02 15:25 . 2013-03-02 15:26 -------- d-----w- c:\program files\iTunes
2013-03-02 15:25 . 2013-03-02 15:26 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-29 03:18 . 2011-11-08 01:12 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2013-03-23 19:38 . 2011-12-14 00:57 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-23 19:38 . 2011-12-14 00:57 1085344 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-19 12:44 . 2012-03-31 13:20 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-19 12:44 . 2011-06-14 01:45 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 22:21 . 2010-09-01 00:16 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-26 23:17 . 2013-02-26 23:17 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-02-26 23:17 . 2013-02-26 23:17 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-02-26 23:17 . 2013-02-26 23:17 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-02-26 23:17 . 2013-02-26 23:17 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-02-26 23:17 . 2013-02-26 23:17 1766912 ----a-w- c:\windows\SysWow64\wininet.dll
2013-02-26 23:17 . 2013-02-26 23:17 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-02-26 23:17 . 2013-02-26 23:17 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-02-26 23:17 . 2013-02-26 23:17 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-02-26 23:17 . 2013-02-26 23:17 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-02-26 23:17 . 2013-02-26 23:17 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-02-26 23:17 . 2013-02-26 23:17 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-02-26 23:17 . 2013-02-26 23:17 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-02-26 23:17 . 2013-02-26 23:17 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-02-26 23:17 . 2013-02-26 23:17 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-02-26 23:17 . 2013-02-26 23:17 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-02-26 23:17 . 2013-02-26 23:17 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-02-26 23:17 . 2013-02-26 23:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-02-26 23:17 . 2013-02-26 23:17 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-02-26 23:17 . 2013-02-26 23:17 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-02-26 23:17 . 2013-02-26 23:17 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-02-26 23:17 . 2013-02-26 23:17 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-02-26 23:17 . 2013-02-26 23:17 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-02-26 23:17 . 2013-02-26 23:17 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-02-26 23:17 . 2013-02-26 23:17 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-02-26 23:17 . 2013-02-26 23:17 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-02-26 23:17 . 2013-02-26 23:17 2647552 ----a-w- c:\windows\system32\iertutil.dll
2013-02-26 23:17 . 2013-02-26 23:17 216064 ----a-w- c:\windows\system32\msls31.dll
2013-02-26 23:17 . 2013-02-26 23:17 197120 ----a-w- c:\windows\system32\msrating.dll
2013-02-26 23:17 . 2013-02-26 23:17 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-02-26 23:17 . 2013-02-26 23:17 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-02-26 23:17 . 2013-02-26 23:17 441856 ----a-w- c:\windows\system32\html.iec
2013-02-26 23:17 . 2013-02-26 23:17 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-02-26 23:17 . 2013-02-26 23:17 2240512 ----a-w- c:\windows\system32\wininet.dll
2013-02-26 23:17 . 2013-02-26 23:17 81408 ----a-w- c:\windows\system32\icardie.dll
2013-02-26 23:17 . 2013-02-26 23:17 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-02-26 23:17 . 2013-02-26 23:17 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-02-26 23:17 . 2013-02-26 23:17 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-02-26 23:17 . 2013-02-26 23:17 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-02-26 23:17 . 2013-02-26 23:17 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-02-26 23:17 . 2013-02-26 23:17 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-02-26 23:17 . 2013-02-26 23:17 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-02-26 23:17 . 2013-02-26 23:17 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-02-26 23:17 . 2013-02-26 23:17 235008 ----a-w- c:\windows\system32\url.dll
2013-02-26 23:17 . 2013-02-26 23:17 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-02-26 23:17 . 2013-02-26 23:17 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-26 23:17 . 2013-02-26 23:17 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-02-26 23:17 . 2013-02-26 23:17 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-26 23:17 . 2013-02-26 23:17 102912 ----a-w- c:\windows\system32\inseng.dll
2013-02-26 23:17 . 2013-02-26 23:17 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-02-26 23:17 . 2013-02-26 23:17 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-02-26 23:17 . 2013-02-26 23:17 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-02-26 23:17 . 2013-02-26 23:17 144896 ----a-w- c:\windows\system32\wextract.exe
2013-02-26 23:17 . 2013-02-26 23:17 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-02-26 23:17 . 2013-02-26 23:17 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-26 23:17 . 2013-02-26 23:17 19221504 ----a-w- c:\windows\system32\mshtml.dll
2013-02-26 23:17 . 2013-02-26 23:17 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-26 23:17 . 2013-02-26 23:17 149504 ----a-w- c:\windows\system32\occache.dll
2013-02-26 23:17 . 2013-02-26 23:17 13824 ----a-w- c:\windows\system32\mshta.exe
2013-02-26 23:17 . 2013-02-26 23:17 855552 ----a-w- c:\windows\system32\jscript.dll
2013-02-26 23:17 . 2013-02-26 23:17 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-02-26 23:17 . 2013-02-26 23:17 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-02-26 23:17 . 2013-02-26 23:17 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-02-26 23:17 . 2013-02-26 23:17 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-02-26 23:17 . 2013-02-26 23:17 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-02-26 23:17 . 2013-02-26 23:17 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-02-26 23:17 . 2013-02-26 23:17 526848 ----a-w- c:\windows\system32\ieui.dll
2013-02-26 23:17 . 2013-02-26 23:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-02-26 23:17 . 2013-02-26 23:17 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-02-26 23:17 . 2013-02-26 23:17 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-02-26 23:17 . 2013-02-26 23:17 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-02-26 23:17 . 2013-02-26 23:17 15407616 ----a-w- c:\windows\system32\ieframe.dll
2013-02-26 23:13 . 2013-02-26 23:13 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-02-26 23:13 . 2013-02-26 23:13 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-02-26 23:13 . 2013-02-26 23:13 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-02-26 23:13 . 2013-02-26 23:13 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-02-26 23:13 . 2013-02-26 23:13 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ACTSchedulerUI"="c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.UI.exe" [2011-11-16 557056]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\ActSage.exe" [2011-11-16 337224]
.
c:\users\Carl's office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DING!.lnk - c:\program files (x86)\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
Dropbox.lnk - c:\users\Carl's office\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-3-19 1086816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-30 35840]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2010-02-24 726816]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2011-12-16 27584]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-30 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 44896]
R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 370016]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S2 ActService;ACT! Service Host;c:\program files (x86)\ACT\Act for Windows\Act.Server.Host.exe [2011-11-16 18432]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-01-25 376168]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-11-29 15928]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2011-06-18 43040096]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056]
S2 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2011-11-16 81920]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2011-12-16 25504]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-26 75904]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
S3 LVUVC64;Logitech QuickCam S7500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2013-01-29 50800]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1301504]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
iissvcs REG_MULTI_SZ    w3svc was
apphost REG_MULTI_SZ    apphostsvc
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-12 20:59 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 12:44]
.
2013-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-19 11:47]
.
2013-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-19 11:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-11-29 57928]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
TCP: DhcpNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} - hxxp://optimum.net/downloads/TNetworkScannerXControl.ocx
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Completion time: 2013-03-28  23:30:53 - machine was rebooted
ComboFix-quarantined-files.txt  2013-03-29 03:30
ComboFix2.txt  2013-03-28 12:55
ComboFix3.txt  2013-03-25 12:24
ComboFix4.txt  2013-03-25 00:17
ComboFix5.txt  2013-03-29 02:56
.
Pre-Run: 108,262,281,216 bytes free
Post-Run: 108,178,771,968 bytes free
.
- - End Of File - - C3763F345D4EE6CD9FB2D88C257021A5

 

TDSSKiller log:

 

07:32:53.0155 6800  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
07:32:53.0498 6800  ============================================================
07:32:53.0498 6800  Current date / time: 2013/03/29 07:32:53.0498
07:32:53.0498 6800  SystemInfo:
07:32:53.0498 6800 
07:32:53.0498 6800  OS Version: 6.1.7601 ServicePack: 1.0
07:32:53.0498 6800  Product type: Workstation
07:32:53.0498 6800  ComputerName: CARLSOFFICE-PC
07:32:53.0498 6800  UserName: Carl's office
07:32:53.0498 6800  Windows directory: C:\Windows
07:32:53.0498 6800  System windows directory: C:\Windows
07:32:53.0498 6800  Running under WOW64
07:32:53.0498 6800  Processor architecture: Intel x64
07:32:53.0498 6800  Number of processors: 2
07:32:53.0498 6800  Page size: 0x1000
07:32:53.0498 6800  Boot type: Normal boot
07:32:53.0498 6800  ============================================================
07:32:54.0621 6800  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:32:54.0652 6800  ============================================================
07:32:54.0652 6800  \Device\Harddisk0\DR0:
07:32:54.0652 6800  MBR partitions:
07:32:54.0652 6800  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2528800, BlocksNum 0x1DCEF000
07:32:54.0652 6800  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x20217800, BlocksNum 0x2A640000
07:32:54.0652 6800  ============================================================
07:32:54.0684 6800  C: <-> \Device\Harddisk0\DR0\Partition1
07:32:54.0715 6800  D: <-> \Device\Harddisk0\DR0\Partition2
07:32:54.0715 6800  ============================================================
07:32:54.0715 6800  Initialize success
07:32:54.0715 6800  ============================================================
07:33:02.0998 7060  ============================================================
07:33:02.0998 7060  Scan started
07:33:02.0998 7060  Mode: Manual;
07:33:02.0998 7060  ============================================================
07:33:04.0012 7060  ================ Scan system memory ========================
07:33:04.0012 7060  System memory - ok
07:33:04.0012 7060  ================ Scan services =============================
07:33:04.0153 7060  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
07:33:04.0168 7060  1394ohci - ok
07:33:04.0200 7060  [ E0A8525A951ADDB4655BC2068566407D ] 61883           C:\Windows\system32\DRIVERS\61883.sys
07:33:04.0215 7060  61883 - ok
07:33:04.0246 7060  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
07:33:04.0246 7060  ACPI - ok
07:33:04.0262 7060  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
07:33:04.0278 7060  AcpiPmi - ok
07:33:04.0387 7060  [ 861D18775087A286F53ADE05D0F31396 ] ActService      C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe
07:33:04.0387 7060  ActService - ok
07:33:04.0465 7060  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:33:04.0480 7060  AdobeARMservice - ok
07:33:04.0574 7060  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:33:04.0574 7060  AdobeFlashPlayerUpdateSvc - ok
07:33:04.0636 7060  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
07:33:04.0636 7060  adp94xx - ok
07:33:04.0668 7060  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
07:33:04.0683 7060  adpahci - ok
07:33:04.0699 7060  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
07:33:04.0714 7060  adpu320 - ok
07:33:04.0746 7060  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
07:33:04.0746 7060  AeLookupSvc - ok
07:33:04.0808 7060  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
07:33:04.0808 7060  AFD - ok
07:33:04.0870 7060  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
07:33:04.0870 7060  agp440 - ok
07:33:04.0902 7060  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
07:33:04.0902 7060  ALG - ok
07:33:04.0917 7060  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
07:33:04.0917 7060  aliide - ok
07:33:04.0964 7060  [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
07:33:04.0964 7060  AMD External Events Utility - ok
07:33:04.0980 7060  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
07:33:04.0980 7060  amdide - ok
07:33:05.0026 7060  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
07:33:05.0026 7060  AmdK8 - ok
07:33:05.0260 7060  [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
07:33:05.0479 7060  amdkmdag - ok
07:33:05.0526 7060  [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
07:33:05.0541 7060  amdkmdap - ok
07:33:05.0572 7060  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
07:33:05.0572 7060  AmdPPM - ok
07:33:05.0604 7060  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
07:33:05.0619 7060  amdsata - ok
07:33:05.0635 7060  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
07:33:05.0635 7060  amdsbs - ok
07:33:05.0650 7060  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
07:33:05.0650 7060  amdxata - ok
07:33:05.0728 7060  [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
07:33:05.0728 7060  AppHostSvc - ok
07:33:05.0791 7060  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
07:33:05.0791 7060  AppID - ok
07:33:05.0806 7060  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
07:33:05.0822 7060  AppIDSvc - ok
07:33:05.0853 7060  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
07:33:05.0869 7060  Appinfo - ok
07:33:05.0931 7060  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:33:05.0931 7060  Apple Mobile Device - ok
07:33:06.0009 7060  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
07:33:06.0009 7060  arc - ok
07:33:06.0025 7060  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
07:33:06.0025 7060  arcsas - ok
07:33:06.0072 7060  [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
07:33:06.0072 7060  AsIO - ok
07:33:06.0212 7060  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:33:06.0212 7060  aspnet_state - ok
07:33:06.0243 7060  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
07:33:06.0243 7060  AsyncMac - ok
07:33:06.0274 7060  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
07:33:06.0274 7060  atapi - ok
07:33:06.0337 7060  [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
07:33:06.0337 7060  AtiHdmiService - ok
07:33:06.0571 7060  [ 60216B0E704584DE6D5A9F59E9C34C47 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
07:33:06.0711 7060  atikmdag - ok
07:33:06.0742 7060  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
07:33:06.0742 7060  AtiPcie - ok
07:33:06.0805 7060  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:33:06.0820 7060  AudioEndpointBuilder - ok
07:33:06.0836 7060  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
07:33:06.0852 7060  AudioSrv - ok
07:33:06.0867 7060  [ 16FABE84916623D0607E4A975544032C ] Avc             C:\Windows\system32\DRIVERS\avc.sys
07:33:06.0867 7060  Avc - ok
07:33:07.0101 7060  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
07:33:07.0210 7060  AVGIDSAgent - ok
07:33:07.0242 7060  [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
07:33:07.0257 7060  AVGIDSDriver - ok
07:33:07.0288 7060  [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
07:33:07.0304 7060  AVGIDSHA - ok
07:33:07.0320 7060  [ 5989592A91A17587799792A81E1541D4 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
07:33:07.0335 7060  Avgldx64 - ok
07:33:07.0366 7060  [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
07:33:07.0366 7060  Avgloga - ok
07:33:07.0413 7060  [ 841C40C193889730848849AC220D9242 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
07:33:07.0413 7060  Avgmfx64 - ok
07:33:07.0460 7060  [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
07:33:07.0460 7060  Avgrkx64 - ok
07:33:07.0491 7060  [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
07:33:07.0491 7060  Avgtdia - ok
07:33:07.0522 7060  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
07:33:07.0522 7060  avgwd - ok
07:33:07.0569 7060  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
07:33:07.0585 7060  AxInstSV - ok
07:33:07.0616 7060  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
07:33:07.0632 7060  b06bdrv - ok
07:33:07.0647 7060  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
07:33:07.0663 7060  b57nd60a - ok
07:33:07.0694 7060  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
07:33:07.0694 7060  BDESVC - ok
07:33:07.0710 7060  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
07:33:07.0725 7060  Beep - ok
07:33:07.0772 7060  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
07:33:07.0788 7060  BFE - ok
07:33:07.0819 7060  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
07:33:07.0850 7060  BITS - ok
07:33:07.0866 7060  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
07:33:07.0881 7060  blbdrive - ok
07:33:07.0975 7060  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:33:07.0975 7060  Bonjour Service - ok
07:33:08.0022 7060  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
07:33:08.0022 7060  bowser - ok
07:33:08.0037 7060  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:33:08.0053 7060  BrFiltLo - ok
07:33:08.0068 7060  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:33:08.0084 7060  BrFiltUp - ok
07:33:08.0131 7060  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
07:33:08.0131 7060  BridgeMP - ok
07:33:08.0162 7060  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
07:33:08.0162 7060  Browser - ok
07:33:08.0193 7060  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
07:33:08.0209 7060  Brserid - ok
07:33:08.0224 7060  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
07:33:08.0224 7060  BrSerWdm - ok
07:33:08.0256 7060  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
07:33:08.0256 7060  BrUsbMdm - ok
07:33:08.0271 7060  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
07:33:08.0271 7060  BrUsbSer - ok
07:33:08.0287 7060  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
07:33:08.0287 7060  BTHMODEM - ok
07:33:08.0334 7060  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
07:33:08.0334 7060  bthserv - ok
07:33:08.0380 7060  [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64     C:\Windows\system32\drivers\BVRPMPR5a64.SYS
07:33:08.0380 7060  BVRPMPR5a64 - ok
07:33:08.0396 7060  catchme - ok
07:33:08.0427 7060  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
07:33:08.0443 7060  cdfs - ok
07:33:08.0490 7060  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
07:33:08.0490 7060  cdrom - ok
07:33:08.0536 7060  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
07:33:08.0536 7060  CertPropSvc - ok
07:33:08.0552 7060  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
07:33:08.0552 7060  circlass - ok
07:33:08.0583 7060  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
07:33:08.0599 7060  CLFS - ok
07:33:08.0646 7060  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:33:08.0646 7060  clr_optimization_v2.0.50727_32 - ok
07:33:08.0677 7060  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:33:08.0692 7060  clr_optimization_v2.0.50727_64 - ok
07:33:08.0770 7060  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:33:08.0786 7060  clr_optimization_v4.0.30319_32 - ok
07:33:08.0802 7060  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:33:08.0802 7060  clr_optimization_v4.0.30319_64 - ok
07:33:08.0833 7060  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
07:33:08.0833 7060  CmBatt - ok
07:33:08.0864 7060  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
07:33:08.0880 7060  cmdide - ok
07:33:08.0911 7060  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
07:33:08.0926 7060  CNG - ok
07:33:08.0942 7060  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
07:33:08.0942 7060  Compbatt - ok
07:33:08.0989 7060  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
07:33:09.0004 7060  CompositeBus - ok
07:33:09.0004 7060  COMSysApp - ok
07:33:09.0051 7060  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
07:33:09.0067 7060  crcdisk - ok
07:33:09.0176 7060  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
07:33:09.0176 7060  CryptSvc - ok
07:33:09.0238 7060  [ BA25D4B9B067248F7CAC416E855D706B ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
07:33:09.0238 7060  dc3d - ok
07:33:09.0301 7060  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
07:33:09.0316 7060  DcomLaunch - ok
07:33:09.0363 7060  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
07:33:09.0379 7060  defragsvc - ok
07:33:09.0457 7060  [ 0A403702CB00432AC818523CD416BF67 ] Device Handle Service C:\Windows\SysWOW64\AsHookDevice.exe
07:33:09.0472 7060  Device Handle Service - ok
07:33:09.0519 7060  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
07:33:09.0519 7060  DfsC - ok
07:33:09.0566 7060  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
07:33:09.0566 7060  Dhcp - ok
07:33:09.0597 7060  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
07:33:09.0597 7060  discache - ok
07:33:09.0628 7060  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
07:33:09.0628 7060  Disk - ok
07:33:09.0660 7060  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
07:33:09.0675 7060  Dnscache - ok
07:33:09.0722 7060  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
07:33:09.0722 7060  dot3svc - ok
07:33:09.0769 7060  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
07:33:09.0769 7060  DPS - ok
07:33:09.0800 7060  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
07:33:09.0800 7060  drmkaud - ok
07:33:09.0847 7060  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
07:33:09.0862 7060  DXGKrnl - ok
07:33:09.0894 7060  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
07:33:09.0894 7060  EapHost - ok
07:33:09.0987 7060  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
07:33:10.0065 7060  ebdrv - ok
07:33:10.0096 7060  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
07:33:10.0096 7060  EFS - ok
07:33:10.0159 7060  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
07:33:10.0174 7060  ehRecvr - ok
07:33:10.0206 7060  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
07:33:10.0206 7060  ehSched - ok
07:33:10.0252 7060  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
07:33:10.0268 7060  elxstor - ok
07:33:10.0330 7060  [ 7DB097F4F6786307168C0DDDEC43A565 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
07:33:10.0330 7060  EPSON_EB_RPCV4_04 - ok
07:33:10.0346 7060  [ 258AA65A0862E19B7DE6981FDA3758AD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
07:33:10.0362 7060  EPSON_PM_RPCV4_04 - ok
07:33:10.0393 7060  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
07:33:10.0408 7060  ErrDev - ok
07:33:10.0455 7060  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
07:33:10.0455 7060  EventSystem - ok
07:33:10.0486 7060  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
07:33:10.0486 7060  exfat - ok
07:33:10.0518 7060  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
07:33:10.0533 7060  fastfat - ok
07:33:10.0580 7060  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
07:33:10.0596 7060  Fax - ok
07:33:10.0627 7060  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
07:33:10.0627 7060  fdc - ok
07:33:10.0642 7060  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
07:33:10.0642 7060  fdPHost - ok
07:33:10.0674 7060  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
07:33:10.0674 7060  FDResPub - ok
07:33:10.0689 7060  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
07:33:10.0705 7060  FileInfo - ok
07:33:10.0720 7060  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
07:33:10.0720 7060  Filetrace - ok
07:33:10.0736 7060  [ C172A0F53008EAEB8EA33FE10E


#16 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 29 March 2013 - 04:18 PM

Illegal application attempted on a registry key that has been marked for deletion". I clicked Continue,

That's fine, you just needed to reboot to fix that.

Your TDSSKiller log was cut off by the maximum post length. Please take a look at where it was cut off, and post the remainder in a new reply.
 
 
Please download SystemLook_x64 from one of the links below and save it to your Desktop.
http://jpshortstuff....temLook_x64.exe
http://images.malwar...temLook_x64.exe

  • Double-click SystemLook_x64.exe to run it.
  • Copy the content of the following codebox into the main textfield

 

:dir /s
C:\inetpub
c:\windows\SysWow64\BestPractices
c:\windows\system32\BestPractices
 
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

 

Please post the remainder of the TDSSKiller log, the contents of SystemLook.txt, and note any errors encountered.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#17 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 29 March 2013 - 06:17 PM

the TDSSKiller.txt file vanished from my desktop, so I ran it again, and posted the full log...followed by the SystemLook.txt....

 

20:08:59.0722 6272  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:09:00.0876 6272  ============================================================
20:09:00.0876 6272  Current date / time: 2013/03/29 20:09:00.0876
20:09:00.0876 6272  SystemInfo:
20:09:00.0876 6272 
20:09:00.0876 6272  OS Version: 6.1.7601 ServicePack: 1.0
20:09:00.0876 6272  Product type: Workstation
20:09:00.0876 6272  ComputerName: CARLSOFFICE-PC
20:09:00.0876 6272  UserName: Carl's office
20:09:00.0876 6272  Windows directory: C:\Windows
20:09:00.0876 6272  System windows directory: C:\Windows
20:09:00.0892 6272  Running under WOW64
20:09:00.0892 6272  Processor architecture: Intel x64
20:09:00.0892 6272  Number of processors: 2
20:09:00.0892 6272  Page size: 0x1000
20:09:00.0892 6272  Boot type: Normal boot
20:09:00.0892 6272  ============================================================
20:09:03.0684 6272  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:09:03.0716 6272  ============================================================
20:09:03.0747 6272  \Device\Harddisk0\DR0:
20:09:03.0762 6272  MBR partitions:
20:09:03.0762 6272  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2528800, BlocksNum 0x1DCEF000
20:09:03.0762 6272  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x20217800, BlocksNum 0x2A640000
20:09:03.0762 6272  ============================================================
20:09:03.0778 6272  C: <-> \Device\Harddisk0\DR0\Partition1
20:09:03.0840 6272  D: <-> \Device\Harddisk0\DR0\Partition2
20:09:03.0840 6272  ============================================================
20:09:03.0840 6272  Initialize success
20:09:03.0840 6272  ============================================================
20:09:13.0263 6436  ============================================================
20:09:13.0263 6436  Scan started
20:09:13.0263 6436  Mode: Manual;
20:09:13.0263 6436  ============================================================
20:09:16.0711 6436  ================ Scan system memory ========================
20:09:16.0711 6436  System memory - ok
20:09:16.0711 6436  ================ Scan services =============================
20:09:17.0023 6436  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:09:17.0038 6436  1394ohci - ok
20:09:17.0085 6436  [ E0A8525A951ADDB4655BC2068566407D ] 61883           C:\Windows\system32\DRIVERS\61883.sys
20:09:17.0132 6436  61883 - ok
20:09:17.0210 6436  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:09:17.0210 6436  ACPI - ok
20:09:17.0272 6436  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:09:17.0303 6436  AcpiPmi - ok
20:09:17.0553 6436  [ 861D18775087A286F53ADE05D0F31396 ] ActService      C:\Program Files (x86)\ACT\Act for Windows\Act.Server.Host.exe
20:09:17.0615 6436  ActService - ok
20:09:17.0787 6436  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:09:17.0787 6436  AdobeARMservice - ok
20:09:18.0037 6436  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:09:18.0083 6436  AdobeFlashPlayerUpdateSvc - ok
20:09:18.0224 6436  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:09:18.0333 6436  adp94xx - ok
20:09:18.0380 6436  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:09:18.0411 6436  adpahci - ok
20:09:18.0442 6436  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:09:18.0473 6436  adpu320 - ok
20:09:18.0505 6436  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:09:18.0520 6436  AeLookupSvc - ok
20:09:18.0583 6436  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:09:18.0583 6436  AFD - ok
20:09:18.0676 6436  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:09:18.0723 6436  agp440 - ok
20:09:18.0785 6436  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:09:18.0801 6436  ALG - ok
20:09:18.0832 6436  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:09:18.0848 6436  aliide - ok
20:09:18.0941 6436  [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:09:18.0941 6436  AMD External Events Utility - ok
20:09:18.0988 6436  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:09:19.0035 6436  amdide - ok
20:09:19.0097 6436  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:09:19.0113 6436  AmdK8 - ok
20:09:19.0487 6436  [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:09:19.0831 6436  amdkmdag - ok
20:09:19.0909 6436  [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:09:19.0924 6436  amdkmdap - ok
20:09:20.0002 6436  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:09:20.0002 6436  AmdPPM - ok
20:09:20.0096 6436  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:09:20.0111 6436  amdsata - ok
20:09:20.0158 6436  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:09:20.0174 6436  amdsbs - ok
20:09:20.0236 6436  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:09:20.0252 6436  amdxata - ok
20:09:20.0408 6436  [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
20:09:20.0408 6436  AppHostSvc - ok
20:09:20.0533 6436  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:09:20.0595 6436  AppID - ok
20:09:20.0626 6436  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:09:20.0704 6436  AppIDSvc - ok
20:09:20.0735 6436  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
20:09:20.0735 6436  Appinfo - ok
20:09:20.0829 6436  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:09:20.0829 6436  Apple Mobile Device - ok
20:09:20.0938 6436  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:09:21.0032 6436  arc - ok
20:09:21.0063 6436  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:09:21.0094 6436  arcsas - ok
20:09:21.0188 6436  [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
20:09:21.0203 6436  AsIO - ok
20:09:21.0406 6436  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:09:21.0437 6436  aspnet_state - ok
20:09:21.0484 6436  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:09:21.0500 6436  AsyncMac - ok
20:09:21.0562 6436  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:09:21.0562 6436  atapi - ok
20:09:21.0640 6436  [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
20:09:21.0640 6436  AtiHdmiService - ok
20:09:22.0654 6436  [ 60216B0E704584DE6D5A9F59E9C34C47 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:09:22.0795 6436  atikmdag - ok
20:09:22.0888 6436  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
20:09:22.0904 6436  AtiPcie - ok
20:09:23.0091 6436  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:09:23.0107 6436  AudioEndpointBuilder - ok
20:09:23.0138 6436  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:09:23.0153 6436  AudioSrv - ok
20:09:23.0216 6436  [ 16FABE84916623D0607E4A975544032C ] Avc             C:\Windows\system32\DRIVERS\avc.sys
20:09:23.0216 6436  Avc - ok
20:09:23.0621 6436  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
20:09:23.0762 6436  AVGIDSAgent - ok
20:09:23.0840 6436  [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
20:09:23.0871 6436  AVGIDSDriver - ok
20:09:23.0949 6436  [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
20:09:24.0011 6436  AVGIDSHA - ok
20:09:24.0074 6436  [ 5989592A91A17587799792A81E1541D4 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
20:09:24.0089 6436  Avgldx64 - ok
20:09:24.0183 6436  [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
20:09:24.0183 6436  Avgloga - ok
20:09:24.0261 6436  [ 841C40C193889730848849AC220D9242 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
20:09:24.0277 6436  Avgmfx64 - ok
20:09:24.0370 6436  [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
20:09:24.0386 6436  Avgrkx64 - ok
20:09:24.0433 6436  [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
20:09:24.0448 6436  Avgtdia - ok
20:09:24.0542 6436  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
20:09:24.0542 6436  avgwd - ok
20:09:24.0620 6436  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:09:24.0635 6436  AxInstSV - ok
20:09:24.0729 6436  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:09:24.0745 6436  b06bdrv - ok
20:09:24.0791 6436  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:09:24.0838 6436  b57nd60a - ok
20:09:24.0916 6436  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:09:24.0932 6436  BDESVC - ok
20:09:24.0979 6436  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:09:24.0994 6436  Beep - ok
20:09:25.0119 6436  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:09:25.0181 6436  BFE - ok
20:09:25.0275 6436  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
20:09:25.0322 6436  BITS - ok
20:09:25.0369 6436  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:09:25.0369 6436  blbdrive - ok
20:09:25.0556 6436  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:09:25.0556 6436  Bonjour Service - ok
20:09:25.0618 6436  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:09:25.0634 6436  bowser - ok
20:09:25.0665 6436  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:09:25.0665 6436  BrFiltLo - ok
20:09:25.0712 6436  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:09:25.0727 6436  BrFiltUp - ok
20:09:25.0805 6436  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
20:09:25.0852 6436  BridgeMP - ok
20:09:25.0899 6436  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:09:25.0915 6436  Browser - ok
20:09:25.0993 6436  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:09:26.0008 6436  Brserid - ok
20:09:26.0039 6436  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:09:26.0071 6436  BrSerWdm - ok
20:09:26.0102 6436  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:09:26.0195 6436  BrUsbMdm - ok
20:09:26.0227 6436  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:09:26.0305 6436  BrUsbSer - ok
20:09:26.0336 6436  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:09:26.0367 6436  BTHMODEM - ok
20:09:26.0414 6436  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:09:26.0461 6436  bthserv - ok
20:09:26.0539 6436  [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64     C:\Windows\system32\drivers\BVRPMPR5a64.SYS
20:09:26.0539 6436  BVRPMPR5a64 - ok
20:09:26.0632 6436  catchme - ok
20:09:26.0695 6436  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:09:26.0773 6436  cdfs - ok
20:09:26.0835 6436  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:09:26.0882 6436  cdrom - ok
20:09:26.0960 6436  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:09:27.0007 6436  CertPropSvc - ok
20:09:27.0053 6436  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:09:27.0147 6436  circlass - ok
20:09:27.0194 6436  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:09:27.0194 6436  CLFS - ok
20:09:27.0256 6436  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:09:27.0272 6436  clr_optimization_v2.0.50727_32 - ok
20:09:27.0319 6436  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:09:27.0350 6436  clr_optimization_v2.0.50727_64 - ok
20:09:27.0459 6436  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:09:27.0459 6436  clr_optimization_v4.0.30319_32 - ok
20:09:27.0490 6436  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:09:27.0490 6436  clr_optimization_v4.0.30319_64 - ok
20:09:27.0553 6436  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:09:27.0677 6436  CmBatt - ok
20:09:27.0724 6436  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:09:27.0724 6436  cmdide - ok
20:09:27.0818 6436  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
20:09:27.0896 6436  CNG - ok
20:09:27.0943 6436  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:09:28.0005 6436  Compbatt - ok
20:09:28.0114 6436  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:09:28.0145 6436  CompositeBus - ok
20:09:28.0192 6436  COMSysApp - ok
20:09:28.0223 6436  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:09:28.0255 6436  crcdisk - ok
20:09:28.0333 6436  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:09:28.0333 6436  CryptSvc - ok
20:09:28.0442 6436  [ BA25D4B9B067248F7CAC416E855D706B ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
20:09:28.0442 6436  dc3d - ok
20:09:28.0567 6436  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:09:28.0582 6436  DcomLaunch - ok
20:09:28.0645 6436  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:09:28.0645 6436  defragsvc - ok
20:09:28.0769 6436  [ 0A403702CB00432AC818523CD416BF67 ] Device Handle Service C:\Windows\SysWOW64\AsHookDevice.exe
20:09:28.0769 6436  Device Handle Service - ok
20:09:28.0847 6436  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:09:28.0879 6436  DfsC - ok
20:09:28.0941 6436  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:09:28.0941 6436  Dhcp - ok
20:09:29.0003 6436  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:09:29.0003 6436  discache - ok
20:09:29.0066 6436  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:09:29.0066 6436  Disk - ok
20:09:29.0144 6436  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:09:29.0159 6436  Dnscache - ok
20:09:29.0222 6436  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:09:29.0237 6436  dot3svc - ok
20:09:29.0269 6436  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:09:29.0284 6436  DPS - ok
20:09:29.0315 6436  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:09:29.0315 6436  drmkaud - ok
20:09:29.0487 6436  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:09:29.0518 6436  DXGKrnl - ok
20:09:29.0549 6436  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:09:29.0565 6436  EapHost - ok
20:09:29.0799 6436  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:09:30.0033 6436  ebdrv - ok
20:09:30.0111 6436  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:09:30.0111 6436  EFS - ok
20:09:30.0236 6436  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:09:30.0298 6436  ehRecvr - ok
20:09:30.0329 6436  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:09:30.0376 6436  ehSched - ok
20:09:30.0454 6436  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:09:30.0517 6436  elxstor - ok
20:09:30.0595 6436  [ 7DB097F4F6786307168C0DDDEC43A565 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
20:09:30.0595 6436  EPSON_EB_RPCV4_04 - ok
20:09:30.0657 6436  [ 258AA65A0862E19B7DE6981FDA3758AD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
20:09:30.0657 6436  EPSON_PM_RPCV4_04 - ok
20:09:30.0719 6436  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:09:30.0751 6436  ErrDev - ok
20:09:30.0829 6436  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:09:30.0829 6436  EventSystem - ok
20:09:30.0860 6436  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:09:30.0969 6436  exfat - ok
20:09:31.0000 6436  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:09:31.0047 6436  fastfat - ok
20:09:31.0109 6436  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:09:31.0125 6436  Fax - ok
20:09:31.0156 6436  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:09:31.0172 6436  fdc - ok
20:09:31.0203 6436  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:09:31.0219 6436  fdPHost - ok
20:09:31.0265 6436  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:09:31.0265 6436  FDResPub - ok
20:09:31.0297 6436  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:09:31.0312 6436  FileInfo - ok
20:09:31.0343 6436  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:09:31.0359 6436  Filetrace - ok
20:09:31.0375 6436  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:09:31.0390 6436  flpydisk - ok
20:09:31.0468 6436  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:09:31.0468 6436  FltMgr - ok
20:09:31.0609 6436  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
20:09:31.0640 6436  FontCache - ok
20:09:31.0718 6436  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:09:31.0733 6436  FontCache3.0.0.0 - ok
20:09:31.0780 6436  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:09:31.0780 6436  FsDepends - ok
20:09:31.0843 6436  [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
20:09:31.0858 6436  fssfltr - ok
20:09:32.0045 6436  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:09:32.0077 6436  fsssvc - ok
20:09:32.0123 6436  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:09:32.0139 6436  Fs_Rec - ok
20:09:32.0217 6436  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:09:32.0217 6436  fvevol - ok
20:09:32.0264 6436  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:09:32.0326 6436  gagp30kx - ok
20:09:32.0389 6436  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:09:32.0420 6436  GEARAspiWDM - ok
20:09:32.0545 6436  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:09:32.0545 6436  gpsvc - ok
20:09:32.0654 6436  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:09:32.0654 6436  gupdate - ok
20:09:32.0701 6436  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:09:32.0716 6436  gupdatem - ok
20:09:32.0763 6436  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:09:32.0779 6436  gusvc - ok
20:09:32.0825 6436  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:09:32.0841 6436  hcw85cir - ok
20:09:32.0919 6436  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:09:32.0919 6436  HdAudAddService - ok
20:09:32.0950 6436  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:09:32.0966 6436  HDAudBus - ok
20:09:32.0997 6436  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:09:33.0013 6436  HidBatt - ok
20:09:33.0028 6436  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:09:33.0044 6436  HidBth - ok
20:09:33.0075 6436  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:09:33.0075 6436  HidIr - ok
20:09:33.0122 6436  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
20:09:33.0122 6436  hidserv - ok
20:09:33.0215 6436  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:09:33.0278 6436  HidUsb - ok
20:09:33.0309 6436  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:09:33.0325 6436  hkmsvc - ok
20:09:33.0418 6436  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:09:33.0434 6436  HomeGroupListener - ok
20:09:33.0481 6436  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:09:33.0496 6436  HomeGroupProvider - ok
20:09:33.0559 6436  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:09:33.0574 6436  HpSAMD - ok
20:09:33.0668 6436  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:09:33.0715 6436  HTTP - ok
20:09:33.0761 6436  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:09:33.0761 6436  hwpolicy - ok
20:09:33.0855 6436  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:09:33.0886 6436  i8042prt - ok
20:09:33.0980 6436  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:09:33.0995 6436  iaStorV - ok
20:09:34.0120 6436  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
20:09:34.0120 6436  IDriverT - ok
20:09:34.0245 6436  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:09:34.0261 6436  idsvc - ok
20:09:34.0807 6436  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:09:35.0009 6436  igfx - ok
20:09:35.0072 6436  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:09:35.0087 6436  iirsp - ok
20:09:35.0150 6436  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:09:35.0165 6436  IKEEXT - ok
20:09:35.0228 6436  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:09:35.0228 6436  intelide - ok
20:09:35.0275 6436  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:09:35.0290 6436  intelppm - ok
20:09:35.0337 6436  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:09:35.0337 6436  IPBusEnum - ok
20:09:35.0399 6436  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:09:35.0431 6436  IpFilterDriver - ok
20:09:35.0555 6436  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:09:35.0571 6436  iphlpsvc - ok
20:09:35.0602 6436  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:09:35.0618 6436  IPMIDRV - ok
20:09:35.0665 6436  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:09:35.0680 6436  IPNAT - ok
20:09:35.0774 6436  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:09:35.0821 6436  iPod Service - ok
20:09:35.0914 6436  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:09:35.0914 6436  IRENUM - ok
20:09:35.0961 6436  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:09:35.0961 6436  isapnp - ok
20:09:36.0023 6436  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:09:36.0023 6436  iScsiPrt - ok
20:09:36.0055 6436  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:09:36.0070 6436  kbdclass - ok
20:09:36.0101 6436  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:09:36.0101 6436  kbdhid - ok
20:09:36.0148 6436  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:09:36.0148 6436  KeyIso - ok
20:09:36.0179 6436  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:09:36.0195 6436  KSecDD - ok
20:09:36.0257 6436  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:09:36.0273 6436  KSecPkg - ok
20:09:36.0320 6436  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:09:36.0335 6436  ksthunk - ok
20:09:36.0398 6436  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:09:36.0413 6436  KtmRm - ok
20:09:36.0507 6436  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
20:09:36.0523 6436  LanmanServer - ok
20:09:36.0585 6436  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:09:36.0585 6436  LanmanWorkstation - ok
20:09:36.0663 6436  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:09:36.0663 6436  lltdio - ok
20:09:36.0710 6436  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:09:36.0741 6436  lltdsvc - ok
20:09:36.0772 6436  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:09:36.0772 6436  lmhosts - ok
20:09:36.0913 6436  [ F29E0017BDE2ABD9A03E3431FD26F24B ] LMIGuardianSvc  C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
20:09:36.0913 6436  LMIGuardianSvc - ok
20:09:36.0975 6436  [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo         C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
20:09:36.0975 6436  LMIInfo - ok
20:09:37.0022 6436  [ 888A00C367F2C8D09D1BFF02A5FF8F1F ] LMIMaint        C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
20:09:37.0022 6436  LMIMaint - ok
20:09:37.0100 6436  [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys
20:09:37.0115 6436  lmimirr - ok
20:09:37.0178 6436  LMIRfsClientNP - ok
20:09:37.0240 6436  [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
20:09:37.0256 6436  LMIRfsDriver - ok
20:09:37.0318 6436  [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn         C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
20:09:37.0349 6436  LogMeIn - ok
20:09:37.0443 6436  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:09:37.0474 6436  LSI_FC - ok
20:09:37.0505 6436  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:09:37.0521 6436  LSI_SAS - ok
20:09:37.0599 6436  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:09:37.0615 6436  LSI_SAS2 - ok
20:09:37.0646 6436  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:09:37.0661 6436  LSI_SCSI - ok
20:09:37.0708 6436  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:09:37.0708 6436  luafv - ok
20:09:37.0802 6436  [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64        C:\Windows\system32\DRIVERS\LVPr2M64.sys
20:09:37.0802 6436  LVPr2M64 - ok
20:09:37.0895 6436  [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon        C:\Windows\system32\DRIVERS\LVPr2M64.sys
20:09:37.0895 6436  LVPr2Mon - ok
20:09:38.0067 6436  [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
20:09:38.0098 6436  LVPrcS64 - ok
20:09:38.0192 6436  [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
20:09:38.0223 6436  LVRS64 - ok
20:09:38.0675 6436  [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
20:09:38.0878 6436  LVUVC64 - ok
20:09:38.0941 6436  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:09:39.0003 6436  Mcx2Svc - ok
20:09:39.0034 6436  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:09:39.0050 6436  megasas - ok
20:09:39.0097 6436  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:09:39.0206 6436  MegaSR - ok
20:09:39.0299 6436  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:09:39.0299 6436  MMCSS - ok
20:09:39.0362 6436  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:09:39.0393 6436  Modem - ok
20:09:39.0487 6436  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:09:39.0487 6436  monitor - ok
20:09:39.0549 6436  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:09:39.0565 6436  mouclass - ok
20:09:39.0596 6436  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:09:39.0643 6436  mouhid - ok
20:09:39.0721 6436  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:09:39.0736 6436  mountmgr - ok
20:09:39.0752 6436  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:09:39.0783 6436  mpio - ok
20:09:39.0830 6436  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:09:39.0845 6436  mpsdrv - ok
20:09:40.0017 6436  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:09:40.0048 6436  MpsSvc - ok
20:09:40.0157 6436  [ CD22D2563039DDA6793F7624719363A7 ] MQAC            C:\Windows\system32\drivers\mqac.sys
20:09:40.0157 6436  MQAC - ok
20:09:40.0235 6436  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:09:40.0235 6436  MRxDAV - ok
20:09:40.0298 6436  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:09:40.0298 6436  mrxsmb - ok
20:09:40.0360 6436  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:09:40.0360 6436  mrxsmb10 - ok
20:09:40.0423 6436  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:09:40.0423 6436  mrxsmb20 - ok
20:09:40.0469 6436  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:09:40.0485 6436  msahci - ok
20:09:40.0563 6436  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:09:40.0563 6436  msdsm - ok
20:09:40.0594 6436  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:09:40.0610 6436  MSDTC - ok
20:09:40.0688 6436  [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV            C:\Windows\system32\DRIVERS\msdv.sys
20:09:40.0703 6436  MSDV - ok
20:09:40.0750 6436  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:09:40.0766 6436  Msfs - ok
20:09:40.0797 6436  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:09:40.0813 6436  mshidkmdf - ok
20:09:40.0859 6436  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:09:40.0859 6436  msisadrv - ok
20:09:40.0922 6436  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:09:40.0937 6436  MSiSCSI - ok
20:09:40.0953 6436  msiserver - ok
20:09:41.0015 6436  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:09:41.0015 6436  MSKSSRV - ok
20:09:41.0047 6436  [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ            C:\Windows\system32\mqsvc.exe
20:09:41.0047 6436  MSMQ - ok
20:09:41.0078 6436  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:09:41.0078 6436  MSPCLOCK - ok
20:09:41.0109 6436  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:09:41.0125 6436  MSPQM - ok
20:09:41.0187 6436  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:09:41.0187 6436  MsRPC - ok
20:09:41.0249 6436  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:09:41.0249 6436  mssmbios - ok
20:09:41.0390 6436  MSSQL$ACT7 - ok
20:09:41.0483 6436  [ 8E8E74C953EB0C4F8828D99D6F27FD6F ] MSSQLServerADHelper100 C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
20:09:41.0499 6436  MSSQLServerADHelper100 - ok
20:09:41.0546 6436  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:09:41.0561 6436  MSTEE - ok
20:09:41.0608 6436  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:09:41.0624 6436  MTConfig - ok
20:09:41.0702 6436  [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
20:09:41.0717 6436  MTsensor - ok
20:09:41.0795 6436  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:09:41.0811 6436  Mup - ok
20:09:41.0967 6436  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:09:41.0983 6436  napagent - ok
20:09:42.0061 6436  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:09:42.0061 6436  NativeWifiP - ok
20:09:42.0170 6436  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:09:42.0185 6436  NDIS - ok
20:09:42.0232 6436  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:09:42.0232 6436  NdisCap - ok
20:09:42.0295 6436  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:09:42.0310 6436  NdisTapi - ok
20:09:42.0373 6436  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:09:42.0373 6436  Ndisuio - ok
20:09:42.0466 6436  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:09:42.0466 6436  NdisWan - ok
20:09:42.0544 6436  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:09:42.0560 6436  NDProxy - ok
20:09:42.0653 6436  [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:09:42.0653 6436  Net Driver HPZ12 - ok
20:09:42.0685 6436  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:09:42.0700 6436  NetBIOS - ok
20:09:42.0763 6436  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:09:42.0778 6436  NetBT - ok
20:09:42.0794 6436  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:09:42.0809 6436  Netlogon - ok
20:09:42.0856 6436  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:09:42.0872 6436  Netman - ok
20:09:42.0997 6436  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:09:42.0997 6436  NetMsmqActivator - ok
20:09:43.0012 6436  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:09:43.0012 6436  NetPipeActivator - ok
20:09:43.0059 6436  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:09:43.0075 6436  netprofm - ok
20:09:43.0137 6436  [ B72BB9496A126FCFC7FC5945DED9B411 ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
20:09:43.0168 6436  netr28x - ok
20:09:43.0246 6436  [ 621559A521682A888D83DB34C6EC0BF8 ] netr7364        C:\Windows\system32\DRIVERS\netr7364.sys
20:09:43.0293 6436  netr7364 - ok
20:09:43.0355 6436  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:09:43.0355 6436  NetTcpActivator - ok
20:09:43.0387 6436  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:09:43.0387 6436  NetTcpPortSharing - ok
20:09:43.0449 6436  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:09:43.0465 6436  nfrd960 - ok
20:09:43.0543 6436  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:09:43.0543 6436  NlaSvc - ok
20:09:43.0574 6436  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:09:43.0574 6436  Npfs - ok
20:09:43.0621 6436  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:09:43.0621 6436  nsi - ok
20:09:43.0667 6436  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:09:43.0667 6436  nsiproxy - ok
20:09:43.0808 6436  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:09:43.0855 6436  Ntfs - ok
20:09:43.0933 6436  [ 189B73C24B70641C0E7ECBB866E0B1E5 ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
20:09:43.0933 6436  NuidFltr - ok
20:09:44.0011 6436  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:09:44.0026 6436  Null - ok
20:09:44.0120 6436  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:09:44.0120 6436  nvraid - ok
20:09:44.0182 6436  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:09:44.0198 6436  nvstor - ok
20:09:44.0263 6436  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:09:44.0263 6436  nv_agp - ok
20:09:44.0388 6436  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:09:44.0435 6436  odserv - ok
20:09:44.0497 6436  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:09:44.0591 6436  ohci1394 - ok
20:09:44.0716 6436  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:09:44.0731 6436  ose - ok
20:09:44.0872 6436  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:09:44.0872 6436  p2pimsvc - ok
20:09:44.0965 6436  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:09:44.0981 6436  p2psvc - ok
20:09:45.0043 6436  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:09:45.0121 6436  Parport - ok
20:09:45.0168 6436  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:09:45.0215 6436  partmgr - ok
20:09:45.0246 6436  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:09:45.0262 6436  PcaSvc - ok
20:09:45.0308 6436  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:09:45.0308 6436  pci - ok
20:09:45.0355 6436  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:09:45.0371 6436  pciide - ok
20:09:45.0402 6436  PCLEPCI - ok
20:09:45.0464 6436  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:09:45.0527 6436  pcmcia - ok
20:09:45.0558 6436  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:09:45.0605 6436  pcw - ok
20:09:45.0636 6436  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:09:45.0652 6436  PEAUTH - ok
20:09:45.0761 6436  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:09:45.0823 6436  PerfHost - ok
20:09:46.0057 6436  [ AE0B94363DA0F60D42B9D05B352F61ED ] PID_PEPI        C:\Windows\system32\DRIVERS\LV302V64.SYS
20:09:46.0182 6436  PID_PEPI - ok
20:09:46.0260 6436  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:09:46.0307 6436  pla - ok
20:09:46.0416 6436  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:09:46.0432 6436  PlugPlay - ok
20:09:46.0525 6436  [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:09:46.0541 6436  Pml Driver HPZ12 - ok
20:09:46.0572 6436  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:09:46.0634 6436  PNRPAutoReg - ok
20:09:46.0666 6436  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:09:46.0681 6436  PNRPsvc - ok
20:09:46.0744 6436  [ 34A8FAE065249F85A67A3215FF5ECB34 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
20:09:46.0790 6436  Point64 - ok
20:09:46.0853 6436  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:09:46.0868 6436  PolicyAgent - ok
20:09:46.0931 6436  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:09:46.0946 6436  Power - ok
20:09:47.0024 6436  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:09:47.0056 6436  PptpMiniport - ok
20:09:47.0102 6436  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:09:47.0118 6436  Processor - ok
20:09:47.0180 6436  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:09:47.0196 6436  ProfSvc - ok
20:09:47.0227 6436  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:09:47.0227 6436  ProtectedStorage - ok
20:09:47.0290 6436  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:09:47.0290 6436  Psched - ok
20:09:47.0368 6436  [ 7712267DBAD69820E0766B17D8F6543E ] PSI_SVC_2       C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
20:09:47.0383 6436  PSI_SVC_2 - ok
20:09:47.0446 6436  [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
20:09:47.0492 6436  PxHlpa64 - ok
20:09:47.0586 6436  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:09:47.0695 6436  ql2300 - ok
20:09:47.0726 6436  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:09:47.0789 6436  ql40xx - ok
20:09:47.0820 6436  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:09:47.0867 6436  QWAVE - ok
20:09:47.0898 6436  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:09:47.0945 6436  QWAVEdrv - ok
20:09:47.0976 6436  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:09:47.0992 6436  RasAcd - ok
20:09:48.0038 6436  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:09:48.0054 6436  RasAgileVpn - ok
20:09:48.0085 6436  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:09:48.0132 6436  RasAuto - ok
20:09:48.0179 6436  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:09:48.0272 6436  Rasl2tp - ok
20:09:48.0319 6436  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:09:48.0319 6436  RasMan - ok
20:09:48.0366 6436  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:09:48.0413 6436  RasPppoe - ok
20:09:48.0444 6436  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:09:48.0491 6436  RasSstp - ok
20:09:48.0553 6436  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:09:48.0616 6436  rdbss - ok
20:09:48.0647 6436  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:09:48.0678 6436  rdpbus - ok
20:09:48.0709 6436  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:09:48.0709 6436  RDPCDD - ok
20:09:48.0756 6436  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:09:48.0756 6436  RDPENCDD - ok
20:09:48.0787 6436  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:09:48.0787 6436  RDPREFMP - ok
20:09:48.0896 6436  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:09:48.0928 6436  RdpVideoMiniport - ok
20:09:48.0990 6436  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:09:49.0037 6436  RDPWD - ok
20:09:49.0115 6436  [ 34ED295FA0


#18 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 29 March 2013 - 06:21 PM

I see that the full log didn't get posted, so here is the rest of it, again, followed by SystemLook

 

20:09:49.0037 6436  RDPWD - ok
20:09:49.0115 6436  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:09:49.0162 6436  rdyboost - ok
20:09:49.0240 6436  [ 89525CC2DBAD44F7199B9CC188B3F9C5 ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
20:09:49.0240 6436  RealNetworks Downloader Resolver Service - ok
20:09:49.0271 6436  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:09:49.0333 6436  RemoteAccess - ok
20:09:49.0364 6436  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:09:49.0411 6436  RemoteRegistry - ok
20:09:49.0458 6436  [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
20:09:49.0505 6436  RimUsb - ok
20:09:49.0614 6436  [ 05FC44D32A144925EAE45570029FD6E1 ] RoxMediaDB10    C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
20:09:49.0692 6436  RoxMediaDB10 - ok
20:09:49.0786 6436  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:09:49.0786 6436  RpcEptMapper - ok
20:09:49.0832 6436  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:09:49.0879 6436  RpcLocator - ok
20:09:49.0957 6436  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:09:49.0973 6436  RpcSs - ok
20:09:50.0020 6436  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:09:50.0035 6436  rspndr - ok
20:09:50.0129 6436  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:09:50.0176 6436  RTL8167 - ok
20:09:50.0254 6436  RxFilter - ok
20:09:50.0347 6436  [ 50BC0E3FF1C61FEA769949AB5355FD2A ] Sage ACT! Scheduler C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe
20:09:50.0363 6436  Sage ACT! Scheduler - ok
20:09:50.0378 6436  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:09:50.0394 6436  SamSs - ok
20:09:50.0472 6436  [ 8325093BDAE38247A8482AB0A1BC37CE ] SamsungAllShareV2.0 C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
20:09:50.0472 6436  SamsungAllShareV2.0 - ok
20:09:50.0550 6436  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:09:50.0581 6436  sbp2port - ok
20:09:50.0659 6436  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:09:50.0722 6436  SCardSvr - ok
20:09:50.0768 6436  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:09:50.0784 6436  scfilter - ok
20:09:51.0018 6436  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:09:51.0049 6436  Schedule - ok
20:09:51.0112 6436  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:09:51.0127 6436  SCPolicySvc - ok
20:09:51.0143 6436  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:09:51.0158 6436  SDRSVC - ok
20:09:51.0268 6436  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
20:09:51.0283 6436  SDScannerService - ok
20:09:51.0424 6436  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
20:09:51.0439 6436  SDUpdateService - ok
20:09:51.0486 6436  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
20:09:51.0502 6436  SDWSCService - ok
20:09:51.0580 6436  [ 16A252022535B680046F6E34E136D378 ] SeaPort         C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
20:09:51.0595 6436  SeaPort - ok
20:09:51.0643 6436  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:09:51.0643 6436  secdrv - ok
20:09:51.0690 6436  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:09:51.0768 6436  seclogon - ok
20:09:51.0815 6436  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
20:09:51.0815 6436  SENS - ok
20:09:51.0861 6436  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:09:51.0893 6436  SensrSvc - ok
20:09:51.0939 6436  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:09:51.0955 6436  Serenum - ok
20:09:52.0002 6436  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:09:52.0002 6436  Serial - ok
20:09:52.0064 6436  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:09:52.0064 6436  sermouse - ok
20:09:52.0158 6436  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:09:52.0173 6436  SessionEnv - ok
20:09:52.0220 6436  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:09:52.0220 6436  sffdisk - ok
20:09:52.0251 6436  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:09:52.0251 6436  sffp_mmc - ok
20:09:52.0283 6436  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:09:52.0283 6436  sffp_sd - ok
20:09:52.0329 6436  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:09:52.0329 6436  sfloppy - ok
20:09:52.0392 6436  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:09:52.0392 6436  SharedAccess - ok
20:09:52.0485 6436  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:09:52.0485 6436  ShellHWDetection - ok
20:09:52.0532 6436  [ 002EFE99E9117D8C9FEB17CE9CC6AF82 ] SimpleSlideShowServer C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
20:09:52.0548 6436  SimpleSlideShowServer - ok
20:09:52.0579 6436  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:09:52.0595 6436  SiSRaid2 - ok
20:09:52.0627 6436  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:09:52.0642 6436  SiSRaid4 - ok
20:09:52.0720 6436  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:09:52.0720 6436  SkypeUpdate - ok
20:09:52.0783 6436  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:09:52.0783 6436  Smb - ok
20:09:52.0876 6436  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:09:52.0876 6436  SNMPTRAP - ok
20:09:52.0954 6436  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:09:52.0986 6436  spldr - ok
20:09:53.0032 6436  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:09:53.0048 6436  Spooler - ok
20:09:53.0298 6436  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:09:53.0391 6436  sppsvc - ok
20:09:53.0438 6436  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:09:53.0438 6436  sppuinotify - ok
20:09:53.0625 6436  [ 230C6AA1091190D2FDB40766CBD3DBBD ] SQLAgent$ACT7   C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE
20:09:53.0625 6436  SQLAgent$ACT7 - ok
20:09:53.0704 6436  [ 7D67C07C63796775CC5492BCFEAFF125 ] SQLBrowser      C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:09:53.0704 6436  SQLBrowser - ok
20:09:53.0845 6436  [ F98DDFBFE0EE66D4C4B00693512B9527 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:09:53.0860 6436  SQLWriter - ok
20:09:53.0907 6436  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:09:53.0923 6436  srv - ok
20:09:53.0969 6436  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:09:53.0985 6436  srv2 - ok
20:09:54.0032 6436  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:09:54.0032 6436  srvnet - ok
20:09:54.0125 6436  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:09:54.0157 6436  SSDPSRV - ok
20:09:54.0188 6436  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:09:54.0203 6436  SstpSvc - ok
20:09:54.0266 6436  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:09:54.0344 6436  stexstor - ok
20:09:54.0453 6436  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:09:54.0500 6436  stisvc - ok
20:09:54.0562 6436  [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:09:54.0578 6436  stllssvr - ok
20:09:54.0625 6436  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:09:54.0640 6436  swenum - ok
20:09:54.0704 6436  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:09:54.0719 6436  swprv - ok
20:09:54.0891 6436  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:09:54.0922 6436  SysMain - ok
20:09:54.0984 6436  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:09:54.0984 6436  TabletInputService - ok
20:09:55.0016 6436  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:09:55.0031 6436  TapiSrv - ok
20:09:55.0078 6436  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:09:55.0078 6436  TBS - ok
20:09:55.0437 6436  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:09:55.0484 6436  Tcpip - ok
20:09:55.0593 6436  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:09:55.0624 6436  TCPIP6 - ok
20:09:55.0686 6436  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:09:55.0702 6436  tcpipreg - ok
20:09:55.0749 6436  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:09:55.0749 6436  TDPIPE - ok
20:09:55.0827 6436  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:09:55.0827 6436  TDTCP - ok
20:09:55.0905 6436  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:09:55.0905 6436  tdx - ok
20:09:55.0967 6436  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:09:55.0983 6436  TermDD - ok
20:09:56.0045 6436  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:09:56.0061 6436  TermService - ok
20:09:56.0123 6436  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:09:56.0123 6436  Themes - ok
20:09:56.0154 6436  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:09:56.0170 6436  THREADORDER - ok
20:09:56.0217 6436  [ 519CB7D7F697F4BA47DE05845C20F158 ] TlntSvr         C:\Windows\System32\tlntsvr.exe
20:09:56.0217 6436  TlntSvr - ok
20:09:56.0326 6436  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:09:56.0342 6436  TrkWks - ok
20:09:56.0451 6436  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:09:56.0451 6436  TrustedInstaller - ok
20:09:56.0529 6436  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:09:56.0529 6436  tssecsrv - ok
20:09:56.0622 6436  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:09:56.0622 6436  TsUsbFlt - ok
20:09:56.0732 6436  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:09:56.0747 6436  tunnel - ok
20:09:56.0794 6436  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:09:56.0794 6436  uagp35 - ok
20:09:56.0888 6436  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:09:56.0903 6436  udfs - ok
20:09:56.0981 6436  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:09:56.0981 6436  UI0Detect - ok
20:09:57.0044 6436  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:09:57.0059 6436  uliagpkx - ok
20:09:57.0122 6436  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
20:09:57.0122 6436  umbus - ok
20:09:57.0168 6436  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:09:57.0184 6436  UmPass - ok
20:09:57.0215 6436  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:09:57.0231 6436  upnphost - ok
20:09:57.0293 6436  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:09:57.0293 6436  USBAAPL64 - ok
20:09:57.0356 6436  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:09:57.0356 6436  usbaudio - ok
20:09:57.0387 6436  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:09:57.0402 6436  usbccgp - ok
20:09:57.0418 6436  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:09:57.0434 6436  usbcir - ok
20:09:57.0465 6436  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:09:57.0512 6436  usbehci - ok
20:09:57.0590 6436  [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
20:09:57.0605 6436  usbfilter - ok
20:09:57.0714 6436  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:09:57.0714 6436  usbhub - ok
20:09:57.0777 6436  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
20:09:57.0792 6436  usbohci - ok
20:09:57.0870 6436  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:09:57.0886 6436  usbprint - ok
20:09:57.0980 6436  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:09:57.0980 6436  usbscan - ok
20:09:58.0026 6436  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:09:58.0042 6436  USBSTOR - ok
20:09:58.0073 6436  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:09:58.0089 6436  usbuhci - ok
20:09:58.0136 6436  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:09:58.0151 6436  UxSms - ok
20:09:58.0167 6436  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:09:58.0182 6436  VaultSvc - ok
20:09:58.0214 6436  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:09:58.0214 6436  vdrvroot - ok
20:09:58.0292 6436  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:09:58.0307 6436  vds - ok
20:09:58.0354 6436  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:09:58.0354 6436  vga - ok
20:09:58.0385 6436  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:09:58.0401 6436  VgaSave - ok
20:09:58.0448 6436  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:09:58.0463 6436  vhdmp - ok
20:09:58.0604 6436  [ DFDF7F9CAA50EE72A633EA4BBD65A557 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
20:09:58.0619 6436  VIAHdAudAddService - ok
20:09:58.0682 6436  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:09:58.0682 6436  viaide - ok
20:09:58.0713 6436  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:09:58.0728 6436  volmgr - ok
20:09:58.0806 6436  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:09:58.0806 6436  volmgrx - ok
20:09:58.0838 6436  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:09:58.0853 6436  volsnap - ok
20:09:58.0900 6436  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:09:58.0900 6436  vsmraid - ok
20:09:59.0087 6436  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:09:59.0118 6436  VSS - ok
20:09:59.0150 6436  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:09:59.0150 6436  vwifibus - ok
20:09:59.0196 6436  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:09:59.0196 6436  vwififlt - ok
20:09:59.0259 6436  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
20:09:59.0259 6436  vwifimp - ok
20:09:59.0306 6436  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:09:59.0321 6436  W32Time - ok
20:09:59.0508 6436  [ B32009DB1972E7F2C227499289C4384A ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
20:09:59.0524 6436  W3SVC - ok
20:09:59.0555 6436  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:09:59.0571 6436  WacomPen - ok
20:09:59.0649 6436  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:09:59.0649 6436  WANARP - ok
20:09:59.0680 6436  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:09:59.0680 6436  Wanarpv6 - ok
20:09:59.0805 6436  [ B32009DB1972E7F2C227499289C4384A ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
20:09:59.0820 6436  WAS - ok
20:09:59.0992 6436  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:10:00.0008 6436  WatAdminSvc - ok
20:10:00.0179 6436  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:10:00.0226 6436  wbengine - ok
20:10:00.0273 6436  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:10:00.0288 6436  WbioSrvc - ok
20:10:00.0366 6436  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:10:00.0382 6436  wcncsvc - ok
20:10:00.0413 6436  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:10:00.0429 6436  WcsPlugInService - ok
20:10:00.0460 6436  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:10:00.0460 6436  Wd - ok
20:10:00.0522 6436  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:10:00.0554 6436  Wdf01000 - ok
20:10:00.0616 6436  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:10:00.0616 6436  WdiServiceHost - ok
20:10:00.0632 6436  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:10:00.0647 6436  WdiSystemHost - ok
20:10:00.0725 6436  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:10:00.0756 6436  WebClient - ok
20:10:00.0803 6436  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:10:00.0819 6436  Wecsvc - ok
20:10:00.0834 6436  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:10:00.0866 6436  wercplsupport - ok
20:10:00.0897 6436  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:10:00.0912 6436  WerSvc - ok
20:10:00.0944 6436  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:10:00.0959 6436  WfpLwf - ok
20:10:01.0006 6436  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:10:01.0006 6436  WIMMount - ok
20:10:01.0053 6436  WinDefend - ok
20:10:01.0084 6436  WinHttpAutoProxySvc - ok
20:10:01.0193 6436  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:10:01.0193 6436  Winmgmt - ok
20:10:01.0427 6436  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:10:01.0474 6436  WinRM - ok
20:10:01.0599 6436  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:10:01.0599 6436  WinUsb - ok
20:10:01.0677 6436  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:10:01.0692 6436  Wlansvc - ok
20:10:01.0770 6436  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:10:01.0770 6436  wlcrasvc - ok
20:10:02.0020 6436  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:10:02.0098 6436  wlidsvc - ok
20:10:02.0145 6436  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:10:02.0145 6436  WmiAcpi - ok
20:10:02.0176 6436  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:10:02.0176 6436  wmiApSrv - ok
20:10:02.0223 6436  WMPNetworkSvc - ok
20:10:02.0270 6436  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:10:02.0270 6436  WPCSvc - ok
20:10:02.0316 6436  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:10:02.0332 6436  WPDBusEnum - ok
20:10:02.0410 6436  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:10:02.0410 6436  ws2ifsl - ok
20:10:02.0488 6436  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
20:10:02.0488 6436  wscsvc - ok
20:10:02.0504 6436  WSearch - ok
20:10:02.0816 6436  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:10:02.0878 6436  wuauserv - ok
20:10:02.0925 6436  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:10:02.0925 6436  WudfPf - ok
20:10:02.0972 6436  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:10:02.0987 6436  WUDFRd - ok
20:10:03.0034 6436  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:10:03.0050 6436  wudfsvc - ok
20:10:03.0112 6436  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:10:03.0128 6436  WwanSvc - ok
20:10:03.0174 6436  ================ Scan global ===============================
20:10:03.0190 6436  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:10:03.0268 6436  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:10:03.0284 6436  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:10:03.0315 6436  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:10:03.0377 6436  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:10:03.0393 6436  [Global] - ok
20:10:03.0393 6436  ================ Scan MBR ==================================
20:10:03.0408 6436  [ 4976D4A7A40B83FC7F06EE4BDD84EB9B ] \Device\Harddisk0\DR0
20:10:04.0001 6436  \Device\Harddisk0\DR0 - ok
20:10:04.0001 6436  ================ Scan VBR ==================================
20:10:04.0032 6436  [ 0550CBCF738F9D6AB8D7363B010799CD ] \Device\Harddisk0\DR0\Partition1
20:10:04.0032 6436  \Device\Harddisk0\DR0\Partition1 - ok
20:10:04.0048 6436  [ B8143EB48A6FCEDEA32E4B5EDBB19DD7 ] \Device\Harddisk0\DR0\Partition2
20:10:04.0079 6436  \Device\Harddisk0\DR0\Partition2 - ok
20:10:04.0079 6436  ============================================================
20:10:04.0079 6436  Scan finished
20:10:04.0079 6436  ============================================================
20:10:04.0110 6428  Detected object count: 0
20:10:04.0110 6428  Actual detected object count: 0

 

SystemLook 30.07.11 by jpshortstuff
Log created at 20:15 on 29/03/2013 by Carl's office
Administrator - Elevation successful

Invalid Context: dir /s

No Context: C:\inetpub

No Context: c:\windows\SysWow64\BestPractices

No Context: c:\windows\system32\BestPractices

-= EOF =-


 



#19 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 29 March 2013 - 06:55 PM

I had a context error in the SystemLook script.

 

Please re-run SystemLook_x64:

  • Double-click SystemLook_x64.exe to run it.
  • Copy the content of the following codebox into the main textfield
:dir
C:\inetpub /s
c:\windows\SysWow64\BestPractices /s
c:\windows\system32\BestPractices /s
 
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

 

Now reboot to Safe Mode - Restart your computer and begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.

 

Let's see if you can now run MBAM.

 

Please Run Malwarebytes' Anti-Malware.

  • Click the Update tab.
  • Click Check for Updates.
  • If an update is found, it will download and install.
  • Click the Scanner tab.
  • Select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

 

 

Please post the logs form SystemLook and MBAM. If you were unable to run MBAM, please let me know.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#20 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 30 March 2013 - 07:06 AM

I am attaching the 2 logs requested.  When I booted in safe mode, and went to MBAM, it ran, but the updater would not run.  When I clicked on it (in safe mode) the message "An error has occurred.  Please report this to our support team.  Program error updating (0,0,DNS-error)" came back.  I tried it several times.  So, I just ran MBAM and I've attached the log...it didn't find anything....
 
SystemLook 30.07.11 by jpshortstuff
Log created at 22:35 on 29/03/2013 by Carl's office
Administrator - Elevation successful
========== dir ==========
C:\inetpub - Parameters: "/s"
---Files---
None found.
C:\inetpub\history d------ [21:44 25/03/2013]
C:\inetpub\history\CFGHISTORY_0000000018 d------ [22:49 28/03/2013]
administration.config --a---- 18258 bytes [22:49 28/03/2013] [10:33 26/03/2013]
applicationHost.config --a---- 38525 bytes [22:49 28/03/2013] [22:48 28/03/2013]
C:\inetpub\history\CFGHISTORY_0000000018\schema d------ [22:49 28/03/2013]
NetFx40_IIS_schema_update.xml --a---- 3445 bytes [22:49 28/03/2013] [05:28 18/03/2010]
C:\inetpub\history\CFGHISTORY_0000000019 d------ [22:51 28/03/2013]
administration.config --a---- 18258 bytes [22:51 28/03/2013] [10:33 26/03/2013]
applicationHost.config --a---- 38525 bytes [22:51 28/03/2013] [22:50 28/03/2013]
C:\inetpub\history\CFGHISTORY_0000000019\schema d------ [22:51 28/03/2013]
NetFx40_IIS_schema_update.xml --a---- 3445 bytes [22:51 28/03/2013] [05:28 18/03/2010]
C:\inetpub\history\CFGHISTORY_0000000020 d------ [23:03 28/03/2013]
administration.config --a---- 18258 bytes [23:03 28/03/2013] [10:33 26/03/2013]
applicationHost.config --a---- 38525 bytes [23:03 28/03/2013] [23:03 28/03/2013]
C:\inetpub\history\CFGHISTORY_0000000020\schema d------ [23:03 28/03/2013]
NetFx40_IIS_schema_update.xml --a---- 3445 bytes [23:03 28/03/2013] [05:28 18/03/2010]
C:\inetpub\history\CFGHISTORY_0000000021 d------ [23:05 28/03/2013]
administration.config --a---- 18258 bytes [23:05 28/03/2013] [10:33 26/03/2013]
applicationHost.config --a---- 38525 bytes [23:05 28/03/2013] [23:04 28/03/2013]
C:\inetpub\history\CFGHISTORY_0000000021\schema d------ [23:05 28/03/2013]
NetFx40_IIS_schema_update.xml --a---- 3445 bytes [23:05 28/03/2013] [05:28 18/03/2010]
C:\inetpub\history\CFGHISTORY_0000000022 d------ [23:59 28/03/2013]
administration.config --a---- 18258 bytes [23:59 28/03/2013] [10:33 26/03/2013]
applicationHost.config --a---- 38525 bytes [23:59 28/03/2013] [23:59 28/03/2013]
C:\inetpub\history\CFGHISTORY_0000000022\schema d------ [23:59 28/03/2013]
NetFx40_IIS_schema_update.xml --a---- 3445 bytes [23:59 28/03/2013] [05:28 18/03/2010]
C:\inetpub\history\CFGHISTORY_0000000023 d------ [00:03 29/03/2013]
administration.config --a---- 18258 bytes [00:03 29/03/2013] [10:33 26/03/2013]
applicationHost.config --a---- 38525 bytes [00:03 29/03/2013] [00:03 29/03/2013]
C:\inetpub\history\CFGHISTORY_0000000023\schema d------ [00:03 29/03/2013]
NetFx40_IIS_schema_update.xml --a---- 3445 bytes [00:03 29/03/2013] [05:28 18/03/2010]
C:\inetpub\history\CFGHISTORY_0000000024 d------ [00:23 30/03/2013]
administration.config --a---- 18258 bytes [00:23 30/03/2013] [10:33 26/03/2013]
applicationHost.config --a---- 38525 bytes [00:23 30/03/2013] [00:22 30/03/2013]
C:\inetpub\history\CFGHISTORY_0000000024\schema d------ [00:23 30/03/2013]
NetFx40_IIS_schema_update.xml --a---- 3445 bytes [00:23 30/03/2013] [05:28 18/03/2010]
C:\inetpub\history\CFGHISTORY_0000000025 d------ [00:25 30/03/2013]
administration.config --a---- 18258 bytes [00:25 30/03/2013] [10:33 26/03/2013]
applicationHost.config --a---- 38525 bytes [00:25 30/03/2013] [00:24 30/03/2013]
C:\inetpub\history\CFGHISTORY_0000000025\schema d------ [00:25 30/03/2013]
NetFx40_IIS_schema_update.xml --a---- 3445 bytes [00:25 30/03/2013] [05:28 18/03/2010]
C:\inetpub\history\CFGHISTORY_0000000026 d------ [00:37 30/03/2013]
administration.config --a---- 18258 bytes [00:37 30/03/2013] [10:33 26/03/2013]
applicationHost.config --a---- 38525 bytes [00:37 30/03/2013] [00:36 30/03/2013]
C:\inetpub\history\CFGHISTORY_0000000026\schema d------ [00:37 30/03/2013]
NetFx40_IIS_schema_update.xml --a---- 3445 bytes [00:37 30/03/2013] [05:28 18/03/2010]
C:\inetpub\history\CFGHISTORY_0000000027 d------ [00:39 30/03/2013]
administration.config --a---- 18258 bytes [00:39 30/03/2013] [10:33 26/03/2013]
applicationHost.config --a---- 38525 bytes [00:39 30/03/2013] [00:37 30/03/2013]
C:\inetpub\history\CFGHISTORY_0000000027\schema d------ [00:39 30/03/2013]
NetFx40_IIS_schema_update.xml --a---- 3445 bytes [00:39 30/03/2013] [05:28 18/03/2010]
C:\inetpub\logs d------ [21:44 25/03/2013]
C:\inetpub\temp d------ [21:44 25/03/2013]
C:\inetpub\temp\appPools d------ [21:44 25/03/2013]
APCCDA.tmp --a---- 37239 bytes [00:37 30/03/2013] [00:37 30/03/2013]
C:\inetpub\wwwroot d------ [21:44 25/03/2013]
iisstart.htm --a---- 689 bytes [21:44 25/03/2013] [21:44 25/03/2013]
welcome.png --a---- 184946 bytes [21:44 25/03/2013] [21:44 25/03/2013]
C:\inetpub\wwwroot\aspnet_client d------ [22:15 25/03/2013]
C:\inetpub\wwwroot\aspnet_client\system_web d------ [22:15 25/03/2013]
C:\inetpub\wwwroot\aspnet_client\system_web\4_0_30319 d------ [22:15 25/03/2013]
c:\windows\SysWow64\BestPractices - Parameters: "/s"
---Files---
None found.
c:\windows\SysWow64\BestPractices\v1.0 d------ [21:44 25/03/2013]
c:\windows\SysWow64\BestPractices\v1.0\Models d------ [21:44 25/03/2013]
c:\windows\SysWow64\BestPractices\v1.0\Models\Microsoft d------ [21:44 25/03/2013]
c:\windows\SysWow64\BestPractices\v1.0\Models\Microsoft\Windows d------ [21:44 25/03/2013]
c:\windows\SysWow64\BestPractices\v1.0\Models\Microsoft\Windows\WebServer d------ [21:44 25/03/2013]
c:\windows\SysWow64\BestPractices\v1.0\Models\Microsoft\Windows\WebServer\en-US d------ [21:44 25/03/2013]
c:\windows\system32\BestPractices - Parameters: "/s"
---Files---
None found.
c:\windows\system32\BestPractices\v1.0 d------ [21:44 25/03/2013]
c:\windows\system32\BestPractices\v1.0\Models d------ [21:44 25/03/2013]
c:\windows\system32\BestPractices\v1.0\Models\Microsoft d------ [21:44 25/03/2013]
c:\windows\system32\BestPractices\v1.0\Models\Microsoft\Windows d------ [21:44 25/03/2013]
c:\windows\system32\BestPractices\v1.0\Models\Microsoft\Windows\WebServer d------ [21:44 25/03/2013]
WebServer_Model.ps1 --a---- 60608 bytes [20:43 10/06/2009] [20:43 10/06/2009]
c:\windows\system32\BestPractices\v1.0\Models\Microsoft\Windows\WebServer\en-US d------ [21:44 25/03/2013]
WebServer_model.psd1 --a---- 10786 bytes [01:12 06/04/2011] [13:02 20/11/2010]
 - Unable to find folder.
-= EOF =-
 
MBAM log:
 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4727
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
10/1/2010 9:24:14 AM
mbam-log-2010-10-01 (09-24-14).txt
Scan type: Quick scan
Objects scanned: 143646
Time elapsed: 9 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
 
 
 


Edited by TheJoker, 30 March 2013 - 07:42 AM.
formatting removed


#21 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 30 March 2013 - 08:20 AM

We'll update MBAM manually before scanning, and please be sure you select FULL scan when you run MBAM and not Quick scan.

Download this file and save it to your Desktop:
http://data.mbamupda.../mbam-rules.exe

Double-click mbam-rules.exe to install it.

If it won't install, try installing it after rebooting to Safe mode before you run MBAM.
 

Now reboot to Safe Mode - Restart your computer and begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.

 

Please Run Malwarebytes' Anti-Malware.

  • Click the Scanner tab.
  • Select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

 

 

Please post the log from MBAM and note any errors encountered.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#22 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 30 March 2013 - 11:26 AM

Here you go. I followed your instructions completely....no problems encountered but I'm not sure Malwarebytes was updated...

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.25.10

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 10.0.9200.16521
Carl's office :: CARLSOFFICE-PC [administrator]

3/30/2013 12:01:27 PM
mbam-log-2013-03-30 (12-01-27).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 563259
Time elapsed: 1 hour(s), 1 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#23 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 30 March 2013 - 03:58 PM

Here you go. I followed your instructions completely....no problems encountered but I'm not sure Malwarebytes was updated.



It updated, there is a different verison for the database version.

Let's try to manually export the registry keys that you were unable to do with a reg file.
Go to Start, All Programs > Accessories > Command Prompt
In the Window that opens, type regedit and hit Enter.

When the Registry Editor opens, you need to go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion.

  • In the left pane double-click on HKEY_LOCAL_MACHINE to expand the entry, and then do the same for SOFTWARE, Microsoft, Windows, and finally CurrentVersion.
  • Then right-click on Group Policy, Select Export.
  • In the Export Registry File window that opens, in the Save in drop-down menu select Desktop.
  • In the file name, enter HKLM_GPolicy
  • In the Save as type menu, select Text FIles (*.txt)
  • Click Save.

Now do the same thing for HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion.

  • Double-click on HKEY_LOCAL_MACHINE to expand the entry, and then do the same for SOFTWARE, Microsoft, Windows, and finally CurrentVersion.
  • Then right-click on Group Policy, Select Export.
  • In the Export Registry File window that opens, in the Save in drop-down menu select Desktop.
  • In the file name, enter HKCU_GPolicy.
  • In the Save as type menu, select Text FIles (*.txt)
  • Click Save.

Close the Registry Editor.


Please post the two text files created on the Desktop, HKLM_GPolicy.txt and HKCU_GPolicy.txt and note any errors encountered.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#24 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 30 March 2013 - 09:42 PM

I got both for you....

 

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy
Class Name:        <NO CLASS>
Last Write Time:   3/30/2013 - 1:19 PM

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership
Class Name:        <NO CLASS>
Last Write Time:   11/28/2012 - 8:11 AM
Value 0
  Name:            Group0
  Type:            REG_SZ
  Data:            S-1-5-32-544

Value 1
  Name:            Group1
  Type:            REG_SZ
  Data:            S-1-1-0

Value 2
  Name:            Group2
  Type:            REG_SZ
  Data:            S-1-5-11

Value 3
  Name:            Group3
  Type:            REG_SZ
  Data:            S-1-16-16384

Value 4
  Name:            Count
  Type:            REG_DWORD
  Data:            0x4


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History
Class Name:        <NO CLASS>
Last Write Time:   7/14/2009 - 1:08 AM
Value 0
  Name:            PolicyOverdue
  Type:            REG_DWORD
  Data:            0


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-1426207626-2938278142-1790814872-1000
Class Name:        <NO CLASS>
Last Write Time:   3/30/2013 - 1:19 PM

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-1426207626-2938278142-1790814872-1000\GroupMembership
Class Name:        <NO CLASS>
Last Write Time:   11/11/2011 - 11:27 PM
Value 0
  Name:            Group0
  Type:            REG_SZ
  Data:            S-1-5-21-1426207626-2938278142-1790814872-513

Value 1
  Name:            Group1
  Type:            REG_SZ
  Data:            S-1-1-0

Value 2
  Name:            Group2
  Type:            REG_SZ
  Data:            S-1-5-21-1426207626-2938278142-1790814872-1008

Value 3
  Name:            Group3
  Type:            REG_SZ
  Data:            S-1-5-32-544

Value 4
  Name:            Group4
  Type:            REG_SZ
  Data:            S-1-5-32-545

Value 5
  Name:            Group5
  Type:            REG_SZ
  Data:            S-1-5-4

Value 6
  Name:            Group6
  Type:            REG_SZ
  Data:            S-1-2-1

Value 7
  Name:            Group7
  Type:            REG_SZ
  Data:            S-1-5-11

Value 8
  Name:            Group8
  Type:            REG_SZ
  Data:            S-1-5-15

Value 9
  Name:            Group9
  Type:            REG_SZ
  Data:            S-1-2-0

Value 10
  Name:            Group10
  Type:            REG_SZ
  Data:            S-1-5-64-10

Value 11
  Name:            Group11
  Type:            REG_SZ
  Data:            S-1-16-12288

Value 12
  Name:            Count
  Type:            REG_DWORD
  Data:            0xc


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State
Class Name:        <NO CLASS>
Last Write Time:   8/29/2010 - 2:48 PM

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine
Class Name:        <NO CLASS>
Last Write Time:   8/5/2009 - 1:19 PM
Value 0
  Name:            ForceForegroundLogging
  Type:            REG_DWORD
  Data:            0

Value 1
  Name:            Site-Name
  Type:            REG_SZ
  Data:           

Value 2
  Name:            Distinguished-Name
  Type:            REG_SZ
  Data:           

Value 3
  Name:            SlowLink
  Type:            REG_DWORD
  Data:            0

Value 4
  Name:            PrevRefreshMode
  Type:            REG_DWORD
  Data:            0x2

Value 5
  Name:            PrevRefreshReason
  Type:            REG_DWORD
  Data:            0

Value 6
  Name:            NextRefreshMode
  Type:            REG_DWORD
  Data:            0x2

Value 7
  Name:            NextRefreshReason
  Type:            REG_DWORD
  Data:            0


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List
Class Name:        <NO CLASS>
Last Write Time:   7/14/2009 - 1:08 AM

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}
Class Name:        <NO CLASS>
Last Write Time:   3/30/2013 - 1:19 PM
Value 0
  Name:            StartTimeLo
  Type:            REG_DWORD
  Data:            0xb4719420

Value 1
  Name:            StartTimeHi
  Type:            REG_DWORD
  Data:            0x1ce2d6a

Value 2
  Name:            EndTimeLo
  Type:            REG_DWORD
  Data:            0xb478b841

Value 3
  Name:            EndTimeHi
  Type:            REG_DWORD
  Data:            0x1ce2d6a

Value 4
  Name:            Status
  Type:            REG_DWORD
  Data:            0

Value 5
  Name:            LoggingStatus
  Type:            REG_DWORD
  Data:            0


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\GPLink-List
Class Name:        <NO CLASS>
Last Write Time:   7/14/2009 - 1:08 AM

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\GPLink-List\0
Class Name:        <NO CLASS>
Last Write Time:   7/14/2009 - 1:08 AM
Value 0
  Name:            Enabled
  Type:            REG_DWORD
  Data:            0x1

Value 1
  Name:            NoOverride
  Type:            REG_DWORD
  Data:            0

Value 2
  Name:            DsPath
  Type:            REG_SZ
  Data:            LocalGPO

Value 3
  Name:            SOM
  Type:            REG_SZ
  Data:            Local


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\GPO-List
Class Name:        <NO CLASS>
Last Write Time:   7/14/2009 - 1:08 AM

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\GPO-List\0
Class Name:        <NO CLASS>
Last Write Time:   7/14/2009 - 1:08 AM
Value 0
  Name:            Version
  Type:            REG_DWORD
  Data:            0

Value 1
  Name:            WQLFilterPass
  Type:            REG_DWORD
  Data:            0x1

Value 2
  Name:            AccessDenied
  Type:            REG_DWORD
  Data:            0

Value 3
  Name:            GPO-Disabled
  Type:            REG_DWORD
  Data:            0

Value 4
  Name:            Options
  Type:            REG_DWORD
  Data:            0

Value 5
  Name:            GPOID
  Type:            REG_SZ
  Data:            Local Group Policy

Value 6
  Name:            SOM
  Type:            REG_SZ
  Data:            Local

Value 7
  Name:            DisplayName
  Type:            REG_SZ
  Data:            Local Group Policy

Value 8
  Name:            WQL-Id
  Type:            REG_SZ
  Data:           


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1426207626-2938278142-1790814872-1000
Class Name:        <NO CLASS>
Last Write Time:   3/30/2013 - 1:19 PM
Value 0
  Name:            ForceForegroundLogging
  Type:            REG_DWORD
  Data:            0

Value 1
  Name:            Site-Name
  Type:            REG_SZ
  Data:           

Value 2
  Name:            Distinguished-Name
  Type:            REG_SZ
  Data:           

Value 3
  Name:            SlowLink
  Type:            REG_DWORD
  Data:            0

Value 4
  Name:            PrevRefreshMode
  Type:            REG_DWORD
  Data:            0x2

Value 5
  Name:            PrevRefreshReason
  Type:            REG_DWORD
  Data:            0

Value 6
  Name:            NextRefreshMode
  Type:            REG_DWORD
  Data:            0x2

Value 7
  Name:            NextRefreshReason
  Type:            REG_DWORD
  Data:            0


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1426207626-2938278142-1790814872-1000\Extension-List
Class Name:        <NO CLASS>
Last Write Time:   8/29/2010 - 2:48 PM

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1426207626-2938278142-1790814872-1000\Extension-List\{00000000-0000-0000-0000-000000000000}
Class Name:        <NO CLASS>
Last Write Time:   3/30/2013 - 1:19 PM
Value 0
  Name:            StartTimeLo
  Type:            REG_DWORD
  Data:            0xb81910eb

Value 1
  Name:            StartTimeHi
  Type:            REG_DWORD
  Data:            0x1ce2d6a

Value 2
  Name:            EndTimeLo
  Type:            REG_DWORD
  Data:            0xb827592d

Value 3
  Name:            EndTimeHi
  Type:            REG_DWORD
  Data:            0x1ce2d6a

Value 4
  Name:            Status
  Type:            REG_DWORD
  Data:            0

Value 5
  Name:            LoggingStatus
  Type:            REG_DWORD
  Data:            0


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1426207626-2938278142-1790814872-1000\GPLink-List
Class Name:        <NO CLASS>
Last Write Time:   8/29/2010 - 2:48 PM

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1426207626-2938278142-1790814872-1000\GPLink-List\0
Class Name:        <NO CLASS>
Last Write Time:   8/29/2010 - 2:48 PM
Value 0
  Name:            Enabled
  Type:            REG_DWORD
  Data:            0x1

Value 1
  Name:            NoOverride
  Type:            REG_DWORD
  Data:            0

Value 2
  Name:            DsPath
  Type:            REG_SZ
  Data:            LocalGPO

Value 3
  Name:            SOM
  Type:            REG_SZ
  Data:            Local


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1426207626-2938278142-1790814872-1000\GPO-List
Class Name:        <NO CLASS>
Last Write Time:   8/29/2010 - 2:48 PM

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1426207626-2938278142-1790814872-1000\GPO-List\0
Class Name:        <NO CLASS>
Last Write Time:   8/29/2010 - 2:48 PM
Value 0
  Name:            Version
  Type:            REG_DWORD
  Data:            0

Value 1
  Name:            WQLFilterPass
  Type:            REG_DWORD
  Data:            0x1

Value 2
  Name:            AccessDenied
  Type:            REG_DWORD
  Data:            0

Value 3
  Name:            GPO-Disabled
  Type:            REG_DWORD
  Data:            0

Value 4
  Name:            Options
  Type:            REG_DWORD
  Data:            0

Value 5
  Name:            GPOID
  Type:            REG_SZ
  Data:            Local Group Policy

Value 6
  Name:            SOM
  Type:            REG_SZ
  Data:            Local

Value 7
  Name:            DisplayName
  Type:            REG_SZ
  Data:            Local Group Policy

Value 8
  Name:            WQL-Id
  Type:            REG_SZ
  Data:           


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1426207626-2938278142-1790814872-1000\Loopback-GPLink-List
Class Name:        <NO CLASS>
Last Write Time:   8/29/2010 - 2:48 PM

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1426207626-2938278142-1790814872-1000\Loopback-GPO-List
Class Name:        <NO CLASS>
Last Write Time:   8/29/2010 - 2:48 PM

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Status
Class Name:        <NO CLASS>
Last Write Time:   8/29/2010 - 2:48 PM

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Status\S-1-5-21-1426207626-2938278142-1790814872-1000
Class Name:        <NO CLASS>
Last Write Time:   3/30/2013 - 1:19 PM

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\GPStartup
Class Name:        <NO CLASS>
Last Write Time:   3/30/2013 - 1:19 PM

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\PolicyApplicationState
Class Name:        <NO CLASS>
Last Write Time:   3/30/2013 - 1:19 PM
Value 0
  Name:            PolicyState
  Type:            REG_DWORD
  Data:            0x2


Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\ServiceInstances
Class Name:        <NO CLASS>
Last Write Time:   3/30/2013 - 1:19 PM

Key Name:          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\ServiceInstances\2fd67b91-9bb5-48bb-8163-9e8aa50ae384
Class Name:        <NO CLASS>
Last Write Time:   3/30/2013 - 1:19 PM

 

 

And the 2nd one:

 

Key Name:          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy
Class Name:        <NO CLASS>
Last Write Time:   3/30/2013 - 1:19 PM

Key Name:          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership
Class Name:        <NO CLASS>
Last Write Time:   11/11/2011 - 11:27 PM
Value 0
  Name:            Group0
  Type:            REG_SZ
  Data:            S-1-5-21-1426207626-2938278142-1790814872-513

Value 1
  Name:            Group1
  Type:            REG_SZ
  Data:            S-1-1-0

Value 2
  Name:            Group2
  Type:            REG_SZ
  Data:            S-1-5-21-1426207626-2938278142-1790814872-1008

Value 3
  Name:            Group3
  Type:            REG_SZ
  Data:            S-1-5-32-544

Value 4
  Name:            Group4
  Type:            REG_SZ
  Data:            S-1-5-32-545

Value 5
  Name:            Group5
  Type:            REG_SZ
  Data:            S-1-5-4

Value 6
  Name:            Group6
  Type:            REG_SZ
  Data:            S-1-2-1

Value 7
  Name:            Group7
  Type:            REG_SZ
  Data:            S-1-5-11

Value 8
  Name:            Group8
  Type:            REG_SZ
  Data:            S-1-5-15

Value 9
  Name:            Group9
  Type:            REG_SZ
  Data:            S-1-2-0

Value 10
  Name:            Group10
  Type:            REG_SZ
  Data:            S-1-5-64-10

Value 11
  Name:            Group11
  Type:            REG_SZ
  Data:            S-1-16-12288

Value 12
  Name:            Count
  Type:            REG_DWORD
  Data:            0xc


Key Name:          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History
Class Name:        <NO CLASS>
Last Write Time:   8/29/2010 - 2:48 PM
Value 0
  Name:            PolicyOverdue
  Type:            REG_DWORD
  Data:            0


Key Name:          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\PolicyApplicationState
Class Name:        <NO CLASS>
Last Write Time:   3/30/2013 - 1:19 PM
Value 0
  Name:            PolicyState
  Type:            REG_DWORD
  Data:            0x2


 



#25 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 31 March 2013 - 09:19 AM

I think we are getting there, but I gave you a safer but harder to read save option when exporting from the Registry.

Please Delete the two files exported from the Registry.

 

Let's do the exact same thing, only this time when you export from the registry instead of selecting to save as text, let's save it as a registry file.

 

Go to Start, All Programs > Accessories > Command Prompt
In the Window that opens, type regedit and hit Enter.

 

When the Registry Editor opens, you need to go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion.

  • In the left pane double-click on HKEY_LOCAL_MACHINE to expand the entry, and then do the same for SOFTWARE, Microsoft, Windows, and finally CurrentVersion.
  • Then right-click on Group Policy, Select Export.
  • In the Export Registry File window that opens, in the Save in drop-down menu select Desktop.
  • In the file name, enter HKLM_GPolicy
  • In the Save as type menu, If not already the selected option, select Registration FIles (*.reg)
  • Click Save.

Now do the same thing for HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion.

  • Double-click on HKEY_LOCAL_MACHINE to expand the entry, and then do the same for SOFTWARE, Microsoft, Windows, and finally CurrentVersion.
  • Then right-click on Group Policy, Select Export.
  • In the Export Registry File window that opens, in the Save in drop-down menu select Desktop.
  • In the file name, enter HKCU_GPolicy.
  • In the Save as type menu, If not already the selected option, select Registration FIles (*.reg)
  • Click Save.

Close the Registry Editor.

 

Now go to the Desktop, right-click on HKLM_GPolicy.reg, select Rename, and Change the file extension to .txt

Now do the same thing with the other file, right-click on HKCU_GPolicy.reg, select Rename, and Change the file extension to .txt

 

Now the files are in .reg format, but with a text tile extension.

Double-click on each to open in Notepad, and post the contents of each in you next reply.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#26 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 31 March 2013 - 11:51 AM

Thanks for your patience....I followed your instructions and here are the 2 files you requested.

 

HKLM_GPolicy.txt

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership]
"Group0"="S-1-5-32-544"
"Group1"="S-1-1-0"
"Group2"="S-1-5-11"
"Group3"="S-1-16-16384"
"Count"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History]
"PolicyOverdue"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-1426207626-2938278142-1790814872-1000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\S-1-5-21-1426207626-2938278142-1790814872-1000\GroupMembership]
"Group0"="S-1-5-21-1426207626-2938278142-1790814872-513"
"Group1"="S-1-1-0"
"Group2"="S-1-5-21-1426207626-2938278142-1790814872-1008"
"Group3"="S-1-5-32-544"
"Group4"="S-1-5-32-545"
"Group5"="S-1-5-4"
"Group6"="S-1-2-1"
"Group7"="S-1-5-11"
"Group8"="S-1-5-15"
"Group9"="S-1-2-0"
"Group10"="S-1-5-64-10"
"Group11"="S-1-16-12288"
"Count"=dword:0000000c

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine]
"ForceForegroundLogging"=dword:00000000
"Site-Name"=""
"Distinguished-Name"=""
"SlowLink"=dword:00000000
"PrevRefreshMode"=dword:00000002
"PrevRefreshReason"=dword:00000000
"NextRefreshMode"=dword:00000002
"NextRefreshReason"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}]
"StartTimeLo"=dword:b4719420
"StartTimeHi"=dword:01ce2d6a
"EndTimeLo"=dword:b478b841
"EndTimeHi"=dword:01ce2d6a
"Status"=dword:00000000
"LoggingStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\GPLink-List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\GPLink-List\0]
"Enabled"=dword:00000001
"NoOverride"=dword:00000000
"DsPath"="LocalGPO"
"SOM"="Local"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\GPO-List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\GPO-List\0]
"Version"=dword:00000000
"WQLFilterPass"=dword:00000001
"AccessDenied"=dword:00000000
"GPO-Disabled"=dword:00000000
"Options"=dword:00000000
"GPOID"="Local Group Policy"
"SOM"="Local"
"DisplayName"="Local Group Policy"
"WQL-Id"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1426207626-2938278142-1790814872-1000]
"ForceForegroundLogging"=dword:00000000
"Site-Name"=""
"Distinguished-Name"=""
"SlowLink"=dword:00000000
"PrevRefreshMode"=dword:00000002
"PrevRefreshReason"=dword:00000000
"NextRefreshMode"=dword:00000002
"NextRefreshReason"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1426207626-2938278142-1790814872-1000\Extension-List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1426207626-2938278142-1790814872-1000\Extension-List\{00000000-0000-0000-0000-000000000000}]
"StartTimeLo"=dword:b81910eb
"StartTimeHi"=dword:01ce2d6a
"EndTimeLo"=dword:b827592d
"EndTimeHi"=dword:01ce2d6a
"Status"=dword:00000000
"LoggingStatus"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1426207626-2938278142-1790814872-1000\GPLink-List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1426207626-2938278142-1790814872-1000\GPLink-List\0]
"Enabled"=dword:00000001
"NoOverride"=dword:00000000
"DsPath"="LocalGPO"
"SOM"="Local"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1426207626-2938278142-1790814872-1000\GPO-List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1426207626-2938278142-1790814872-1000\GPO-List\0]
"Version"=dword:00000000
"WQLFilterPass"=dword:00000001
"AccessDenied"=dword:00000000
"GPO-Disabled"=dword:00000000
"Options"=dword:00000000
"GPOID"="Local Group Policy"
"SOM"="Local"
"DisplayName"="Local Group Policy"
"WQL-Id"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1426207626-2938278142-1790814872-1000\Loopback-GPLink-List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-1426207626-2938278142-1790814872-1000\Loopback-GPO-List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Status]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Status\S-1-5-21-1426207626-2938278142-1790814872-1000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\GPStartup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\PolicyApplicationState]
"PolicyState"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\ServiceInstances]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\ServiceInstances\2fd67b91-9bb5-48bb-8163-9e8aa50ae384]

 

 

HKCU_GPolicy.txt

 

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership]
"Group0"="S-1-5-21-1426207626-2938278142-1790814872-513"
"Group1"="S-1-1-0"
"Group2"="S-1-5-21-1426207626-2938278142-1790814872-1008"
"Group3"="S-1-5-32-544"
"Group4"="S-1-5-32-545"
"Group5"="S-1-5-4"
"Group6"="S-1-2-1"
"Group7"="S-1-5-11"
"Group8"="S-1-5-15"
"Group9"="S-1-2-0"
"Group10"="S-1-5-64-10"
"Group11"="S-1-16-12288"
"Count"=dword:0000000c

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\History]
"PolicyOverdue"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\PolicyApplicationState]
"PolicyState"=dword:00000002



#27 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 31 March 2013 - 01:36 PM

Please download Malwarebytes Anti-Rootkit here.

  • Unzip the contents to a folder on the Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Please post the two logs produced.
  • Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.

 

If you get the same error running Malwarebytes Antimalware, reboot to Safe Mode with Networking.

Then follow the above instructions to start Malwarebytes Anti-Rootkit, update it, scan your system, and post the two logs it produced.

 

When you received the errors trying to run online scans, what browser were you using?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#28 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 31 March 2013 - 04:14 PM

I ran mbar.exe and it scan the entire disk, and came back and said Congratulations, no malicious infections found.  Wow!  But nothing has changed.  I still get the message when trying to open Malwarebytes and others:  This program is blocked by Group Policy. 



#29 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 01 April 2013 - 05:44 PM

Please run Notepad and paste the following text in the Code box into a new file:

REG ADD HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\ /v DefaultLevel /t REG_DWORD /d 0x00040000 /f

Save the file to the desktop as fix.bat and make sure the "Save as Type" field says "All Files".

Then please go to the desktop right-click on fix.bat and select Run as administrator to run it.

Please restart your system.

Can you now run MBAM without receiving the error?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#30 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 01 April 2013 - 06:21 PM

Nope!  Same old thing.  Thanks, and let me know what's next...



#31 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 01 April 2013 - 06:55 PM

Open LogMeIn, go to Preferences, and untick "Disable wallpaper and user interface effects on host computer". Restart the system.

 

Does the problem continue?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#32 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 01 April 2013 - 07:12 PM

I did it, no change, and then I disabled LogMeIn, no change...



#33 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 02 April 2013 - 05:34 AM

Let's do the same thing as before to export from the Registry, only this time export a different key.

 

Go to Start, All Programs > Accessories > Command Prompt
In the Window that opens, type regedit and hit Enter.

 

When the Registry Editor opens, you need to go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies

  • In the left pane double-click on HKEY_LOCAL_MACHINE to expand the entry, and then do the same for SOFTWARE, and finally locate Policies (it doesn't need to be expanded).
  • Then right-click on Policies, Select Export.
  • In the Export Registry File window that opens, in the Save in drop-down menu select Desktop.
  • In the file name, enter HKLM_SPolicy
  • In the Save as type menu, If not already the selected option, select Registration FIles (*.reg)
  • Click Save.

Now do the same thing for HKEY_CURRENT_USER\SOFTWARE\Policies.

  • Double-click on HKEY_LOCAL_MACHINE to expand the entry, and then do the same for SOFTWARE, and finally locate Policies (it doesn't need to be expanded).
  • Then right-click on Policies, Select Export.
  • In the Export Registry File window that opens, in the Save in drop-down menu select Desktop.
  • In the file name, enter HKCU_SPolicy.
  • In the Save as type menu, If not already the selected option, select Registration FIles (*.reg)
  • Click Save.

Close the Registry Editor.

 

Now go to the Desktop, right-click on HKLM_SPolicy.reg, select Rename, and Change the file extension to .txt

Now do the same thing with the other file, right-click on HKCU_SPolicy.reg, select Rename, and Change the file extension to .txt

 

Now the files are in .reg format, but with a text tile extension.

Double-click on each to open in Notepad, and post the contents of each in you next reply.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#34 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 02 April 2013 - 09:41 AM

O.K.  here you go: 

 

HKLM_SPolicy.txt

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown\cDefaultExecMenuItems]
"tWhiteList"="Close|GeneralInfo|Quit|FirstPage|PrevPage|NextPage|LastPage|ActualSize|FitPage|FitWidth|FitHeight|SinglePage|OneColumn|TwoPages|TwoColumns|ZoomViewIn|ZoomViewOut|ShowHideBookmarks|ShowHideThumbnails|Print|GoToPage|ZoomTo|GeneralPrefs|SaveAs|FullScreenMode|OpenOrganizer|Scan|Web2PDF:OpnURL|AcroSendMail:SendMail|Spelling:Check Spelling|PageSetup|Find|FindSearch|GoBack|GoForward|FitVisible|ShowHideArticles|ShowHideFileAttachment|ShowHideAnnotManager|ShowHideFields|ShowHideOptCont|ShowHideModelTree|ShowHideSignatures|InsertPages|ExtractPages|ReplacePages|DeletePages|CropPages|RotatePages|AddFileAttachment|FindCurrentBookmark|BookmarkShowLocation|GoBackDoc|GoForwardDoc|DocHelpUserGuide|HelpReader|rolReadPage|HandMenuItem|ZoomDragMenuItem|CollectionPreview|CollectionHome|CollectionDetails|CollectionShowRoot|&Pages|Co&ntent|&Forms|Action &Wizard|Recognize &Text|P&rotection|&Sign && Certify|Doc&ument Processing|Print Pro&duction|Ja&vaScript|&Accessibility|Analy&ze|&Annotations|D&rawing Markups|Revie&w"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown\cDefaultLaunchAttachmentPerms]
"tBuiltInPermList"="version:1|.ade:3|.adp:3|.app:3|.arc:3|.arj:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.cab:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.dll:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mdb:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.taz:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.z:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2|.jar:3|.pkg:3|.tool:3|.term:3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown\cDefaultLaunchURLPerms]
"tFlashContentSchemeWhiteList"="http|https|ftp|rtmp|rtmpe|rtmpt|rtmpte|rtmps|mailto"
"tSponsoredContentSchemeWhiteList"="http|https"
"tSchemePerms"="version:2|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1|rlogin:3|javascript:4|data:3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Hardware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Hardware\Device Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Hardware\IntelliPoint]
"UserBlock"="8.15.406.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Hardware\IntelliType Pro]
"UserBlock"="8.15.406.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office\12.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office\12.0\Outlook]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office\12.0\Outlook\Security]
"NonDefaultStoreScript"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office\14.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office\14.0\Outlook]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office\14.0\Outlook\Security]
"NonDefaultStoreScript"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Peernet]
"Disabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Control Panel]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Control Panel\Desktop]
"Wallpaper"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Identities]
@=""
"Locked Down"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Network Connections]
"NC_PersonalFirewallConfig"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers]
"authenticodeenabled"=dword:00000000
"DefaultLevel"=dword:00040000
"TransparentEnabled"=dword:00000001
"PolicyScope"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{07631485-552D-463E-9862-56A64FB82310}]
"SaferFlags"=dword:00000000
"ItemData"="C:\\Documents and Settings\\All Users\\Application Data\\AVAST Software"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{3ACB3EB8-0254-4086-8555-296A53904817}]
"SaferFlags"=dword:00000000
"ItemData"="C:\\Program Files (x86)\\AVG"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{465114A6-1990-4844-9C40-36BA3FF0668E}]
"SaferFlags"=dword:00000000
"ItemData"="C:\\Program Files\\AVAST Software"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{5ECE75F0-4E6A-4489-97F1-3F1A5D6C6F43}]
"SaferFlags"=dword:00000000
"ItemData"="C:\\Documents and Settings\\All Users\\Application Data\\McAfee"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{6540690E-53B2-42CB-B4E4-1B2102C31CFD}]
"SaferFlags"=dword:00000000
"ItemData"="C:\\Documents and Settings\\All Users\\Application Data\\Malwarebytes"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{6F081454-1F08-4455-A4A2-11CE63FF2481}]
"SaferFlags"=dword:00000000
"ItemData"="C:\\Program Files (x86)\\AVG"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{7128065C-243A-455E-B828-49E050651BFA}]
"SaferFlags"=dword:00000000
"ItemData"="C:\\Documents and Settings\\All Users\\Application Data\\Lavasoft"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{7A5B3FCC-71CA-440B-870B-797475EF338D}]
"SaferFlags"=dword:00000000
"ItemData"="C:\\Program Files (x86)\\Malwarebytes' Anti-Malware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\Scripts]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WSDAPI]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WSDAPI\Discovery Proxies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client]
"fEnableUsbNoAckIsochWriteToDevice"=dword:00000050
"fEnableUsbBlockDeviceBySetupClass"=dword:00000001
"fEnableUsbSelectDeviceByInterface"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client\UsbBlockDeviceBySetupClasses]
"1000"="{3376f4ce-ff8d-40a2-a80f-bb4359d1415c}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client\UsbSelectDeviceByInterfaces]
"1000"="{6bdd1fc6-810f-11d0-bec7-08002be2092f}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]
"KnownDllList"="nlhtml.dll"
"SFCDisable"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

 

HKCU_SPolicy.txt

 

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Policies]

[HKEY_CURRENT_USER\Software\Policies\Microsoft]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Security]
"NonDefaultStoreScript"=dword:00000001

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\Outlook]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\Outlook\Security]
"NonDefaultStoreScript"=dword:00000001

[HKEY_CURRENT_USER\Software\Policies\Microsoft\System]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\Certificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CRLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA\CTLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\Certificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CRLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\trust\CTLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Group Policy Editor]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Scripts]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT]

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_CURRENT_USER\Software\Policies\Power]

[HKEY_CURRENT_USER\Software\Policies\Power\PowerSettings]



#35 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 02 April 2013 - 12:07 PM

Also interesting to note that now (as of about an hour or 2 ago), my Desktop Background is now just black.  I have the icons but the background is just black.   I previously had a picture from Windows, just a landscape picture from their "personalization" file. And I've tried to change it back, and it won't take....just stays on black...



#36 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 02 April 2013 - 04:42 PM

We need to make sure you have the most recent version of ComboFix.
Delete your current copy of ComboFix.exe.
Download ComboFix© by sUBs from one of these links:
http://download.blee...Bs/ComboFix.exe
http://www.forospywa...Bs/ComboFix.exe

Save the file to your Desktop.
Close any open browsers.
Close your AntiVirus and any anti-spyware programs you may be running.

For this next step, please ensure that ComboFix.exe is on your desktop:

Please open Notepad *Do Not Use Wordpad!* (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" and change the "Save as type" to "All Files" and place it on your desktop.

Killall::
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{07631485-552D-463E-9862-56A64FB82310}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{3ACB3EB8-0254-4086-8555-296A53904817}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{465114A6-1990-4844-9C40-36BA3FF0668E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{5ECE75F0-4E6A-4489-97F1-3F1A5D6C6F43}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{6540690E-53B2-42CB-B4E4-1B2102C31CFD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{6F081454-1F08-4455-A4A2-11CE63FF2481}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{7128065C-243A-455E-B828-49E050651BFA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths\{7A5B3FCC-71CA-440B-870B-797475EF338D}]


Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that log in your next reply. Can you now run MBAM without error?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#37 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 02 April 2013 - 07:40 PM

Wooohooo! MBAM is working! a breakthrough!  Wow, what a long haul....here's the log from ComboFix...let me know what else I have to do...and thanks a million...

 

ComboFix 13-04-02.01 - Carl's office 04/02/2013  21:03:22.6.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3839.1945 [GMT -4:00]
Running from: c:\users\Carl's office\Desktop\ComboFix.exe
Command switches used :: c:\users\Carl's office\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-03 to 2013-04-03  )))))))))))))))))))))))))))))))
.
.
2013-04-03 01:19 . 2013-04-03 01:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-04-03 01:19 . 2013-04-03 01:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-03 01:19 . 2013-04-03 01:19 -------- d-----w- c:\users\CARLS OFFICE\AppData\Local\temp
2013-04-02 20:59 . 2013-04-02 20:59 -------- d-----w- c:\programdata\Downloaded Installations
2013-04-02 20:59 . 2013-04-02 20:59 -------- d-----w- c:\programdata\Search Protection
2013-04-02 20:59 . 2013-04-02 23:41 -------- d-----w- c:\programdata\adawaretb
2013-04-02 20:59 . 2013-04-02 20:59 -------- d-----w- c:\users\Carl's office\AppData\Local\adawarebp
2013-04-02 20:59 . 2013-04-02 20:59 -------- d-----w- c:\programdata\blekko toolbars
2013-04-02 20:59 . 2013-04-02 20:59 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-04-02 20:59 . 2013-04-02 20:59 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2013-04-02 20:57 . 2013-04-02 20:57 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-04-02 01:38 . 2013-04-02 01:38 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2013-04-02 01:38 . 2013-04-02 01:56 -------- d-----w- c:\programdata\Kaspersky Lab
2013-03-25 22:02 . 2012-06-01 05:36 192000 ----a-w- c:\windows\system32\iisRtl.dll
2013-03-25 22:02 . 2012-06-01 05:34 55296 ----a-w- c:\windows\system32\admwprox.dll
2013-03-25 22:02 . 2012-06-01 04:37 154624 ----a-w- c:\windows\SysWow64\iisRtl.dll
2013-03-25 22:02 . 2012-06-01 04:35 50688 ----a-w- c:\windows\SysWow64\admwprox.dll
2013-03-25 22:02 . 2012-06-01 05:35 60928 ----a-w- c:\windows\system32\ahadmin.dll
2013-03-25 22:02 . 2012-06-01 05:33 16896 ----a-w- c:\windows\system32\iisreset.exe
2013-03-25 22:02 . 2012-06-01 04:34 15360 ----a-w- c:\windows\SysWow64\iisreset.exe
2013-03-25 22:02 . 2012-06-01 05:39 14848 ----a-w- c:\windows\system32\wamregps.dll
2013-03-25 22:02 . 2012-06-01 04:35 26624 ----a-w- c:\windows\SysWow64\ahadmin.dll
2013-03-25 22:02 . 2012-06-01 05:36 11264 ----a-w- c:\windows\system32\iisrstap.dll
2013-03-25 22:02 . 2012-06-01 04:37 8192 ----a-w- c:\windows\SysWow64\iisrstap.dll
2013-03-25 21:44 . 2013-03-25 21:44 -------- d-----w- c:\windows\SysWow64\BestPractices
2013-03-25 21:44 . 2013-03-25 21:44 -------- d-----w- c:\windows\system32\BestPractices
2013-03-25 21:44 . 2013-03-25 21:44 -------- d-----w- C:\inetpub
2013-03-25 12:27 . 2013-03-25 12:27 -------- d-----w- c:\programdata\Sophos
2013-03-25 12:26 . 2013-03-25 12:26 73728 ----a-r- c:\users\Carl's office\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-03-25 12:26 . 2013-03-25 12:26 73728 ----a-r- c:\users\Carl's office\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-03-25 12:26 . 2013-03-25 12:26 73728 ----a-r- c:\users\Carl's office\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-03-25 12:26 . 2013-03-25 12:26 -------- d-----w- c:\program files (x86)\Sophos
2013-03-24 02:50 . 2013-03-24 02:50 -------- d-----w- c:\program files (x86)\Panda Security
2013-03-23 19:45 . 2013-03-23 19:45 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-03-23 19:42 . 2013-03-23 19:42 -------- d-----w- c:\program files (x86)\RealNetworks
2013-03-23 19:42 . 2013-03-23 19:42 -------- d-----w- c:\programdata\RealNetworks
2013-03-23 19:42 . 2013-03-23 19:42 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2013-03-20 20:12 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-13 22:01 . 2013-03-13 22:01 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-13 22:01 . 2013-03-13 22:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-05 20:05 . 2013-03-25 21:55 -------- d-----w- c:\users\LogMeInRemoteUser
2013-03-05 02:15 . 2013-03-05 02:15 -------- d-----w- c:\users\Carl's office\AppData\Local\LogMeIn
2013-03-05 02:15 . 2013-01-25 21:37 60776 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
2013-03-05 02:15 . 2013-01-25 21:38 88448 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-03-05 02:15 . 2013-01-25 21:37 35688 ----a-w- c:\windows\system32\LMIport.dll
2013-03-05 02:15 . 2012-11-29 16:56 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2013-03-05 02:15 . 2012-11-29 16:56 11552 ----a-w- c:\windows\system32\drivers\lmimirr.sys
2013-03-05 02:15 . 2013-01-25 21:37 84328 ----a-w- c:\windows\system32\LMIinit.dll
2013-03-05 02:14 . 2013-04-02 10:36 -------- d-----w- c:\programdata\LogMeIn
2013-03-05 02:14 . 2013-03-05 20:05 -------- d-----w- c:\program files (x86)\LogMeIn
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-03 01:21 . 2011-11-08 01:12 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2013-03-23 19:38 . 2011-12-14 00:57 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-23 19:38 . 2011-12-14 00:57 1085344 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-19 12:44 . 2012-03-31 13:20 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-19 12:44 . 2011-06-14 01:45 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-19 09:50 . 2013-04-02 10:45 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C4F3F34-77C8-453C-A9D5-115A900576CE}\mpengine.dll
2013-03-13 22:21 . 2010-09-01 00:16 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-26 23:17 . 2013-02-26 23:17 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-02-26 23:17 . 2013-02-26 23:17 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-02-26 23:17 . 2013-02-26 23:17 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-02-26 23:17 . 2013-02-26 23:17 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-02-26 23:17 . 2013-02-26 23:17 1766912 ----a-w- c:\windows\SysWow64\wininet.dll
2013-02-26 23:17 . 2013-02-26 23:17 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-02-26 23:17 . 2013-02-26 23:17 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-02-26 23:17 . 2013-02-26 23:17 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-02-26 23:17 . 2013-02-26 23:17 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-02-26 23:17 . 2013-02-26 23:17 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-02-26 23:17 . 2013-02-26 23:17 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-02-26 23:17 . 2013-02-26 23:17 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-02-26 23:17 . 2013-02-26 23:17 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-02-26 23:17 . 2013-02-26 23:17 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-02-26 23:17 . 2013-02-26 23:17 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-02-26 23:17 . 2013-02-26 23:17 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-02-26 23:17 . 2013-02-26 23:17 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-02-26 23:17 . 2013-02-26 23:17 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-02-26 23:17 . 2013-02-26 23:17 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-02-26 23:17 . 2013-02-26 23:17 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-02-26 23:17 . 2013-02-26 23:17 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-02-26 23:17 . 2013-02-26 23:17 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-02-26 23:17 . 2013-02-26 23:17 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-02-26 23:17 . 2013-02-26 23:17 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-02-26 23:17 . 2013-02-26 23:17 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-02-26 23:17 . 2013-02-26 23:17 2647552 ----a-w- c:\windows\system32\iertutil.dll
2013-02-26 23:17 . 2013-02-26 23:17 216064 ----a-w- c:\windows\system32\msls31.dll
2013-02-26 23:17 . 2013-02-26 23:17 197120 ----a-w- c:\windows\system32\msrating.dll
2013-02-26 23:17 . 2013-02-26 23:17 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-02-26 23:17 . 2013-02-26 23:17 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-02-26 23:17 . 2013-02-26 23:17 441856 ----a-w- c:\windows\system32\html.iec
2013-02-26 23:17 . 2013-02-26 23:17 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-02-26 23:17 . 2013-02-26 23:17 2240512 ----a-w- c:\windows\system32\wininet.dll
2013-02-26 23:17 . 2013-02-26 23:17 81408 ----a-w- c:\windows\system32\icardie.dll
2013-02-26 23:17 . 2013-02-26 23:17 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-02-26 23:17 . 2013-02-26 23:17 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-02-26 23:17 . 2013-02-26 23:17 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-02-26 23:17 . 2013-02-26 23:17 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-02-26 23:17 . 2013-02-26 23:17 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-02-26 23:17 . 2013-02-26 23:17 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-02-26 23:17 . 2013-02-26 23:17 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-02-26 23:17 . 2013-02-26 23:17 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-02-26 23:17 . 2013-02-26 23:17 235008 ----a-w- c:\windows\system32\url.dll
2013-02-26 23:17 . 2013-02-26 23:17 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-02-26 23:17 . 2013-02-26 23:17 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-26 23:17 . 2013-02-26 23:17 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-02-26 23:17 . 2013-02-26 23:17 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-26 23:17 . 2013-02-26 23:17 102912 ----a-w- c:\windows\system32\inseng.dll
2013-02-26 23:17 . 2013-02-26 23:17 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-02-26 23:17 . 2013-02-26 23:17 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-02-26 23:17 . 2013-02-26 23:17 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-02-26 23:17 . 2013-02-26 23:17 144896 ----a-w- c:\windows\system32\wextract.exe
2013-02-26 23:17 . 2013-02-26 23:17 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-02-26 23:17 . 2013-02-26 23:17 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-26 23:17 . 2013-02-26 23:17 19221504 ----a-w- c:\windows\system32\mshtml.dll
2013-02-26 23:17 . 2013-02-26 23:17 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-26 23:17 . 2013-02-26 23:17 149504 ----a-w- c:\windows\system32\occache.dll
2013-02-26 23:17 . 2013-02-26 23:17 13824 ----a-w- c:\windows\system32\mshta.exe
2013-02-26 23:17 . 2013-02-26 23:17 855552 ----a-w- c:\windows\system32\jscript.dll
2013-02-26 23:17 . 2013-02-26 23:17 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-02-26 23:17 . 2013-02-26 23:17 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-02-26 23:17 . 2013-02-26 23:17 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-02-26 23:17 . 2013-02-26 23:17 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-02-26 23:17 . 2013-02-26 23:17 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-02-26 23:17 . 2013-02-26 23:17 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-02-26 23:17 . 2013-02-26 23:17 526848 ----a-w- c:\windows\system32\ieui.dll
2013-02-26 23:17 . 2013-02-26 23:17 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-02-26 23:17 . 2013-02-26 23:17 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-02-26 23:17 . 2013-02-26 23:17 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-02-26 23:17 . 2013-02-26 23:17 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-02-26 23:17 . 2013-02-26 23:17 15407616 ----a-w- c:\windows\system32\ieframe.dll
2013-02-26 23:13 . 2013-02-26 23:13 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-26 23:13 . 2013-02-26 23:13 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-02-26 23:13 . 2013-02-26 23:13 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-02-26 23:13 . 2013-02-26 23:13 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-02-26 23:13 . 2013-02-26 23:13 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ACTSchedulerUI"="c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.UI.exe" [2011-11-16 557056]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\ActSage.exe" [2011-11-16 337224]
.
c:\users\Carl's office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DING!.lnk - c:\program files (x86)\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
Dropbox.lnk - c:\users\Carl's office\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-3-19 1086816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2011-12-16 25504]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-30 35840]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2010-02-24 726816]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2011-12-16 27584]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-30 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 44896]
R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 370016]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-16 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-04-02 14456]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S2 ActService;ACT! Service Host;c:\program files (x86)\ACT\Act for Windows\Act.Server.Host.exe [2011-11-16 18432]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-16 5814904]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-25 202296]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-01-25 376168]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2012-11-29 15928]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2011-06-18 43040096]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056]
S2 Sage ACT! Scheduler;Sage ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2011-11-16 81920]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-26 75904]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
S3 LVUVC64;Logitech QuickCam S7500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2013-01-29 50800]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1301504]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
iissvcs REG_MULTI_SZ    w3svc was
apphost REG_MULTI_SZ    apphostsvc
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-01 21:00 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 12:44]
.
2013-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-19 11:47]
.
2013-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-19 11:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Carl's office\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
TCP: DhcpNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} - hxxp://optimum.net/downloads/TNetworkScannerXControl.ocx
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Completion time: 2013-04-02  21:32:17 - machine was rebooted
ComboFix-quarantined-files.txt  2013-04-03 01:32
ComboFix2.txt  2013-03-29 03:30
ComboFix3.txt  2013-03-28 12:55
ComboFix4.txt  2013-03-25 12:24
ComboFix5.txt  2013-04-03 00:57
.
Pre-Run: 105,788,215,296 bytes free
Post-Run: 106,157,907,968 bytes free
.
- - End Of File - - 97F3385A52549EF6CEED855EE29FD0F5
 



#38 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 03 April 2013 - 05:43 PM

That's great news. This should work now:

 

Please scan your system with ESET Online Scanner

  • Click the "Run ESET Online Scanner" button.
    • For browsers other then Internet Explorer such as Firefox, Chrome, or Opera (Microsoft Internet Explorer users can skip this step) another page will open to download the ESET Smart Installer
    • Click on esetsmartinstaller_enu.exe
    • Save it to your desktop, and double-click to run it.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Please post the log from ESET Online Scanner you saved to the Desktop, and note any errors encountered.


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#39 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 04 April 2013 - 04:40 AM

Here is the ESETScan...no other problems encountered:

 

C:\Users\All Users\{5AFE47E2-E3AB-4A8F-82F5-EB24DC3B1CCC}\setup.res a variant of Win32/HiddenStart.A application 
C:\ProgramData\{5AFE47E2-E3AB-4A8F-82F5-EB24DC3B1CCC}\setup.res a variant of Win32/HiddenStart.A application deleted - quarantined
D:\copy\SDFix\apps\Process.exe Win32/PrcView application cleaned by deleting - quarantined
 



#40 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 05 April 2013 - 04:56 AM

Probably whatever malware entered those registry settings that prevented you from running MBAM and online scans is no longer around.

 

Do you still have the problem selecting a background?


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#41 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 05 April 2013 - 09:36 AM

No, the background issue was fixed when I changed the setting in LogMeIn as you suggested.  Everything seems to be back...so I thank you very, very much for all of your help and cooperation.  You've been terrific!! Until next time (and hopefully there won't be a next time)....Carl



#42 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 05 April 2013 - 04:31 PM

That's good to hear. :)

Go to start > run and copy and paste the next command in the field:
ComboFix /uninstall

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall ComboFix, implement some cleanup procedures, and reset System Restore points.

You can now delete the tools you downloaded and used, and any logs they created:
DDS
Security Check
RogueKiller
Kaspersky Rescue Disk
RKill
TDSSKiller
SystemLook_x64
mbam-rules.exe
Malwarebytes Anti-Rootkit


and the files that you created:
log.bat
HKLM_GPolicy.txt
HKCU_GPolicy.txt
HKCU-Policy.txt
HKLM-Policy.txt
fix.bat
HKLM_SPolicy.txt
HKCU_SPolicy.txt


You can also uninstall:
Sophos Virus Removal Tool

To help keep malware off your system:

  • Keep Windows updated at Windows Update or Microsoft Update.
  • Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
  • Run a program like Secunia Online Software Inspector or FileHippo Update Checker to see what programs need to be updated.
  • Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
  • Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware (and I see you have µTorrent installed).
  • Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
  • Don't click on links received in instant message programs.
  • In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
  • A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htm
  • A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at http://www.javacools...m/products.html
  • I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywarein...showtopic=60955

Does your problem appear resolved?

 


Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#43 Carlgrus

Carlgrus

    Advanced Member

  • Full Member
  • PipPipPip
  • 121 posts

Posted 06 April 2013 - 06:47 PM

All done, and yes, I seem to be back to "normal"  Thanks, again



#44 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 07 April 2013 - 09:54 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005





Member of UNITE
Support SpywareInfo Forum - click the button