Inactive-A Cannot turn on windows firewall - cannot update windows

regan · Apr 13, 2013

I have noticed the computer occasionally running slow particularly loading webpages (its not the site or my net connection) also noticed that window firewall was off and I cannot turn it on, tried all the tricks for this including replacing the registry keys, turning it on via services when I do it through services it says windows could not start it. error 8007065e for attempted windows update.

I did have mcafee and noticed a few people witht he firewall issue had this installed too dont know if its related to the problem but I uninstalled it in an attempt to fix, malwarebytes did find a trojan some weeks ago but nothing in recent scans.

I tried everything in broni's guide here:
http://www.smartestcomputing.us.com...rewall;-windows-firewall-service-missing-fix/

but no luck, this is driving me nuts can someone pls help.

Farbar Service Scanner Version: 03-03-2013
Ran by RLFENT (administrator) on 13-04-2013 at 14:36:07
Running from "I:\DOWNLOADS"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

regan · Apr 13, 2013

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-04-2013
Ran by SYSTEM at 13-04-2013 14:11:11
Running from K:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2792448 2009-12-03] (VIA)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" [x]
HKU\RLFENT\...\Run: [Google Update] "C:\Users\RLFENT\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-09-03] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ===================

2 astcc; C:\Windows\SysWOW64\ASTSRV.EXE [61760 2009-06-14] (Nalpeiron Ltd.)
2 DymoPnpService; "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe" [32368 2012-10-09] (Sanford, L.P.)
2 NitroDriverReadSpool; "C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe" [342544 2012-01-31] (Nitro PDF Software)
2 nvsvc; "C:\Windows\system32\nvvsvc.exe" [878368 2013-01-31] (NVIDIA Corporation)
2 nvUpdatusService; "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [1259296 2013-02-19] (NVIDIA Corporation)
2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2012-04-12] ()
2 piserv; C:\Windows\SysWow64\piserv.exe [65536 2012-03-14] ()
2 MBAMScheduler; "C:\Malwarebytes' Anti-Malware\mbamscheduler.exe" [x]
2 MBAMService; "C:\Malwarebytes' Anti-Malware\mbamservice.exe" [x]
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]

==================== Drivers (Whitelisted) =====================

3 akshasp; C:\Windows\System32\Drivers\akshasp.sys [60488 2013-03-14] (SafeNet Inc.)
3 aksusb; C:\Windows\System32\Drivers\aksusb.sys [303368 2013-03-14] (SafeNet Inc.)
3 CX88VID; C:\Windows\System32\drivers\cxavsvid.sys [469248 2007-09-18] (Leadtek Research Inc.)
3 FLxHCIh; C:\Windows\System32\Drivers\FLxHCIh.sys [77040 2012-11-07] (Fresco Logic)
2 hardlock; C:\Windows\System32\Drivers\hardlock.sys [331144 2013-03-14] (SafeNet Inc.)
3 irsir; C:\Windows\System32\Drivers\irsir.sys [27648 2008-01-18] (Microsoft Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2013-04-03] (Malwarebytes Corporation)
3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [x]
3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [x]
3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [x]
3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [x]
3 ndisahMP; C:\Windows\System32\DRIVERS\ndisah.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-04-13 14:11 - 2013-04-13 14:11 - 00000000 ____D C:\FRST
2013-04-12 19:45 - 2013-04-12 19:45 - 00003458 ____A C:\Windows\SysWOW64\FSS.txt
2013-04-12 02:58 - 2013-04-12 02:58 - 00000626 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-12 02:51 - 2013-04-12 02:51 - 00000000 ____A C:\Users\RLFENT\agent.log
2013-04-12 02:39 - 2013-04-12 02:39 - 00000198 ____A C:\Users\RLFENT\Desktop\repair.bat
2013-04-12 02:23 - 2013-04-12 02:23 - 00000000 ____D C:\ProgramData\Intel(R) Update Manager
2013-04-12 02:23 - 2013-04-12 02:23 - 00000000 ____D C:\Intel
2013-04-11 17:47 - 2013-04-11 17:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-11 02:17 - 2013-04-11 02:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-04-11 02:17 - 2011-09-22 03:07 - 00105832 ____A (Microsoft Corporation) C:\Windows\System32\SQSRVRES.DLL
2013-04-11 02:17 - 2011-09-22 03:06 - 00109416 ____A (Microsoft Corporation) C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2013-04-11 02:17 - 2011-09-21 23:18 - 00073064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2013-04-09 22:49 - 2013-04-09 22:49 - 00000000 ____D C:\Users\RLFENT\Documents\DYMO Label
2013-04-09 22:49 - 2013-04-09 22:49 - 00000000 ____D C:\Users\RLFENT\AppData\Local\Sanford,_L.P
2013-04-09 22:49 - 2013-04-09 22:49 - 00000000 ____D C:\Users\RLFENT\AppData\Local\DYMO
2013-04-09 22:46 - 2013-04-09 22:47 - 00041385 __RSH C:\Program Files (x86)\DLS8Uninstall.log
2013-04-09 22:46 - 2013-04-09 22:47 - 00004606 ____A C:\Windows\DPINST.LOG
2013-04-09 22:46 - 2013-04-09 22:46 - 00000000 ____D C:\Program Files (x86)\DYMO
2013-04-09 22:42 - 2013-04-09 22:42 - 00000000 ____D C:\ProgramData\DYMO
2013-04-09 17:37 - 2013-02-21 22:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-09 17:37 - 2013-02-21 22:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-09 17:37 - 2013-02-21 19:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-09 17:37 - 2013-02-21 19:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-09 17:37 - 2013-02-21 19:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-09 17:36 - 2013-03-01 22:04 - 01655656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-09 17:36 - 2013-02-28 19:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-09 17:36 - 2013-02-21 22:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-09 17:36 - 2013-02-21 22:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-09 17:36 - 2013-02-21 22:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-09 17:36 - 2013-02-21 22:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-09 17:36 - 2013-02-21 22:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-09 17:36 - 2013-02-21 22:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-09 17:36 - 2013-02-21 22:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-09 17:36 - 2013-02-21 22:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-09 17:36 - 2013-02-21 22:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-09 17:36 - 2013-02-21 22:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-09 17:36 - 2013-02-21 22:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-09 17:36 - 2013-02-21 22:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-09 17:36 - 2013-02-21 22:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-09 17:36 - 2013-02-21 22:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-09 17:36 - 2013-02-21 20:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-09 17:36 - 2013-02-21 19:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-09 17:36 - 2013-02-21 19:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-09 17:36 - 2013-02-21 19:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-09 17:36 - 2013-02-21 19:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-09 17:36 - 2013-02-21 19:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-09 17:36 - 2013-02-21 19:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-09 17:36 - 2013-02-21 19:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-09 17:36 - 2013-02-21 19:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-09 17:36 - 2013-02-21 19:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-09 17:36 - 2013-02-21 19:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-09 17:36 - 2013-02-21 19:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-09 17:36 - 2013-02-21 19:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-09 17:36 - 2013-02-14 22:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-09 17:36 - 2013-02-14 22:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-09 17:36 - 2013-02-14 22:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-09 17:36 - 2013-02-14 20:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-09 17:36 - 2013-02-14 20:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-09 17:36 - 2013-02-14 19:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-09 17:36 - 2013-01-23 22:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-04-09 17:35 - 2013-03-18 22:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-09 17:35 - 2013-03-18 21:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-09 17:35 - 2013-03-18 21:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-09 17:35 - 2013-03-18 21:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-09 17:35 - 2013-03-18 20:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-09 17:35 - 2013-03-18 19:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-08 16:34 - 2013-04-08 16:34 - 00000000 ____D C:\Windows\CheckSur
2013-04-08 16:27 - 2013-01-31 01:24 - 02558240 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2013-04-08 16:24 - 2013-02-11 20:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023x.sys
2013-04-08 16:24 - 2013-02-11 20:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-04-08 00:18 - 2013-04-08 00:18 - 00000000 ____D C:\ProgramData\IDM
2013-04-07 21:43 - 2013-04-12 19:28 - 00000000 ____D C:\Users\RLFENT\AppData\Roaming\IDM
2013-04-07 21:26 - 2013-04-07 21:26 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-07 21:25 - 2013-04-12 03:12 - 00030714 ____A C:\Windows\IE10_main.log
2013-04-07 20:55 - 2013-04-07 20:55 - 44335120 ____A (Microsoft Corporation) C:\Users\RLFENT\Downloads\IE10-Windows6.1-x64-en-us.exe
2013-04-07 20:53 - 2013-04-07 20:53 - 03326176 ____A (Microsoft Corporation) C:\Users\RLFENT\Downloads\OutlookConnector.exe
2013-04-07 20:53 - 2013-04-07 20:53 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-04-07 02:04 - 2013-04-09 21:44 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-04-07 02:04 - 2013-04-07 02:04 - 00000000 ____D C:\Users\RLFENT\AppData\Roaming\Alibaba
2013-04-05 20:51 - 2013-04-05 20:51 - 07667736 ____A C:\Users\RLFENT\Downloads\DIR632A1_FW103B08(1).bin
2013-04-05 20:45 - 2013-04-05 20:45 - 07667736 ____A C:\Users\RLFENT\Downloads\DIR632A1_FW103B08.bin
2013-04-05 03:53 - 2013-04-05 03:53 - 00040960 ____A () C:\Users\RLFENT\Downloads\tftp2(3).exe
2013-04-05 03:45 - 2013-04-05 03:45 - 00559441 ____A C:\Users\RLFENT\Downloads\Tftpd32-4.00-setup.exe
2013-04-05 03:45 - 2013-04-05 03:45 - 00040960 ____A () C:\Users\RLFENT\Downloads\tftp2(2).exe
2013-04-05 03:43 - 2013-04-05 03:32 - 00166576 ____A (Tonec Inc.) C:\Windows\System32\Drivers\idmwfp.sys
2013-04-05 03:37 - 2013-04-05 03:37 - 00040960 ____A () C:\Users\RLFENT\Downloads\tftp2(1).exe
2013-04-05 03:28 - 2013-04-05 03:28 - 00040960 ____A () C:\Users\RLFENT\Downloads\tftp2.exe
2013-04-05 03:07 - 2013-04-05 03:07 - 00181585 ____A C:\Users\RLFENT\Downloads\OpenTFTPServerMTInstallerV1.64(1).exe
2013-04-05 02:50 - 2013-04-05 02:37 - 03543068 ____A C:\Users\RLFENT\Desktop\BR6574N-webflash.bin
2013-04-05 02:50 - 2013-04-05 02:37 - 03543042 ____A C:\Users\RLFENT\Desktop\image.tftp
2013-04-05 02:40 - 2013-04-05 03:08 - 00131584 ____A C:\Windows\SysWOW64\SpoonUninstall.exe
2013-04-05 02:39 - 2013-04-05 02:39 - 00181585 ____A C:\Users\RLFENT\Downloads\OpenTFTPServerMTInstallerV1.64.exe
2013-04-05 02:36 - 2013-04-05 02:37 - 03543068 ____A C:\Users\RLFENT\Downloads\BR6574N-webflash.bin
2013-04-05 02:36 - 2013-04-05 02:37 - 03543042 ____A C:\Users\RLFENT\Downloads\image.tftp
2013-04-03 21:22 - 2013-04-03 21:28 - 00017724 ____A C:\Users\RLFENT\Desktop\invoice for 2x gas heaters.htm
2013-04-03 16:05 - 2013-04-03 16:05 - 00087497 ____A C:\Users\RLFENT\Downloads\Download.csv
2013-04-01 16:58 - 2013-04-12 19:13 - 00015990 ____A C:\Windows\PFRO.log
2013-03-31 23:57 - 2013-04-12 19:34 - 00080270 ____A C:\Windows\setupact.log
2013-03-31 23:57 - 2013-03-31 23:57 - 00000000 ____A C:\Windows\setuperr.log
2013-03-28 17:42 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-03-28 17:42 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-03-28 17:42 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-03-28 17:42 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-03-28 17:42 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-03-28 17:42 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-03-28 17:41 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-03-28 17:41 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-03-28 01:07 - 2013-03-28 01:07 - 00000000 ____D C:\Users\RLFENT\AppData\Local\Macromedia
2013-03-24 21:43 - 2013-03-25 00:44 - 204386358 ____A C:\Users\RLFENT\Desktop\IMG_2357.MOV
2013-03-24 20:16 - 2013-03-24 20:16 - 00000520 ____A C:\Windows\SysWOW64\asfxt.dng
2013-03-24 20:15 - 2013-03-24 20:15 - 00000000 ____D C:\Program Files (x86)\Primera Technology
2013-03-24 20:15 - 2012-02-06 19:52 - 02228496 ____N (Rovi Corporation) C:\Windows\SysWOW64\pxsfs.dll
2013-03-24 20:15 - 2012-02-06 19:52 - 00704784 ____N (Rovi Corporation) C:\Windows\SysWOW64\px.dll
2013-03-24 20:15 - 2012-02-06 19:52 - 00442640 ____N (Rovi Corporation) C:\Windows\SysWOW64\pxwave.dll
2013-03-24 20:15 - 2012-02-06 19:52 - 00221456 ____N (Rovi Corporation) C:\Windows\SysWOW64\pxmas.dll
2013-03-24 20:15 - 2012-02-06 19:52 - 00135440 ____N (Rovi Corporation) C:\Windows\SysWOW64\pxafs.dll
2013-03-24 20:15 - 2012-02-06 19:52 - 00061712 ____N (Rovi Corporation) C:\Windows\SysWOW64\pxwma.dll
2013-03-24 20:15 - 2012-02-06 07:02 - 00586000 ____N (Rovi Corporation) C:\Windows\SysWOW64\pxdrv.dll
2013-03-24 20:15 - 2011-11-02 16:41 - 00128784 ____N (Rovi Corporation) C:\Windows\SysWOW64\pxinsi64.exe
2013-03-24 20:15 - 2011-11-02 16:41 - 00074000 ____N (Rovi Corporation) C:\Windows\SysWOW64\pxhpinst.exe
2013-03-24 20:15 - 2011-11-02 16:41 - 00070416 ____N (Rovi Corporation) C:\Windows\SysWOW64\pxinsa64.exe
2013-03-24 20:15 - 2011-11-02 08:01 - 00056208 ____N (Rovi Corporation) C:\Windows\System32\Drivers\PxHlpa64.sys
2013-03-24 20:15 - 2011-10-16 08:00 - 00010224 ____N (Sonic Solutions) C:\Windows\System32\Drivers\cdralw2k.sys
2013-03-24 20:15 - 2011-10-16 08:00 - 00010224 ____N (Sonic Solutions) C:\Windows\System32\Drivers\cdr4_xp.sys
2013-03-24 20:15 - 2011-09-06 06:01 - 00100848 ____N (Rovi Corporation) C:\Windows\SysWOW64\vxblock.dll
2013-03-24 20:15 - 2011-05-23 06:00 - 00123888 ____N (Rovi Corporation) C:\Windows\SysWOW64\pxcpyi64.exe
2013-03-24 20:15 - 2011-05-23 06:00 - 00068080 ____N (Rovi Corporation) C:\Windows\SysWOW64\pxcpya64.exe
2013-03-24 20:14 - 2013-03-24 20:27 - 00000000 ____D C:\Users\RLFENT\AppData\Local\MicroVision Applications
2013-03-24 20:13 - 2006-09-20 14:42 - 00487424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp70.dll
2013-03-24 20:13 - 2006-09-20 14:42 - 00344064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2013-03-24 20:12 - 2013-03-24 20:13 - 00000000 ____D C:\Program Files (x86)\SureThing CD Labeler 5 - Primera
2013-03-24 20:02 - 2013-03-24 20:18 - 00000000 ____D C:\ProgramData\PTI
2013-03-14 18:52 - 2013-03-14 18:52 - 04466120 ____A (SafeNet Inc.) C:\Windows\System32\aksllmtp.exe
2013-03-14 18:52 - 2013-03-14 18:52 - 00331144 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\hardlock.sys
2013-03-14 18:52 - 2013-03-14 18:52 - 00303368 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\aksusb.sys
2013-03-14 18:52 - 2013-03-14 18:52 - 00141064 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\aksfridge.sys
2013-03-14 18:52 - 2013-03-14 18:52 - 00090056 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\aksdf.sys
2013-03-14 18:52 - 2013-03-14 18:52 - 00077768 ____A (Aladdin Knowledge Systems Ltd.) C:\Windows\System32\aksusb4.dll
2013-03-14 18:52 - 2013-03-14 18:52 - 00070088 ____A (SafeNet Inc.) C:\Windows\System32\akshhl30.dll
2013-03-14 18:52 - 2013-03-14 18:52 - 00063944 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\akshhl.sys
2013-03-14 18:52 - 2013-03-14 18:52 - 00060488 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\akshasp.sys
2013-03-14 18:52 - 2013-03-14 18:52 - 00021448 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\aksclass.sys
2013-03-14 18:52 - 2013-03-14 18:52 - 00018376 ____A (Aladdin Knowledge Systems Ltd.) C:\Windows\System32\akshsp52.dll

==================== One Month Modified Files and Folders =======

2013-04-13 14:11 - 2013-04-13 14:11 - 00000000 ____D C:\FRST
2013-04-12 20:06 - 2012-09-03 23:50 - 00000000 ____D C:\Users\RLFENT\AppData\Roaming\DMCache
2013-04-12 20:06 - 2012-09-03 23:39 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1654508899-1424364464-812079754-1000UA.job
2013-04-12 20:06 - 2012-09-03 23:13 - 01632070 ____A C:\Windows\WindowsUpdate.log
2013-04-12 20:06 - 2009-07-13 20:45 - 00015360 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-12 20:06 - 2009-07-13 20:45 - 00015360 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-12 20:05 - 2012-09-04 03:32 - 00000000 ____D C:\Users\RLFENT\AppData\Roaming\Skype
2013-04-12 19:45 - 2013-04-12 19:45 - 00003458 ____A C:\Windows\SysWOW64\FSS.txt
2013-04-12 19:38 - 2009-07-13 21:13 - 00872406 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-12 19:34 - 2013-03-31 23:57 - 00080270 ____A C:\Windows\setupact.log
2013-04-12 19:34 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-12 19:30 - 2012-10-30 18:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-12 19:28 - 2013-04-07 21:43 - 00000000 ____D C:\Users\RLFENT\AppData\Roaming\IDM
2013-04-12 19:13 - 2013-04-01 16:58 - 00015990 ____A C:\Windows\PFRO.log
2013-04-12 04:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-04-12 03:12 - 2013-04-07 21:25 - 00030714 ____A C:\Windows\IE10_main.log
2013-04-12 02:58 - 2013-04-12 02:58 - 00000626 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-12 02:51 - 2013-04-12 02:51 - 00000000 ____A C:\Users\RLFENT\agent.log
2013-04-12 02:51 - 2012-09-03 23:13 - 00000000 ____D C:\users\RLFENT
2013-04-12 02:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-04-12 02:39 - 2013-04-12 02:39 - 00000198 ____A C:\Users\RLFENT\Desktop\repair.bat
2013-04-12 02:23 - 2013-04-12 02:23 - 00000000 ____D C:\ProgramData\Intel(R) Update Manager
2013-04-12 02:23 - 2013-04-12 02:23 - 00000000 ____D C:\Intel
2013-04-12 02:23 - 2012-09-04 00:09 - 00000000 ____D C:\Program Files (x86)\Intel
2013-04-12 02:18 - 2012-10-29 01:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-12 02:18 - 2012-09-03 23:21 - 00000000 ____D C:\ProgramData\McAfee
2013-04-12 01:06 - 2012-09-03 23:39 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1654508899-1424364464-812079754-1000Core.job
2013-04-11 19:19 - 2012-09-04 01:38 - 00000000 ____D C:\Users\RLFENT\AppData\Roaming\vlc
2013-04-11 17:47 - 2013-04-11 17:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-11 02:17 - 2013-04-11 02:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-04-11 02:16 - 2012-10-14 21:23 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2013-04-11 02:16 - 2012-10-14 21:23 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2013-04-11 00:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Registration
2013-04-10 22:21 - 2012-09-03 23:52 - 00000000 ____D C:\Users\RLFENT\AppData\Roaming\uTorrent
2013-04-10 17:11 - 2009-07-13 20:45 - 00420024 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-09 22:49 - 2013-04-09 22:49 - 00000000 ____D C:\Users\RLFENT\Documents\DYMO Label
2013-04-09 22:49 - 2013-04-09 22:49 - 00000000 ____D C:\Users\RLFENT\AppData\Local\Sanford,_L.P
2013-04-09 22:49 - 2013-04-09 22:49 - 00000000 ____D C:\Users\RLFENT\AppData\Local\DYMO
2013-04-09 22:49 - 2012-09-03 23:39 - 00114928 ____A C:\Users\RLFENT\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-09 22:47 - 2013-04-09 22:46 - 00041385 __RSH C:\Program Files (x86)\DLS8Uninstall.log
2013-04-09 22:47 - 2013-04-09 22:46 - 00004606 ____A C:\Windows\DPINST.LOG
2013-04-09 22:46 - 2013-04-09 22:46 - 00000000 ____D C:\Program Files (x86)\DYMO
2013-04-09 22:42 - 2013-04-09 22:42 - 00000000 ____D C:\ProgramData\DYMO
2013-04-09 21:44 - 2013-04-07 02:04 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-04-09 17:38 - 2012-09-03 23:59 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-09 17:37 - 2012-09-04 14:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-04-08 16:34 - 2013-04-08 16:34 - 00000000 ____D C:\Windows\CheckSur
2013-04-08 16:27 - 2012-09-03 23:27 - 00000000 ____D C:\ProgramData\NVIDIA
2013-04-08 16:27 - 2012-09-03 23:22 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-04-08 00:18 - 2013-04-08 00:18 - 00000000 ____D C:\ProgramData\IDM
2013-04-07 21:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-04-07 21:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-04-07 21:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-04-07 21:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-04-07 21:26 - 2013-04-07 21:26 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-07 21:26 - 2013-04-07 21:26 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-07 20:55 - 2013-04-07 20:55 - 44335120 ____A (Microsoft Corporation) C:\Users\RLFENT\Downloads\IE10-Windows6.1-x64-en-us.exe
2013-04-07 20:53 - 2013-04-07 20:53 - 03326176 ____A (Microsoft Corporation) C:\Users\RLFENT\Downloads\OutlookConnector.exe
2013-04-07 20:53 - 2013-04-07 20:53 - 00000000 ____D C:\Program Files (x86)\MSECache
2013-04-07 02:04 - 2013-04-07 02:04 - 00000000 ____D C:\Users\RLFENT\AppData\Roaming\Alibaba
2013-04-07 01:53 - 2012-09-03 23:59 - 00000000 ____D C:\Users\RLFENT\AppData\Local\Windows Live
2013-04-07 01:52 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-04-05 20:51 - 2013-04-05 20:51 - 07667736 ____A C:\Users\RLFENT\Downloads\DIR632A1_FW103B08(1).bin
2013-04-05 20:45 - 2013-04-05 20:45 - 07667736 ____A C:\Users\RLFENT\Downloads\DIR632A1_FW103B08.bin
2013-04-05 03:53 - 2013-04-05 03:53 - 00040960 ____A () C:\Users\RLFENT\Downloads\tftp2(3).exe
2013-04-05 03:45 - 2013-04-05 03:45 - 00559441 ____A C:\Users\RLFENT\Downloads\Tftpd32-4.00-setup.exe
2013-04-05 03:45 - 2013-04-05 03:45 - 00040960 ____A () C:\Users\RLFENT\Downloads\tftp2(2).exe
2013-04-05 03:37 - 2013-04-05 03:37 - 00040960 ____A () C:\Users\RLFENT\Downloads\tftp2(1).exe
2013-04-05 03:37 - 2013-01-22 01:14 - 00000000 ____D C:\Users\RLFENT\AppData\Roaming\FileZilla
2013-04-05 03:32 - 2013-04-05 03:43 - 00166576 ____A (Tonec Inc.) C:\Windows\System32\Drivers\idmwfp.sys
2013-04-05 03:28 - 2013-04-05 03:28 - 00040960 ____A () C:\Users\RLFENT\Downloads\tftp2.exe
2013-04-05 03:08 - 2013-04-05 02:40 - 00131584 ____A C:\Windows\SysWOW64\SpoonUninstall.exe
2013-04-05 03:07 - 2013-04-05 03:07 - 00181585 ____A C:\Users\RLFENT\Downloads\OpenTFTPServerMTInstallerV1.64(1).exe
2013-04-05 02:39 - 2013-04-05 02:39 - 00181585 ____A C:\Users\RLFENT\Downloads\OpenTFTPServerMTInstallerV1.64.exe
2013-04-05 02:37 - 2013-04-05 02:50 - 03543068 ____A C:\Users\RLFENT\Desktop\BR6574N-webflash.bin
2013-04-05 02:37 - 2013-04-05 02:50 - 03543042 ____A C:\Users\RLFENT\Desktop\image.tftp
2013-04-05 02:37 - 2013-04-05 02:36 - 03543068 ____A C:\Users\RLFENT\Downloads\BR6574N-webflash.bin
2013-04-05 02:37 - 2013-04-05 02:36 - 03543042 ____A C:\Users\RLFENT\Downloads\image.tftp
2013-04-03 21:28 - 2013-04-03 21:22 - 00017724 ____A C:\Users\RLFENT\Desktop\invoice for 2x gas heaters.htm
2013-04-03 20:50 - 2012-09-03 23:36 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-03 16:05 - 2013-04-03 16:05 - 00087497 ____A C:\Users\RLFENT\Downloads\Download.csv
2013-03-31 23:57 - 2013-03-31 23:57 - 00000000 ____A C:\Windows\setuperr.log
2013-03-31 23:56 - 2012-10-06 21:12 - 00000000 ____D C:\Windows\Minidump
2013-03-31 23:50 - 2012-09-04 04:06 - 00000000 ____D C:\Users\RLFENT\AppData\Roaming\Auslogics
2013-03-31 23:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-03-29 09:13 - 2012-09-03 23:18 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-03-28 01:07 - 2013-03-28 01:07 - 00000000 ____D C:\Users\RLFENT\AppData\Local\Macromedia
2013-03-26 21:58 - 2012-09-03 23:23 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-03-26 21:58 - 2012-09-03 23:23 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-03-25 00:44 - 2013-03-24 21:43 - 204386358 ____A C:\Users\RLFENT\Desktop\IMG_2357.MOV
2013-03-24 20:27 - 2013-03-24 20:14 - 00000000 ____D C:\Users\RLFENT\AppData\Local\MicroVision Applications
2013-03-24 20:18 - 2013-03-24 20:02 - 00000000 ____D C:\ProgramData\PTI
2013-03-24 20:16 - 2013-03-24 20:16 - 00000520 ____A C:\Windows\SysWOW64\asfxt.dng
2013-03-24 20:15 - 2013-03-24 20:15 - 00000000 ____D C:\Program Files (x86)\Primera Technology
2013-03-24 20:13 - 2013-03-24 20:12 - 00000000 ____D C:\Program Files (x86)\SureThing CD Labeler 5 - Primera
2013-03-24 20:02 - 2012-09-06 23:47 - 00000000 ____D C:\Users\RLFENT\AppData\Roaming\Nitro PDF
2013-03-18 22:04 - 2013-04-09 17:35 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-03-18 21:46 - 2013-04-09 17:35 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-03-18 21:04 - 2013-04-09 17:35 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-03-18 21:04 - 2013-04-09 17:35 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-03-18 20:47 - 2013-04-09 17:35 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-03-18 19:06 - 2013-04-09 17:35 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-03-14 18:52 - 2013-03-14 18:52 - 04466120 ____A (SafeNet Inc.) C:\Windows\System32\aksllmtp.exe
2013-03-14 18:52 - 2013-03-14 18:52 - 00331144 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\hardlock.sys
2013-03-14 18:52 - 2013-03-14 18:52 - 00303368 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\aksusb.sys
2013-03-14 18:52 - 2013-03-14 18:52 - 00141064 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\aksfridge.sys
2013-03-14 18:52 - 2013-03-14 18:52 - 00090056 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\aksdf.sys
2013-03-14 18:52 - 2013-03-14 18:52 - 00077768 ____A (Aladdin Knowledge Systems Ltd.) C:\Windows\System32\aksusb4.dll
2013-03-14 18:52 - 2013-03-14 18:52 - 00070088 ____A (SafeNet Inc.) C:\Windows\System32\akshhl30.dll
2013-03-14 18:52 - 2013-03-14 18:52 - 00063944 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\akshhl.sys
2013-03-14 18:52 - 2013-03-14 18:52 - 00060488 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\akshasp.sys
2013-03-14 18:52 - 2013-03-14 18:52 - 00021448 ____A (SafeNet Inc.) C:\Windows\System32\Drivers\aksclass.sys
2013-03-14 18:52 - 2013-03-14 18:52 - 00018376 ____A (Aladdin Knowledge Systems Ltd.) C:\Windows\System32\akshsp52.dll

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-12 02:42:34
Restore point made on: 2013-04-12 03:12:42

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8191.24 MB
Available physical RAM: 7382.77 MB
Total Pagefile: 8189.39 MB
Available Pagefile: 7383.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (WINDOWS SSD) (Fixed) (Total:55.8 GB) (Free:15.93 GB) NTFS
2 Drive e: (PROGRAMS) (Fixed) (Total:43.95 GB) (Free:38.04 GB) NTFS
3 Drive f: (RLF ENT) (Fixed) (Total:28.19 GB) (Free:20.96 GB) NTFS
4 Drive g: (Windows) (Fixed) (Total:53.71 GB) (Free:13.12 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive h: (MISC) (Fixed) (Total:58.59 GB) (Free:58.5 GB) NTFS
6 Drive I: (STORAGE) (Fixed) (Total:742.18 GB) (Free:206.11 GB) NTFS
8 Drive k: (TSB USB DRV) (Removable) (Total:3.63 GB) (Free:0.78 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 55 GB 0 B
Disk 1 Online 931 GB 5012 MB *
Disk 2 Online 3726 MB 0 B

Partitions of Disk 0:
===============

Disk ID: FF5F23EE

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 55 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 C WINDOWS SSD NTFS Partition 55 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 7F1F470A

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Dynamic Data 992 KB 31 KB
Partition 2 Dynamic Data 53 GB 1024 KB
Partition 3 Dynamic Data 877 GB 53 GB

==================================================================================

Disk: 1
Partition 1
Type : 42
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Disk: 1
Partition 2
Type : 42
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 G Windows NTFS Simple 53 GB Healthy

=========================================================

Disk: 1
Partition 3
Type : 42
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 2:
===============

Disk ID: C3072E18

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3722 MB 4032 KB

==================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K TSB USB DRV FAT32 Removable 3722 MB Healthy

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: FF5F23EE

Partition 1:
=========
Hex: 8020210007DF130C0008000000200300
Active: YES
Type: 07 (NTFS)
Size: 100 MB

Partition 2:
=========
Hex: 00DF140C07FEFFFF002803000098F906
Active: NO
Type: 07 (NTFS)
Size: 56 GB

==============================
Partitions of Disk 1:
===============
Disk ID: 7F1F470A

Partition 1:
=========
Hex: 00010100422020003F000000C1070000
Active: NO
Type: 42
Size: 993 KB

Partition 2:
=========
Hex: 8020210042FEFFFF0008000000C0B606
Active: YES
Type: 42
Size: 54 GB

Partition 3:
=========
Hex: 00FEFFFF42FEFFFF00C8B606B09DB96D
Active: NO
Type: 42
Size: 878 GB

==============================
Partitions of Disk 2:
===============
Disk ID: C3072E18

Partition 1:
=========
Hex: 000001010C24E5B1801F000080507400
Active: NO
Type: 0C
Size: 4 GB

Last Boot: 2013-04-03 15:35

==================== End Of Log =============================

regan · Apr 13, 2013

Farbar Recovery Scan Tool (x64) Version: 11-04-2013
Ran by SYSTEM at 2013-04-13 14:12:58
Running from K:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

Broni · Apr 13, 2013

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

regan · Apr 13, 2013

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.04.07.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
RLFENT :: RLFENT-PC [administrator]
08-Apr-13 3:47:49 PM
mbam-log-2013-04-08 (15-47-49).txt
Scan type: Full scan (C:\|E:\|F:\|G:\|H:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 682388
Time elapsed: 1 hour(s), 53 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
E:\produkey\ProduKey.exe (PUP.PSWTool.ProductKey) -> Quarantined and deleted successfully.
(end)

regan · Apr 13, 2013

Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 04-Sep-12 5:13:03 PM
System Uptime: 13-Apr-13 2:13:43 PM (1 hours ago)
.
Motherboard: ASRock | | 880GMH-LE/USB3
Processor: AMD Phenom(tm) II X4 955 Processor | CPUSocket | 3206/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 15.838 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 44 GiB total, 38.043 GiB free.
F: is FIXED (NTFS) - 28 GiB total, 20.963 GiB free.
G: is FIXED (NTFS) - 54 GiB total, 13.117 GiB free.
H: is FIXED (NTFS) - 59 GiB total, 58.501 GiB free.
I: is FIXED (NTFS) - 742 GiB total, 206.099 GiB free.
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP78: 12-Apr-13 8:42:30 PM - Windows Update
RP79: 12-Apr-13 9:12:38 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Audacity 2.0.2
Auslogics BoostSpeed
CrystalDiskInfo 5.0.4
CrystalDiskMark 3.0.1c
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DHTML Editing Component
DYMO Label v.8
DYMO LabelWriter Drivers
EVEREST Ultimate Edition v5.50
Fresco Logic USB3.0 Host Controller
Google Chrome
Guitar FX BOX 3
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
Intel(R) Update Manager
Intel® SSD Toolbox
Internet Download Manager
Java 7 Update 9
Java Auto Updater
Lexmark Network TWAIN Driver Uninstaller
LinuxLive USB Creator
Malwarebytes Anti-Malware version 1.75.0.1300
MetaDMS Scan Software
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Nitro PDF Professional
NVIDIA 3D Vision Controller Driver 301.42
NVIDIA Control Panel 307.83
NVIDIA Graphics Driver 307.83
NVIDIA HD Audio Driver 1.3.16.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Update 1.10.8
NVIDIA Update Components
Pedals VST
Platform
PTPublisher
Quick Screen Capture 3.0
Realtek Ethernet Controller Driver For Windows 7
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2760762) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit)
Shared C Run-time for x64
Skype™ 6.1
Sql Server Customer Experience Improvement Program
SureThing CD Labeler Primera Edition 5
Toll Lite
TradeManager 2012
TreeSize Professional 5.3.1
Turbo Lister 2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VIA Platform Device Manager
VLC media player 2.0.3
WinRAR 4.01 (64-bit)
WinZip 16.5
WordWeb Pro
.
==== Event Viewer Messages From Past Week ========
.
13-Apr-13 3:21:03 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
13-Apr-13 2:13:53 PM, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified.
12-Apr-13 9:13:19 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 10 for Windows 7 for x64-based Systems.
12-Apr-13 8:49:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Windows 7 for x64-based Systems (KB2592687).
12-Apr-13 8:18:56 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The system cannot find the file specified.
11-Apr-13 5:39:20 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.
11-Apr-13 5:39:20 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
11-Apr-13 5:38:14 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
11-Apr-13 5:38:14 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
11-Apr-13 4:29:57 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
11-Apr-13 4:29:55 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
11-Apr-13 4:29:55 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
10-Apr-13 11:28:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Security Update for Windows 7 for x64-based Systems (KB2807986).
10-Apr-13 11:20:09 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.0.100 with the system having network hardware address 00-04-F2-1E-C7-45. Network operations on this system may be disrupted as a result.
09-Apr-13 2:26:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
08-Apr-13 8:51:09 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================

regan · Apr 13, 2013

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.9.2
Run by RLFENT at 15:21:46 on 2013-04-13
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.4304 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Outdated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\ASTSRV.EXE
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
E:\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
E:\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
E:\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\SysWOW64\piserv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
E:\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
E:\idm\Internet Download Manager\IDMan.exe
E:\idm\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com.au/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -
mWinlogon: Userinit = userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\idm\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -
uRun: [Google Update] "C:\Users\RLFENT\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all links with IDM - E:\idm\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - E:\idm\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: alipay.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
Trusted Zone: taobao.com
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{AE01B5ED-0587-4C1B-B911-060D3EA115AF} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{CB446E59-653F-4C25-9751-36C82CD262A3} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{F77E17AC-058F-43D0-88CF-91AD1805E526} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\idm\Internet Download Manager\IDMIECC64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\RLFENT\AppData\Roaming\Mozilla\Firefox\Profiles\uo0wru2c.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\RLFENT\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: E:\Trademanager\nptrademanager.dll
FF - plugin: E:\Trademanager\npwangwang.dll
FF - ExtSQL: 2013-04-08 18:19; mozilla_cc@internetdownloadmanager.com; C:\Users\RLFENT\AppData\Roaming\IDM\idmmzcc5
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-3-25 56208]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-3-15 90056]
R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2012-10-10 32368]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2013-4-5 166576]
R2 MBAMScheduler;MBAMScheduler;E:\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-4 418376]
R2 MBAMService;MBAMService;E:\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-2 701512]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2012-2-1 342544]
R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-2-1 70160]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-4-13 88576]
R2 piserv;Primera Index Service;C:\Windows\System32\piserv.exe --> C:\Windows\System32\piserv.exe [?]
R3 CX88VID;WinFast CX2388x AvStream Driver;C:\Windows\System32\drivers\cxavsvid.sys [2007-9-19 469248]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-11-8 249584]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-11-8 77040]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-4 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-9-4 346144]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-9-4 1276928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-9-4 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-4 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
.
=============== Created Last 30 ================
.
2013-04-13 22:11:08 -------- d-----w- C:\FRST
2013-04-13 05:21:01 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-04-13 05:21:00 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-04-12 10:23:33 -------- d-----w- C:\ProgramData\Intel(R) Update Manager
2013-04-12 10:23:19 -------- d-----w- C:\Intel
2013-04-12 00:30:47 -------- d-----w- C:\Users\RLFENT\AppData\Local\ElevatedDiagnostics
2013-04-11 10:17:50 73064 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2013-04-11 10:17:50 109416 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2013-04-11 10:17:50 105832 ----a-w- C:\Windows\System32\SQSRVRES.DLL
2013-04-10 08:17:37 -------- d-----w- C:\Users\RLFENT\AppData\Local\assembly
2013-04-10 06:49:34 -------- d-----w- C:\Users\RLFENT\AppData\Local\Sanford,_L.P
2013-04-10 06:49:21 -------- d-----w- C:\Users\RLFENT\AppData\Local\DYMO
2013-04-10 06:46:25 -------- d-----w- C:\Program Files (x86)\DYMO
2013-04-10 06:43:19 -------- d-----w- C:\Program Files\DYMO LabelWriter Drivers
2013-04-10 06:42:55 -------- d-----w- C:\ProgramData\DYMO
2013-04-10 01:37:00 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-04-10 01:37:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-10 01:37:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-04-10 01:37:00 182896 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-04-10 01:37:00 149616 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-04-10 01:35:59 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-10 01:35:58 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 01:35:58 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 01:35:57 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-10 01:35:57 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-10 01:35:57 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-09 00:34:40 -------- d-----w- C:\Windows\CheckSur
2013-04-09 00:27:32 2558240 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-04-09 00:24:41 19968 ----a-w- C:\Windows\System32\drivers\usb8023x.sys
2013-04-09 00:24:41 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-04-08 08:18:58 -------- d-----w- C:\ProgramData\IDM
2013-04-08 05:43:57 -------- d-----w- C:\Users\RLFENT\AppData\Roaming\IDM
2013-04-08 05:33:03 15088 ----a-w- C:\Users\RLFENT\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
2013-04-08 04:53:16 -------- d-----w- C:\Program Files (x86)\MSECache
2013-04-07 10:04:12 -------- d-----w- C:\Users\RLFENT\AppData\Roaming\Alibaba
2013-04-07 10:04:02 -------- d-----w- C:\ProgramData\boost_interprocess
2013-04-07 09:50:34 -------- d-----w- C:\Users\RLFENT\AppData\Local\Programs
2013-04-05 11:43:34 166576 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
2013-04-05 10:40:18 131584 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2013-03-29 01:42:26 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-03-29 01:42:23 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-03-29 01:42:22 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-03-29 01:42:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-03-29 01:42:21 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-03-29 01:42:14 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-03-29 01:41:50 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-03-29 01:41:50 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-03-28 09:07:29 -------- d-----w- C:\Users\RLFENT\AppData\Local\Macromedia
2013-03-27 06:38:43 272280 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe
2013-03-25 04:14:15 -------- d-----w- C:\Users\RLFENT\AppData\Local\MicroVision Applications
2013-03-25 04:13:04 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll
2013-03-25 04:13:04 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
2013-03-25 04:13:02 -------- d-----w- C:\Program Files (x86)\Common Files\SureThing Shared
2013-03-25 04:12:57 -------- d-----w- C:\Program Files (x86)\SureThing CD Labeler 5 - Primera
2013-03-25 04:02:14 -------- d-----w- C:\ProgramData\PTI
2013-03-15 02:52:10 4466120 ----a-w- C:\Windows\System32\aksllmtp.exe
2013-03-15 02:52:08 90056 ----a-w- C:\Windows\System32\drivers\aksdf.sys
2013-03-15 02:52:08 77768 ----a-w- C:\Windows\System32\aksusb4.dll
2013-03-15 02:52:08 70088 ----a-w- C:\Windows\System32\akshhl30.dll
2013-03-15 02:52:08 63944 ----a-w- C:\Windows\System32\drivers\akshhl.sys
2013-03-15 02:52:08 60488 ----a-w- C:\Windows\System32\drivers\akshasp.sys
2013-03-15 02:52:08 331144 ----a-w- C:\Windows\System32\drivers\hardlock.sys
2013-03-15 02:52:08 303368 ----a-w- C:\Windows\System32\drivers\aksusb.sys
2013-03-15 02:52:08 21448 ----a-w- C:\Windows\System32\drivers\aksclass.sys
2013-03-15 02:52:08 18376 ----a-w- C:\Windows\System32\akshsp52.dll
2013-03-15 02:52:08 141064 ----a-w- C:\Windows\System32\drivers\aksfridge.sys
.
==================== Find3M ====================
.
2013-04-04 04:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-27 05:58:15 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-27 05:58:15 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-02 06:04:53 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-01-31 09:25:24 6207776 ----a-w- C:\Windows\System32\nvcpl.dll
2013-01-31 09:25:24 3300640 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-01-31 09:24:59 878368 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-01-31 09:24:58 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-01-31 09:24:58 118560 ----a-w- C:\Windows\System32\nvmctray.dll
2013-01-24 06:01:01 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-01-20 05:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 05:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 15:21:54.77 ===============

Broni · Apr 13, 2013

Download RogueKiller on the desktop

Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

Unzip downloaded file.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

regan · Apr 17, 2013

Ok thanks,,

ogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : RLFENT [Admin rights]
Mode : Scan -- Date : 04/17/2013 17:20:10
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 7 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Extern Hives: ¤¤¤
-> G:\windows\system32\config\SOFTWARE
-> G:\windows\system32\config\SYSTEM
-> G:\Users\Default\NTUSER.DAT
-> G:\Users\Default User\NTUSER.DAT
-> G:\Users\Public\NTUSER.DAT
-> G:\Users\rlfent\NTUSER.DAT
-> G:\Users\UpdatusUser\NTUSER.DAT
-> G:\Users\UpdatusUser.rlfent-PC\NTUSER.DAT
-> G:\Documents and Settings\Default\NTUSER.DAT
-> G:\Documents and Settings\Default User\NTUSER.DAT
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: INTEL SSDSC2CT060A3 ATA Device +++++
--- User ---
[MBR] 87755aa1467601d612eb6dfff38255da
[BSP] a7e91dd62d7ac3a69f910cf400349181 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 57139 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD10EARS-00Y5B1 ATA Device +++++
--- User ---
[MBR] 7043a6e53b38f492c8ce2541461167bf
[BSP] 57ed56e55506cf721290683d8e4e281c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 55000 Mo
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 112642048 | Size: 898867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: TOSHIBA TOSHIBA USB DRV USB Device +++++
--- User ---
[MBR] 7eac97522ed0d51a37c5006d5faa9d4f
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 3722 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive3: Generic USB SD Reader USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive4: Generic USB CF Reader USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1]_S_04172013_02d1720.txt >>
RKreport[1]_S_04172013_02d1720.txt

regan · Apr 17, 2013

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : RLFENT [Admin rights]
Mode : Remove -- Date : 04/17/2013 17:20:59
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Extern Hives: ¤¤¤
-> G:\windows\system32\config\SOFTWARE
-> G:\windows\system32\config\SYSTEM
-> G:\Users\Default\NTUSER.DAT
-> G:\Users\Default User\NTUSER.DAT
-> G:\Users\Public\NTUSER.DAT
-> G:\Users\rlfent\NTUSER.DAT
-> G:\Users\UpdatusUser\NTUSER.DAT
-> G:\Users\UpdatusUser.rlfent-PC\NTUSER.DAT
-> G:\Documents and Settings\Default\NTUSER.DAT
-> G:\Documents and Settings\Default User\NTUSER.DAT
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: INTEL SSDSC2CT060A3 ATA Device +++++
--- User ---
[MBR] 87755aa1467601d612eb6dfff38255da
[BSP] a7e91dd62d7ac3a69f910cf400349181 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 57139 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD10EARS-00Y5B1 ATA Device +++++
--- User ---
[MBR] 7043a6e53b38f492c8ce2541461167bf
[BSP] 57ed56e55506cf721290683d8e4e281c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 55000 Mo
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 112642048 | Size: 898867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: TOSHIBA TOSHIBA USB DRV USB Device +++++
--- User ---
[MBR] 7eac97522ed0d51a37c5006d5faa9d4f
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 3722 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive3: Generic USB SD Reader USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive4: Generic USB CF Reader USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2]_D_04172013_02d1720.txt >>
RKreport[1]_S_04172013_02d1720.txt ; RKreport[2]_D_04172013_02d1720.txt

regan · Apr 17, 2013

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.17.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
RLFENT :: RLFENT-PC [administrator]
17-Apr-13 5:27:54 PM
mbar-log-2013-04-17 (17-27-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29286
Time elapsed: 3 minute(s), 32 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

Broni · Apr 17, 2013

I still need system-log.txt log.

regan · Apr 17, 2013

Whoops sorry missed that one.

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED
CPU speed: 3.206000 GHz
Memory total: 8589135872, free: 6673051648
------------ Kernel report ------------
04/17/2013 17:21:55
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\FLxHCIc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\irsir.sys
\SystemRoot\system32\drivers\irenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\cxavsvid.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\BdaSup.SYS
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\FLxHCIh.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\irda.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\aksdf.sys
\??\C:\Windows\system32\drivers\hardlock.sys
\SystemRoot\system32\DRIVERS\idmwfp.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\advapi32.dll
\Windows\System32\ole32.dll
\Windows\System32\imm32.dll
\Windows\System32\setupapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\difxapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\kernel32.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xfffffa8008c2b790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000080\
Lower Device Object: 0xfffffa8008c08830
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8008bfb060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007f\
Lower Device Object: 0xfffffa8008c2f5b0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8008c2c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007e\
Lower Device Object: 0xfffffa8008c3b060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8008c1e140
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007d\
Lower Device Object: 0xfffffa8008c45060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800870e790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006e\
Lower Device Object: 0xfffffa8008724b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007c00060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-5\
Lower Device Object: 0xfffffa8006cab680
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007bff060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-4\
Lower Device Object: 0xfffffa80078f81f0
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Downloaded database version: v2013.04.17.02
Downloaded database version: v2013.03.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007bff060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007af9850, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007bff060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80078f81f0, DeviceName: \Device\Ide\IdeDeviceP2T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00fcf4dc0, 0xfffffa8007bff060, 0xfffffa800aaaf090
Lower DeviceData: 0xfffff8a003d3d290, 0xfffffa80078f81f0, 0xfffffa800a934090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: FF5F23EE
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 117020672
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 60022480896 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-117211408-117231408)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007c00060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007c00b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007c00060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006cab680, DeviceName: \Device\Ide\IdeDeviceP3T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00ff02180, 0xfffffa8007c00060, 0xfffffa800aa97790
Lower DeviceData: 0xfffff8a0033bc930, 0xfffffa8006cab680, 0xfffffa800aa50e40
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7F1F470A
Partition information:
Partition 0 type is Dynamic (0x42)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 1985
Partition 1 type is Dynamic (0x42)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 112640000
Partition is not bootable
Partition 2 type is Dynamic (0x42)
Partition is NOT ACTIVE.
Partition starts at LBA: 112642048 Numsec = 1840881072
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa800870e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007ce5b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800870e790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008724b60, DeviceName: \Device\0000006e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00ffcc930, 0xfffffa800870e790, 0xfffffa800aab1790
Lower DeviceData: 0xfffff8a00ff2e1d0, 0xfffffa8008724b60, 0xfffffa800aa5be40
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18
Partition information:
Partition 0 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 8064 Numsec = 7622784
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 3906994176 bytes
Sector size: 512 bytes
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8008c1e140, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008cd8450, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008c1e140, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008c45060, DeviceName: \Device\0000007d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8008c2c060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008c2cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008c2c060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008c3b060, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8008bfb060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008bfbb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008bfb060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008c2f5b0, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa8008c2b790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008c004b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008c2b790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008c08830, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED
CPU speed: 3.206000 GHz
Memory total: 8589135872, free: 7399583744
=======================================

Broni · Apr 17, 2013

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

regan · Apr 18, 2013

ComboFix 13-04-18.01 - RLFENT 18-Apr-13 16:01:42.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.5659 [GMT 10:00]
Running from: c:\users\RLFENT\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\app
c:\programdata\app\drivers.ini
c:\programdata\boost_interprocess\20130410123527.031325
c:\programdata\boost_interprocess\20130410123527.031325\d1acd4fb4a00f612bca8861efe9c2566
c:\users\RLFENT\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-03-18 to 2013-04-18 )))))))))))))))))))))))))))))))
.
.
2013-04-18 06:04 . 2013-04-18 06:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-18 06:04 . 2013-04-18 06:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-18 03:32 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C2DA883-041C-41DE-837E-E9DAC094EAD6}\mpengine.dll
2013-04-17 06:42 . 2013-04-17 07:05 -------- d-----w- c:\users\RLFENT\AppData\Roaming\Nero
2013-04-17 06:40 . 2013-04-17 06:40 -------- d-----w- c:\program files (x86)\Common Files\Nero
2013-04-17 06:40 . 2013-04-17 06:41 -------- d-----w- c:\program files (x86)\Nero
2013-04-17 06:40 . 2013-04-17 06:41 -------- d-----w- c:\programdata\Nero
2013-04-17 06:37 . 2008-10-14 20:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2013-04-17 06:37 . 2007-05-16 06:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
2013-04-17 03:15 . 2013-03-18 19:50 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-13 22:11 . 2013-04-13 22:11 -------- d-----w- C:\FRST
2013-04-13 05:40 . 2012-10-22 21:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2866AD9C-949D-441D-A53E-09770AFC429B}\gapaengine.dll
2013-04-13 05:21 . 2013-04-13 05:21 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-04-13 05:21 . 2013-04-13 05:21 -------- d-----w- c:\program files\Microsoft Security Client
2013-04-12 10:23 . 2013-04-12 10:23 -------- d-----w- c:\programdata\Intel(R) Update Manager
2013-04-12 10:23 . 2013-04-12 10:23 -------- d-----w- C:\Intel
2013-04-12 00:30 . 2013-04-12 10:10 -------- d-----w- c:\users\RLFENT\AppData\Local\ElevatedDiagnostics
2013-04-11 10:17 . 2011-09-22 11:07 105832 ----a-w- c:\windows\system32\SQSRVRES.DLL
2013-04-11 10:17 . 2011-09-22 11:06 109416 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2013-04-11 10:17 . 2011-09-22 07:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2013-04-11 10:17 . 2013-04-11 10:17 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2013-04-11 10:17 . 2013-04-11 10:17 -------- d-----w- c:\program files\Microsoft.NET
2013-04-10 08:17 . 2013-04-18 06:04 -------- d-----w- c:\users\RLFENT\AppData\Local\assembly
2013-04-10 06:49 . 2013-04-10 06:49 -------- d-----w- c:\users\RLFENT\AppData\Local\Sanford,_L.P
2013-04-10 06:49 . 2013-04-10 06:49 -------- d-----w- c:\users\RLFENT\AppData\Local\DYMO
2013-04-10 06:46 . 2013-04-10 06:46 -------- d-----w- c:\program files (x86)\DYMO
2013-04-10 06:43 . 2013-04-10 06:43 -------- d-----w- c:\program files\DYMO LabelWriter Drivers
2013-04-10 06:42 . 2013-04-10 06:42 -------- d-----w- c:\programdata\DYMO
2013-04-10 01:37 . 2013-02-22 07:04 182896 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-04-10 01:37 . 2013-02-22 06:13 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-10 01:37 . 2013-02-22 06:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-04-10 01:37 . 2013-02-22 04:10 149616 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-04-10 01:37 . 2013-02-22 03:34 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-10 01:37 . 2013-02-22 03:31 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-04-10 01:35 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 01:35 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 01:35 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 01:35 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 01:35 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-10 01:35 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-09 00:34 . 2013-04-09 00:34 -------- d-----w- c:\windows\CheckSur
2013-04-09 00:27 . 2013-01-31 09:24 2558240 ----a-w- c:\windows\system32\nvsvcr.dll
2013-04-09 00:24 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-04-09 00:24 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-04-08 08:18 . 2013-04-08 08:18 -------- d-----w- c:\programdata\IDM
2013-04-08 05:43 . 2013-04-13 03:28 -------- d-----w- c:\users\RLFENT\AppData\Roaming\IDM
2013-04-08 04:53 . 2013-04-08 04:53 -------- d-----w- c:\program files (x86)\MSECache
2013-04-07 10:04 . 2013-04-07 10:04 -------- d-----w- c:\users\RLFENT\AppData\Roaming\Alibaba
2013-04-07 10:04 . 2013-04-18 06:04 -------- d-----w- c:\programdata\boost_interprocess
2013-04-07 09:50 . 2013-04-07 09:50 -------- d-----w- c:\users\RLFENT\AppData\Local\Programs
2013-04-05 11:43 . 2013-04-05 11:32 166576 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2013-04-05 10:40 . 2013-04-05 11:08 131584 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2013-03-29 01:42 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-03-29 01:42 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-03-29 01:42 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-03-29 01:42 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-03-29 01:42 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-03-29 01:42 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-03-29 01:41 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-03-29 01:41 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-03-28 09:07 . 2013-03-28 09:07 -------- d-----w- c:\users\RLFENT\AppData\Local\Macromedia
2013-03-25 04:14 . 2013-03-25 04:27 -------- d-----w- c:\users\RLFENT\AppData\Local\MicroVision Applications
2013-03-25 04:13 . 2006-09-20 22:42 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll
2013-03-25 04:13 . 2006-09-20 22:42 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2013-03-25 04:13 . 2013-03-25 04:13 -------- d-----w- c:\program files (x86)\Common Files\SureThing Shared
2013-03-25 04:12 . 2013-03-25 04:13 -------- d-----w- c:\program files (x86)\SureThing CD Labeler 5 - Primera
2013-03-25 04:02 . 2013-03-25 04:18 -------- d-----w- c:\programdata\PTI
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 01:38 . 2012-09-04 07:59 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 04:50 . 2012-09-04 07:36 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 10:34 . 2012-09-04 07:29 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-27 05:58 . 2012-09-04 07:23 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-27 05:58 . 2012-09-04 07:23 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-15 02:52 . 2013-03-15 02:52 4466120 ----a-w- c:\windows\system32\aksllmtp.exe
2013-03-15 02:52 . 2013-03-15 02:52 90056 ----a-w- c:\windows\system32\drivers\aksdf.sys
2013-03-15 02:52 . 2013-03-15 02:52 77768 ----a-w- c:\windows\system32\aksusb4.dll
2013-03-15 02:52 . 2013-03-15 02:52 70088 ----a-w- c:\windows\system32\akshhl30.dll
2013-03-15 02:52 . 2013-03-15 02:52 63944 ----a-w- c:\windows\system32\drivers\akshhl.sys
2013-03-15 02:52 . 2013-03-15 02:52 60488 ----a-w- c:\windows\system32\drivers\akshasp.sys
2013-03-15 02:52 . 2013-03-15 02:52 331144 ----a-w- c:\windows\system32\drivers\hardlock.sys
2013-03-15 02:52 . 2013-03-15 02:52 303368 ----a-w- c:\windows\system32\drivers\aksusb.sys
2013-03-15 02:52 . 2013-03-15 02:52 21448 ----a-w- c:\windows\system32\drivers\aksclass.sys
2013-03-15 02:52 . 2013-03-15 02:52 18376 ----a-w- c:\windows\system32\akshsp52.dll
2013-03-15 02:52 . 2013-03-15 02:52 141064 ----a-w- c:\windows\system32\drivers\aksfridge.sys
2013-02-19 12:32 . 2012-09-04 07:35 15413704 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-19 12:32 . 2013-02-19 12:32 25256736 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-19 12:32 . 2013-02-19 12:32 2222880 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-19 12:32 . 2012-09-04 07:35 18376008 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-19 12:32 . 2013-02-19 12:32 2749216 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-19 12:32 . 2012-02-09 12:43 1802528 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-19 12:32 . 2013-02-19 12:32 7457968 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-19 12:32 . 2013-02-19 12:32 26341664 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-19 12:32 . 2013-02-19 12:32 2446416 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-19 12:32 . 2012-09-04 07:35 2752880 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-19 12:32 . 2013-02-19 12:32 6162704 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-19 12:32 . 2013-02-19 12:32 13531936 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-19 12:32 . 2013-02-19 12:32 7754560 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-19 12:32 . 2013-02-19 12:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-19 12:32 . 2013-02-19 12:32 2577184 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-19 12:32 . 2013-02-19 12:32 1869088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-19 12:32 . 2013-02-19 12:32 19915552 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-19 12:32 . 2013-02-19 12:32 9184760 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-19 12:32 . 2013-02-19 12:32 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-12 05:45 . 2013-03-29 01:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-29 01:42 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-29 01:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-29 01:42 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-29 01:42 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-29 01:42 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-31 09:25 . 2012-09-04 07:36 6207776 ----a-w- c:\windows\system32\nvcpl.dll
2013-01-31 09:25 . 2012-09-04 07:36 3300640 ----a-w- c:\windows\system32\nvsvc64.dll
2013-01-31 09:24 . 2012-09-04 07:36 878368 ----a-w- c:\windows\system32\nvvsvc.exe
2013-01-31 09:24 . 2012-09-04 07:36 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-01-31 09:24 . 2012-09-04 07:36 118560 ----a-w- c:\windows\system32\nvmctray.dll
2013-01-20 05:59 . 2013-01-20 05:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 05:59 . 2013-01-20 05:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-12-04 2792448]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;e:\malwarebytes' anti-malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;e:\malwarebytes' anti-malware\mbamservice.exe [2013-04-04 701512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 ndisahMP;ndisahMP;c:\windows\system32\DRIVERS\ndisah.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-04 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 311144]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-02 56208]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2013-03-15 90056]
S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2012-10-09 32368]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2013-04-05 166576]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2012-02-01 342544]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2012-02-01 70160]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-04-13 88576]
S2 piserv;Primera Index Service;c:\windows\system32\piserv.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 CX88VID;WinFast CX2388x AvStream Driver;c:\windows\system32\drivers\cxavsvid.sys [2007-09-19 469248]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2012-11-07 249584]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2012-11-07 77040]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-25 1276928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-04 05:58]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1654508899-1424364464-812079754-1000Core.job
- c:\users\RLFENT\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04 07:39]
.
2013-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1654508899-1424364464-812079754-1000UA.job
- c:\users\RLFENT\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04 07:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- e:\idm\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - e:\idm\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - e:\idm\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\RLFENT\AppData\Roaming\Mozilla\Firefox\Profiles\uo0wru2c.default\
FF - ExtSQL: 2013-04-08 18:19; mozilla_cc@internetdownloadmanager.com; c:\users\RLFENT\AppData\Roaming\IDM\idmmzcc5
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-DLSService - c:\program files (x86)\DYMO\DYMO Label Software\DLSService.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1654508899-1424364464-812079754-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ac,0f,f3,8b,e9,78,fa,f1,bc,64,a9,6f,3f,26,ef,9a,dd,42,5e,e0,10,
44,b8,4c,fd,6a,b6,73,6f,6c,e6,df,d2,89,14,3b,f5,66,e4,1c,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1654508899-1424364464-812079754-1000_Classes\Wow6432Node\CLSID\{d4cc14db-bcc3-4979-bce1-3555dff62e8f}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000115
"Therad"=dword:0000001f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,e5,34,bf,cc,28,21,23,f5,40,cc,37,71,c4,77,d2,a2,9e,dd,52,38,61,66,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\ASTSRV.EXE
c:\windows\SysWOW64\piserv.exe
.
**************************************************************************
.
Completion time: 2013-04-18 16:18:39 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-18 06:18
.
Pre-Run: 15,355,961,344 bytes free
Post-Run: 15,450,214,400 bytes free
.
- - End Of File - - DFFF620B6F6DED36A155431CCC73B9FC

Broni · Apr 18, 2013

Looks good.

How is computer doing?

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

regan · Apr 19, 2013

Computer running alor better now, firewall is on seems to be sweet thanks alot Bron amazing work I appreciate all your help.

Broni · Apr 19, 2013

Good

Go on...

Broni · Apr 24, 2013

Still with me?

Broni · Apr 29, 2013

This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.

Inactive-A Cannot turn on windows firewall - cannot update windows

Posts: 14 +0

Posts: 14 +0

Posts: 14 +0

Posts: 56,041 +516

Posts: 14 +0

Posts: 14 +0

Posts: 14 +0

Posts: 56,041 +516

Posts: 14 +0

Posts: 14 +0

Posts: 14 +0

Posts: 56,041 +516

Posts: 14 +0

Posts: 56,041 +516

Posts: 14 +0

Posts: 56,041 +516

Posts: 14 +0

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 56,041 +516

Similar threads