Windows has encountered a critical problem and will restart in one min

Solved
By windows90
Aug 11, 2012
  1. I running a windows vista home edition and recently I think I uninstalled microsoft essential after which I started seein the "Windows has encountered a critical problem and will restart in one min" message and system restarts automatically in a min.I tried to restore from previous points but no luck it doesnt let complete the work.Upon BIOS startup with F8 advanced options safe mode/safemode with command prompt occuring same issues over there as well. .I ran the repair your computer option through additional boot options and it takes sometime and lands me on login page with "other user" and I do not know the username or password for this account to further login and proceed with repair your computer option.None of the solved forums here seem to be working out for my situation.Please help.​
  2. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==========================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  3. windows90

    windows90 Newcomer, in training Topic Starter Posts: 30

    Firstly thanks for your quick response.I have looked up the posted procedure here on one of your solved issues.I downloaded the Farbar recovery scan tool to a flash drive and connected the flash drive to the infected computer and followed the below 3 steps:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    Once I hit enter upon choosing Repair your computer it takes me to the login page for user "other user ",I tried to hit enter without providing username password it doesn't work.neither my admin ceredentials or guest credentials work for this account.Cannot move further on that step and so I restart my computer again and F8 takes me to the same options I mentioned in my post.Please suggest more.
  4. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Do you have Vista DVD?
  5. windows90

    windows90 Newcomer, in training Topic Starter Posts: 30

    Sorry I don't think I have the DVD for Vista.Any other alternative?
  6. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Is it Vista 32-bit or 64-bit?
  7. windows90

    windows90 Newcomer, in training Topic Starter Posts: 30

    it is 64 bit Operating system Windows Vista Home Premium Service pack 1
  8. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    I'll PM you.
  9. windows90

    windows90 Newcomer, in training Topic Starter Posts: 30

  10. windows90

    windows90 Newcomer, in training Topic Starter Posts: 30

    Scan result of Farbar Recovery Scan Tool Version: 09-08-2012
    Ran by SYSTEM at 11-08-2012 21:49:52
    Running from F:\
    Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet003

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [272896 2008-08-25] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3863040 2008-11-20] (Dell Inc.)
    HKLM\...\Run: [fssui] "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun [647528 2010-04-28] (Microsoft Corporation)
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe" [132392 2008-07-04] (CyberLink Corp.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [FAStartup] [x]
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248040 2010-02-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800 [283792 2010-03-09] (Carbonite, Inc.)
    HKLM-x32\...\Run: [FATrayAlert] "C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [95488 2008-09-05] (Sensible Vision )
    HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2008-01-20] (Microsoft Corporation)
    HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2008-01-20] (Microsoft Corporation)
    HKU\Guest\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2008-12-18] (Google Inc.)
    HKU\Guest\...\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h [1004544 2009-02-03] (Ares Development Group)
    HKU\Owner\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2008-12-18] (Google Inc.)
    HKU\Owner\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
    HKU\Owner\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Lsa: [Notification Packages] scecli
    FAPassSync
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickSet.lnk
    ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
    Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Guest\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Owner\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

    ==================== Services (Whitelisted) ======

    4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_310debf0\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
    3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_310debf0\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
    3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74384 2008-03-24] (MicroVision Development, Inc.)
    2 wltrysvc; C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe [2930688 2008-11-20] (Dell Inc.)

    ========================== Drivers (Whitelisted) =============

    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-11 21:49 - 2012-08-11 21:49 - 00000000 ____D C:\FRST
    2012-08-11 19:40 - 2012-08-11 19:40 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bhojqesn.sys
    2012-08-11 19:37 - 2012-08-11 19:37 - 00000000 ____D C:\$WINDOWS.~BT
    2012-08-11 19:34 - 2012-08-11 19:34 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ckjmbumk.sys
    2012-08-11 19:33 - 2012-08-11 19:36 - 00001887 ____A C:\Windows\diagwrn.xml
    2012-08-11 19:33 - 2012-08-11 19:36 - 00001887 ____A C:\Windows\diagerr.xml
    2012-08-10 19:00 - 2012-08-10 19:00 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fqvvgwqa.sys
    2012-08-10 16:13 - 2012-08-10 16:13 - 00000000 ____D C:\Program Files\AVAST Software
    2012-08-10 15:22 - 2012-08-10 15:22 - 00000000 ____D C:\Windows\pss
    2012-08-10 14:43 - 2012-08-10 14:43 - 00273024 ____A C:\Windows\Minidump\Mini081012-01.dmp
    2012-08-10 14:35 - 2012-08-10 14:06 - 89340632 ____A C:\Users\Owner\Desktop\avast_free_antivirus_setup.exe
    2012-08-10 14:32 - 2012-08-10 14:32 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mojhwpjq.sys
    2012-08-09 22:32 - 2012-08-09 22:32 - 00000000 ____D C:\Users\Owner\.limewire
    2012-08-09 22:20 - 2012-08-09 22:20 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\igsslueu.sys
    2012-08-08 20:01 - 2012-08-08 20:01 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\snjfldjk.sys
    2012-08-08 19:52 - 2012-08-08 19:52 - 00273024 ____A C:\Windows\Minidump\Mini080812-01.dmp
    2012-08-08 19:08 - 2012-08-08 19:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-08-08 19:07 - 2012-08-08 19:08 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-08-08 19:06 - 2012-08-08 19:06 - 12633472 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall(3).exe
    2012-08-08 19:03 - 2012-08-08 19:03 - 12633472 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall(2).exe
    2012-08-08 19:02 - 2012-08-08 19:02 - 10300288 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall(1).exe
    2012-08-08 18:59 - 2012-08-08 18:59 - 10288512 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall.exe
    2012-08-06 21:26 - 2009-10-09 13:56 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
    2012-08-02 21:23 - 2012-08-02 21:23 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-07-31 20:32 - 2012-07-31 20:39 - 00000000 ____D C:\Users\Owner\AppData\Local\IM Providers
    2012-07-29 21:09 - 2012-07-29 21:10 - 00273024 ____A C:\Windows\Minidump\Mini072912-01.dmp
    2012-07-18 18:24 - 2012-07-18 18:46 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
    2012-07-18 18:24 - 2012-07-18 18:24 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SpeedyPC Software
    2012-07-18 18:24 - 2012-07-18 18:24 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DriverCure
    2012-07-16 20:51 - 2012-07-18 18:22 - 00004870 ____A C:\Windows\IE9_main.log
    2012-07-16 20:50 - 2012-07-03 02:13 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe

    ============ 3 Months Modified Files ========================

    2012-08-11 19:40 - 2012-08-11 19:40 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bhojqesn.sys
    2012-08-11 19:39 - 2010-01-28 18:55 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-08-11 19:39 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-11 19:39 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-11 19:39 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-11 19:36 - 2012-08-11 19:33 - 00001887 ____A C:\Windows\diagwrn.xml
    2012-08-11 19:36 - 2012-08-11 19:33 - 00001887 ____A C:\Windows\diagerr.xml
    2012-08-11 19:36 - 2012-06-17 16:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-11 19:36 - 2006-11-02 07:27 - 00002689 ____A C:\Windows\setupact.log
    2012-08-11 19:36 - 2006-11-02 07:27 - 00000000 ____A C:\Windows\setuperr.log
    2012-08-11 19:34 - 2012-08-11 19:34 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ckjmbumk.sys
    2012-08-11 12:50 - 2006-11-02 07:42 - 00032646 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-10 19:00 - 2012-08-10 19:00 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fqvvgwqa.sys
    2012-08-10 18:08 - 2011-08-17 08:58 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2902662569-1094894158-3628613558-1000UA.job
    2012-08-10 17:47 - 2010-01-28 18:55 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-08-10 14:53 - 2009-01-14 14:27 - 00000418 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{E6CF3ADF-9CEF-4597-BAD8-2EDBC1D256F1}.job
    2012-08-10 14:43 - 2012-08-10 14:43 - 00273024 ____A C:\Windows\Minidump\Mini081012-01.dmp
    2012-08-10 14:43 - 2011-08-13 12:19 - 389837850 ____A C:\Windows\MEMORY.DMP
    2012-08-10 14:32 - 2012-08-10 14:32 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mojhwpjq.sys
    2012-08-10 14:06 - 2012-08-10 14:35 - 89340632 ____A C:\Users\Owner\Desktop\avast_free_antivirus_setup.exe
    2012-08-09 22:20 - 2012-08-09 22:20 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\igsslueu.sys
    2012-08-09 22:00 - 2009-02-11 11:07 - 00000680 ____A C:\Users\Owner\AppData\Local\d3d9caps.dat
    2012-08-09 19:11 - 2008-12-18 15:56 - 01702141 ____A C:\Windows\WindowsUpdate.log
    2012-08-09 19:09 - 2008-01-20 19:26 - 00057394 ____A C:\Windows\PFRO.log
    2012-08-08 20:01 - 2012-08-08 20:01 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\snjfldjk.sys
    2012-08-08 19:52 - 2012-08-08 19:52 - 00273024 ____A C:\Windows\Minidump\Mini080812-01.dmp
    2012-08-08 19:09 - 2011-01-25 20:04 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-08-08 19:08 - 2011-01-25 20:03 - 00739784 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-08-08 19:06 - 2012-08-08 19:06 - 12633472 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall(3).exe
    2012-08-08 19:03 - 2012-08-08 19:03 - 12633472 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall(2).exe
    2012-08-08 19:02 - 2012-08-08 19:02 - 10300288 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall(1).exe
    2012-08-08 18:59 - 2012-08-08 18:59 - 10288512 ____A (Microsoft Corporation) C:\Users\Owner\Downloads\mseinstall.exe
    2012-08-08 18:53 - 2006-11-02 04:46 - 00724780 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-03 14:36 - 2012-06-17 16:45 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-03 14:36 - 2011-07-07 17:21 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-02 21:14 - 2009-02-26 13:53 - 00000436 ____A C:\Windows\System32\Drivers\etc\hosts.ics
    2012-07-29 21:10 - 2012-07-29 21:09 - 00273024 ____A C:\Windows\Minidump\Mini072912-01.dmp
    2012-07-18 18:22 - 2012-07-16 20:51 - 00004870 ____A C:\Windows\IE9_main.log
    2012-07-12 03:08 - 2011-08-17 08:58 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2902662569-1094894158-3628613558-1000Core.job
    2012-07-12 02:01 - 2006-11-02 04:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2012-07-03 02:13 - 2012-07-16 20:50 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
    2012-06-29 22:12 - 2012-06-29 22:12 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-06-29 22:11 - 2012-06-29 22:11 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-1.61.0.1400.exe
    2012-06-25 18:48 - 2009-02-17 13:06 - 00001758 ____A C:\Users\Owner\AppData\Roaming\wklnhst.dat
    2012-06-25 18:47 - 2012-06-25 18:47 - 00011776 ____A C:\Users\Owner\Documents\Vick'ys Schedule for Fall.xlr
    2012-06-18 20:47 - 2012-06-18 20:47 - 00273024 ____A C:\Windows\Minidump\Mini061812-01.dmp
    2012-06-16 01:56 - 2012-06-16 01:56 - 00273024 ____A C:\Windows\Minidump\Mini061612-01.dmp
    2012-06-15 20:01 - 2012-06-15 20:01 - 00001890 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-06-07 17:37 - 2012-06-07 17:37 - 00000013 ____A C:\Users\Owner\Documents\router trouble.txt
    2012-06-03 15:20 - 2012-05-04 12:07 - 00000680 ____A C:\Users\Guest\AppData\Local\d3d9caps.dat
    2012-06-02 20:46 - 2012-06-02 20:46 - 00090192 ____A C:\Users\Owner\Downloads\install_flashplayer10x32_mssd_aih.exe
    2012-06-02 20:41 - 2012-06-02 20:38 - 03092128 ____A (Adobe Systems, Inc.) C:\Users\Owner\Downloads\install_flash_player(2).exe
    2012-06-02 20:31 - 2012-06-02 20:30 - 00463080 ____A (CNET Download.com) C:\Users\Owner\Downloads\cnet2_BatteryBar_exe.exe
    2012-05-24 10:46 - 2012-05-24 10:46 - 00001696 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-05-21 11:38 - 2010-08-12 16:49 - 00014848 ____A C:\Users\Owner\Documents\Nanny_Agree..wps
    2012-05-21 10:58 - 2012-05-21 10:58 - 00023552 ____A C:\Users\Owner\Documents\schedule for vicky - fall 2012.xls
    2012-05-14 19:30 - 2012-05-14 19:30 - 00273024 ____A C:\Windows\Minidump\Mini051412-01.dmp

    ZeroAccess:
    C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}
    C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\@
    C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\L
    C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\n
    C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\U
    C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\L\00000004.@
    C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\L\201d3dde
    C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\U\00000004.@
    C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\U\00000008.@
    C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\U\000000cb.@
    C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\U\80000000.@
    C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\U\80000032.@
    C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\U\80000064.@

    ZeroAccess:
    C:\Users\Owner\AppData\Local\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}
    C:\Users\Owner\AppData\Local\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\@
    C:\Users\Owner\AppData\Local\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\L
    C:\Users\Owner\AppData\Local\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24}\U

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    Type 00 partition infection:
    C:\Windows\svchost.exe

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe BA539D2CE99C05A180EC518EA2040D6A ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 17%
    Total physical RAM: 4053.98 MB
    Available physical RAM: 3331.03 MB
    Total Pagefile: 3748.56 MB
    Available Pagefile: 3312.77 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ======================= Partitions =========================

    1 Drive c: (OS) (Fixed) (Total:288.01 GB) (Free:190.34 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:3.35 GB) NTFS
    3 Drive e: (VISTA_SP1_HOMEPREMIUM) (CDROM) (Total:4.2 GB) (Free:0 GB) UDF
    4 Drive f: () (Removable) (Total:1.87 GB) (Free:1.2 GB) FAT
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 1920 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 78 MB 32 KB
    Partition 2 Primary 10 GB 79 MB
    Partition 3 Primary 288 GB 10 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 FAT Partition 78 MB Healthy Hidden

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 D RECOVERY NTFS Partition 10 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 288 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1919 MB 1276 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F FAT Removable 1919 MB Healthy

    ==================================================================================

    Last Boot: 2012-08-08 18:57

    ======================= End Of Log ==========================
  11. windows90

    windows90 Newcomer, in training Topic Starter Posts: 30

    SEARCH.txt

    Farbar Recovery Scan Tool Version: 09-08-2012
    Ran by SYSTEM at 2012-08-11 21:53:14
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
    [2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

    C:\Windows\SysWOW64\services.exe
    [2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

    C:\Windows\System32\services.exe
    [2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) BA539D2CE99C05A180EC518EA2040D6A

    C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2009-12-15 20:06] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

    C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
    [2009-12-15 20:07] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

    ====== End Of Search ======
     
  12. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    =========================

    Bed time here so I'll check on you tomorrow morning...

    Attached Files:

  13. windows90

    windows90 Newcomer, in training Topic Starter Posts: 30

    FixLog Content:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012
    Ran by SYSTEM at 2012-08-11 22:24:05 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet003\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\svchost.exe moved successfully.
    C:\Windows\System32\Drivers\bhojqesn.sys moved successfully.
    C:\Windows\System32\Drivers\ckjmbumk.sys moved successfully.
    C:\Windows\System32\Drivers\fqvvgwqa.sys moved successfully.
    C:\Windows\System32\Drivers\mojhwpjq.sys moved successfully.
    C:\Windows\System32\Drivers\igsslueu.sys moved successfully.
    C:\Windows\System32\Drivers\snjfldjk.sys moved successfully.
    C:\Windows\Installer\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24} moved successfully.
    C:\Users\Owner\AppData\Local\{cdd218d8-07b8-70e5-0c40-fcf1c64f8a24} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
  14. windows90

    windows90 Newcomer, in training Topic Starter Posts: 30

    22:30:20.0663 1064 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    22:30:21.0069 1064 ============================================================
    22:30:21.0069 1064 Current date / time: 2012/08/11 22:30:21.0069
    22:30:21.0069 1064 SystemInfo:
    22:30:21.0069 1064
    22:30:21.0069 1064 OS Version: 6.0.6001 ServicePack: 1.0
    22:30:21.0069 1064 Product type: Workstation
    22:30:21.0069 1064 ComputerName: OWNER-PC
    22:30:21.0069 1064 UserName: Owner
    22:30:21.0069 1064 Windows directory: C:\Windows
    22:30:21.0069 1064 System windows directory: C:\Windows
    22:30:21.0069 1064 Running under WOW64
    22:30:21.0069 1064 Processor architecture: Intel x64
    22:30:21.0069 1064 Number of processors: 2
    22:30:21.0069 1064 Page size: 0x1000
    22:30:21.0069 1064 Boot type: Normal boot
    22:30:21.0084 1064 ============================================================
    22:30:41.0774 1064 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:30:41.0790 1064 Drive \Device\Harddisk1\DR1 - Size: 0x78000000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    22:30:41.0790 1064 ============================================================
    22:30:41.0790 1064 \Device\Harddisk0\DR0:
    22:30:41.0790 1064 MBR partitions:
    22:30:41.0790 1064 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x1400000
    22:30:41.0790 1064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1427800, BlocksNum 0x24006800
    22:30:41.0790 1064 \Device\Harddisk1\DR1:
    22:30:41.0790 1064 MBR partitions:
    22:30:41.0790 1064 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x9F8, BlocksNum 0x3BF608
    22:30:41.0790 1064 ============================================================
    22:30:41.0915 1064 C: <-> \Device\Harddisk0\DR0\Partition1
    22:30:42.0040 1064 D: <-> \Device\Harddisk0\DR0\Partition0
    22:30:42.0040 1064 ============================================================
    22:30:42.0040 1064 Initialize success
    22:30:42.0040 1064 ============================================================
    22:30:44.0707 1592 ============================================================
    22:30:44.0707 1592 Scan started
    22:30:44.0707 1592 Mode: Manual;
    22:30:44.0707 1592 ============================================================
    22:30:47.0593 1592 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
    22:30:47.0593 1592 ACPI - ok
    22:30:48.0794 1592 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    22:30:48.0919 1592 AdobeFlashPlayerUpdateSvc - ok
    22:30:49.0543 1592 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
    22:30:49.0574 1592 adp94xx - ok
    22:30:49.0793 1592 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
    22:30:49.0808 1592 adpahci - ok
    22:30:50.0526 1592 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
    22:30:50.0573 1592 adpu160m - ok
    22:30:50.0604 1592 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
    22:30:50.0620 1592 adpu320 - ok
    22:30:50.0635 1592 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
    22:30:50.0635 1592 AeLookupSvc - ok
    22:30:51.0587 1592 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_310debf0\AESTSr64.exe
    22:30:51.0727 1592 AESTFilters - ok
    22:30:52.0148 1592 AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
    22:30:52.0180 1592 AFD - ok
    22:30:52.0226 1592 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
    22:30:52.0242 1592 agp440 - ok
    22:30:52.0351 1592 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
    22:30:52.0367 1592 aic78xx - ok
    22:30:52.0398 1592 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
    22:30:52.0429 1592 ALG - ok
    22:30:52.0648 1592 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
    22:30:52.0694 1592 aliide - ok
    22:30:52.0726 1592 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
    22:30:52.0741 1592 amdide - ok
    22:30:52.0850 1592 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
    22:30:52.0882 1592 AmdK8 - ok
    22:30:53.0755 1592 ApfiltrService (8c85c812569df851e7a2159147323dfa) C:\Windows\system32\DRIVERS\Apfiltr.sys
    22:30:53.0771 1592 ApfiltrService - ok
    22:30:54.0052 1592 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
    22:30:54.0052 1592 Appinfo - ok
    22:30:54.0676 1592 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    22:30:54.0676 1592 Apple Mobile Device - ok
    22:30:55.0097 1592 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
    22:30:55.0128 1592 arc - ok
    22:30:55.0300 1592 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
    22:30:55.0315 1592 arcsas - ok
    22:30:55.0378 1592 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
    22:30:55.0378 1592 AsyncMac - ok
    22:30:55.0518 1592 atapi (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys
    22:30:55.0518 1592 atapi - ok
    22:30:56.0126 1592 AudioEndpointBuilder (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
    22:30:56.0142 1592 AudioEndpointBuilder - ok
    22:30:56.0142 1592 AudioSrv (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
    22:30:56.0142 1592 AudioSrv - ok
    22:30:56.0298 1592 BBSvc (47480f4260dae9aa589bcaf924b3767a) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe
    22:30:56.0298 1592 BBSvc - ok
    22:30:56.0360 1592 BBUpdate (6bf743cbf3bcd09dab79245e60e1ae62) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe
    22:30:56.0454 1592 BBUpdate - ok
    22:30:56.0516 1592 BCM42RLY (70a746dca80368a4155ba9014dc103d9) C:\Windows\system32\drivers\BCM42RLY.sys
    22:30:56.0516 1592 BCM42RLY - ok
    22:30:57.0468 1592 BCM43XX (b76505d76984d935214e118753bdb2cb) C:\Windows\system32\DRIVERS\bcmwl664.sys
    22:30:57.0468 1592 BCM43XX - ok
    22:30:57.0562 1592 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
    22:30:57.0577 1592 blbdrive - ok
    22:30:57.0842 1592 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    22:30:57.0842 1592 Bonjour Service - ok
    22:30:58.0342 1592 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
    22:30:58.0342 1592 bowser - ok
    22:30:58.0435 1592 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
    22:30:58.0451 1592 BrFiltLo - ok
    22:30:58.0498 1592 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
    22:30:58.0529 1592 BrFiltUp - ok
    22:30:58.0763 1592 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
    22:30:58.0763 1592 Browser - ok
    22:30:58.0888 1592 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
    22:30:58.0903 1592 Brserid - ok
    22:30:58.0981 1592 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
    22:30:58.0997 1592 BrSerWdm - ok
    22:30:59.0012 1592 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
    22:30:59.0028 1592 BrUsbMdm - ok
    22:30:59.0059 1592 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
    22:30:59.0059 1592 BrUsbSer - ok
    22:30:59.0090 1592 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
    22:30:59.0106 1592 BTHMODEM - ok
    22:30:59.0137 1592 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
    22:30:59.0184 1592 cdfs - ok
    22:30:59.0215 1592 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
    22:30:59.0231 1592 cdrom - ok
    22:30:59.0590 1592 CertPropSvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
    22:30:59.0652 1592 CertPropSvc - ok
    22:30:59.0917 1592 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
    22:30:59.0917 1592 circlass - ok
    22:31:00.0058 1592 CLFS (c12c4ee07843b595036da0baa6317936) C:\Windows\system32\CLFS.sys
    22:31:00.0058 1592 CLFS - ok
    22:31:00.0385 1592 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:31:00.0432 1592 clr_optimization_v2.0.50727_32 - ok
    22:31:00.0760 1592 clr_optimization_v2.0.50727_64 (fa58b51ed71c9133e141164eaa7c54eb) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    22:31:00.0822 1592 clr_optimization_v2.0.50727_64 - ok
  15. windows90

    windows90 Newcomer, in training Topic Starter Posts: 30

    22:31:01.0384 1592 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:31:01.0633 1592 clr_optimization_v4.0.30319_32 - ok
    22:31:01.0867 1592 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    22:31:01.0867 1592 clr_optimization_v4.0.30319_64 - ok
    22:31:02.0008 1592 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
    22:31:02.0023 1592 CmBatt - ok
    22:31:02.0039 1592 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
    22:31:02.0054 1592 cmdide - ok
    22:31:02.0070 1592 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
    22:31:02.0070 1592 Compbatt - ok
    22:31:02.0070 1592 COMSysApp - ok
    22:31:02.0086 1592 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
    22:31:02.0086 1592 crcdisk - ok
    22:31:02.0132 1592 CryptSvc (4374f784121d8b3bb466b03f5e5ebd33) C:\Windows\system32\cryptsvc.dll
    22:31:02.0148 1592 CryptSvc - ok
    22:31:02.0663 1592 DcomLaunch (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
    22:31:02.0912 1592 DcomLaunch - ok
    22:31:03.0053 1592 DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
    22:31:03.0068 1592 DfsC - ok
    22:31:07.0577 1592 DFSR (1781f99840979ee7b126c9073c377fd0) C:\Windows\system32\DFSR.exe
    22:31:07.0826 1592 DFSR - ok
    22:31:08.0622 1592 Dhcp (fdaa0edfcfb70cd529589ad654651b40) C:\Windows\System32\dhcpcsvc.dll
    22:31:08.0669 1592 Dhcp - ok
    22:31:08.0872 1592 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
    22:31:08.0872 1592 disk - ok
    22:31:08.0918 1592 Dnscache (daf05293c1264e251d3a25e7e24b2ddf) C:\Windows\System32\dnsrslvr.dll
    22:31:08.0950 1592 Dnscache - ok
    22:31:09.0620 1592 DockLoginService (db29915209770d8b59654345ec2d943a) C:\Program Files\Dell\DellDock\DockLogin.exe
    22:31:09.0683 1592 DockLoginService - ok
    22:31:09.0745 1592 dot3svc (cc661867677627f2911c2a4970dee0f1) C:\Windows\System32\dot3svc.dll
    22:31:09.0761 1592 dot3svc - ok
    22:31:09.0808 1592 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
    22:31:09.0823 1592 DPS - ok
    22:31:09.0854 1592 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
    22:31:09.0854 1592 drmkaud - ok
    22:31:10.0182 1592 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
    22:31:10.0229 1592 DXGKrnl - ok
    22:31:10.0385 1592 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
    22:31:10.0400 1592 e1express - ok
    22:31:10.0822 1592 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
    22:31:10.0868 1592 E1G60 - ok
    22:31:11.0180 1592 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
    22:31:11.0212 1592 EapHost - ok
    22:31:11.0290 1592 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
    22:31:11.0305 1592 Ecache - ok
    22:31:12.0038 1592 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
    22:31:12.0116 1592 ehRecvr - ok
    22:31:12.0148 1592 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
    22:31:12.0194 1592 ehSched - ok
    22:31:12.0210 1592 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
    22:31:12.0210 1592 ehstart - ok
    22:31:12.0272 1592 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
    22:31:12.0288 1592 elxstor - ok
    22:31:12.0460 1592 EMDMgmt (e4eb76d0a8fc43db7f36302e1f33791f) C:\Windows\system32\emdmgmt.dll
    22:31:12.0475 1592 EMDMgmt - ok
    22:31:12.0506 1592 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
    22:31:12.0522 1592 ErrDev - ok
    22:31:12.0678 1592 EventSystem (6b1a97bf9fefbdc83f3c7c7d0f826c66) C:\Windows\system32\es.dll
    22:31:12.0740 1592 EventSystem - ok
    22:31:12.0787 1592 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
    22:31:12.0803 1592 exfat - ok
    22:31:12.0850 1592 FACAP (e7f412035b832013fa32f412246c5bff) C:\Windows\system32\DRIVERS\facap.sys
    22:31:12.0865 1592 FACAP - ok
    22:31:16.0063 1592 FAService (4cd1d92dbf3bf28d43cfb98dfb91b7ab) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
    22:31:16.0079 1592 FAService - ok
    22:31:18.0325 1592 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
    22:31:18.0341 1592 fastfat - ok
    22:31:18.0434 1592 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
    22:31:18.0450 1592 fdc - ok
    22:31:18.0528 1592 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
    22:31:18.0528 1592 fdPHost - ok
    22:31:18.0575 1592 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
    22:31:18.0575 1592 FDResPub - ok
    22:31:18.0606 1592 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
    22:31:18.0606 1592 FileInfo - ok
    22:31:18.0715 1592 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
    22:31:18.0840 1592 Filetrace - ok
    22:31:18.0965 1592 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    22:31:19.0043 1592 flpydisk - ok
    22:31:19.0308 1592 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
    22:31:19.0308 1592 FltMgr - ok
    22:31:19.0511 1592 FontCache3.0.0.0 (73d0f1d32edae3dcc4e84468bf910add) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    22:31:19.0526 1592 FontCache3.0.0.0 - ok
    22:31:19.0636 1592 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
    22:31:19.0651 1592 fssfltr - ok
    22:31:20.0119 1592 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    22:31:20.0244 1592 fsssvc - ok
    22:31:20.0275 1592 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
    22:31:20.0291 1592 Fs_Rec - ok
    22:31:20.0494 1592 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
    22:31:20.0494 1592 gagp30kx - ok
    22:31:20.0525 1592 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    22:31:20.0540 1592 GEARAspiWDM - ok
    22:31:20.0899 1592 gpsvc (9e5b254d58232ec8921ec3c5a94c81ed) C:\Windows\System32\gpsvc.dll
    22:31:20.0946 1592 gpsvc - ok
    22:31:21.0149 1592 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:31:21.0149 1592 gupdate - ok
    22:31:21.0149 1592 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:31:21.0149 1592 gupdatem - ok
    22:31:22.0132 1592 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    22:31:22.0178 1592 gusvc - ok
    22:31:22.0943 1592 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
    22:31:23.0068 1592 HdAudAddService - ok
    22:31:23.0146 1592 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
    22:31:23.0146 1592 HDAudBus - ok
    22:31:23.0161 1592 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
    22:31:23.0177 1592 HidBth - ok
    22:31:23.0380 1592 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
    22:31:23.0426 1592 HidIr - ok
    22:31:23.0504 1592 hidserv (77e34697087cfdbcfd9e0009704fb5af) C:\Windows\system32\hidserv.dll
    22:31:23.0504 1592 hidserv - ok
    22:31:23.0520 1592 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
    22:31:23.0536 1592 HidUsb - ok
    22:31:24.0191 1592 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
    22:31:24.0222 1592 hkmsvc - ok
    22:31:24.0721 1592 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
    22:31:24.0799 1592 HpCISSs - ok
    22:31:26.0562 1592 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
    22:31:26.0562 1592 HTTP - ok
    22:31:26.0843 1592 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
    22:31:26.0921 1592 i2omp - ok
    22:31:27.0061 1592 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
    22:31:27.0139 1592 i8042prt - ok
    22:31:27.0233 1592 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
    22:31:27.0280 1592 iaStorV - ok
    22:31:28.0387 1592 idsvc (76ea63cdb2d88dae7209691d089bef1d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    22:31:28.0481 1592 idsvc - ok
    22:31:44.0564 1592 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
    22:31:44.0970 1592 igfx - ok
    22:31:46.0374 1592 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
    22:31:46.0374 1592 iirsp - ok
    22:31:46.0499 1592 IKEEXT (f6b541b5b8ffc17e91c2697a39c80fe4) C:\Windows\System32\ikeext.dll
    22:31:46.0530 1592 IKEEXT - ok
    22:31:46.0561 1592 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys
    22:31:46.0577 1592 IntcHdmiAddService - ok
    22:31:46.0624 1592 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
    22:31:46.0639 1592 intelide - ok
    22:31:46.0670 1592 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
    22:31:46.0670 1592 intelppm - ok
    22:31:46.0717 1592 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
    22:31:46.0748 1592 IPBusEnum - ok
    22:31:46.0764 1592 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:31:46.0780 1592 IpFilterDriver - ok
    22:31:46.0780 1592 IpInIp - ok
    22:31:47.0450 1592 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
    22:31:47.0591 1592 IPMIDRV - ok
    22:31:47.0856 1592 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
    22:31:47.0903 1592 IPNAT - ok
    22:31:50.0508 1592 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
    22:31:50.0617 1592 iPod Service - ok
    22:31:50.0680 1592 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
    22:31:50.0680 1592 IRENUM - ok
    22:31:50.0726 1592 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
    22:31:50.0726 1592 isapnp - ok
    22:31:50.0773 1592 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
    22:31:50.0773 1592 iScsiPrt - ok
    22:31:50.0945 1592 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
    22:31:50.0960 1592 iteatapi - ok
    22:31:51.0397 1592 itecir (5fef11c18ec25cdcb27e6c8680690b69) C:\Windows\system32\DRIVERS\itecir.sys
    22:31:51.0413 1592 itecir - ok
    22:31:51.0709 1592 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
    22:31:51.0709 1592 iteraid - ok
    22:31:52.0598 1592 k57nd60a (2798447996feb5a58b584c8443acad02) C:\Windows\system32\DRIVERS\k57nd60a.sys
    22:31:52.0645 1592 k57nd60a - ok
    22:31:52.0676 1592 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
    22:31:52.0708 1592 kbdclass - ok
    22:31:52.0754 1592 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
    22:31:52.0754 1592 kbdhid - ok
    22:31:52.0832 1592 KeyIso (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
    22:31:52.0848 1592 KeyIso - ok
    22:31:52.0988 1592 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
    22:31:53.0004 1592 KSecDD - ok
    22:31:53.0035 1592 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
    22:31:53.0035 1592 ksthunk - ok
    22:31:53.0628 1592 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
    22:31:53.0628 1592 KtmRm - ok
    22:31:53.0690 1592 LanmanServer (3f27c9cdae606d74431e3ab39571a7f3) C:\Windows\system32\srvsvc.dll
    22:31:53.0690 1592 LanmanServer - ok
    22:31:54.0236 1592 LanmanWorkstation (6e25ffc6fead6544c6e9f1d23329570c) C:\Windows\System32\wkssvc.dll
    22:31:54.0252 1592 LanmanWorkstation - ok
    22:31:54.0470 1592 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
    22:31:54.0486 1592 lltdio - ok
    22:31:55.0282 1592 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
    22:31:55.0500 1592 lltdsvc - ok
    22:31:55.0562 1592 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
    22:31:55.0594 1592 lmhosts - ok
    22:31:55.0640 1592 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
    22:31:55.0656 1592 LSI_FC - ok
    22:31:56.0046 1592 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
    22:31:56.0046 1592 LSI_SAS - ok
    22:31:56.0093 1592 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
    22:31:56.0093 1592 LSI_SCSI - ok
    22:31:56.0218 1592 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
    22:31:56.0249 1592 luafv - ok
    22:31:56.0639 1592 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
    22:31:56.0764 1592 McComponentHostService - ok
    22:31:57.0200 1592 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
    22:31:57.0294 1592 Mcx2Svc - ok
    22:31:57.0325 1592 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
    22:31:57.0341 1592 megasas - ok
    22:31:57.0653 1592 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
    22:31:57.0731 1592 MegaSR - ok
    22:31:57.0762 1592 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
    22:31:57.0793 1592 MMCSS - ok
    22:31:58.0012 1592 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
    22:31:58.0043 1592 Modem - ok
    22:31:58.0074 1592 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
    22:31:58.0074 1592 monitor - ok
    22:31:58.0105 1592 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
    22:31:58.0121 1592 mouclass - ok
    22:31:58.0308 1592 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
    22:31:58.0339 1592 mouhid - ok
    22:31:58.0573 1592 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
    22:31:58.0573 1592 MountMgr - ok
    22:31:58.0698 1592 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    22:31:58.0760 1592 MozillaMaintenance - ok
    22:31:59.0338 1592 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
    22:31:59.0338 1592 MpFilter - ok
    22:31:59.0712 1592 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
    22:31:59.0728 1592 mpio - ok
    22:31:59.0759 1592 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
    22:31:59.0774 1592 mpsdrv - ok
    22:31:59.0790 1592 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
    22:31:59.0806 1592 Mraid35x - ok
    22:31:59.0837 1592 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
    22:31:59.0837 1592 MRxDAV - ok
    22:32:00.0024 1592 mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:32:00.0024 1592 mrxsmb - ok
    22:32:00.0305 1592 mrxsmb10 (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:32:00.0305 1592 mrxsmb10 - ok
    22:32:00.0352 1592 mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:32:00.0352 1592 mrxsmb20 - ok
    22:32:00.0539 1592 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
    22:32:00.0539 1592 msahci - ok
    22:32:00.0726 1592 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
    22:32:00.0742 1592 msdsm - ok
    22:32:00.0991 1592 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
    22:32:01.0069 1592 MSDTC - ok
    22:32:01.0085 1592 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
    22:32:01.0100 1592 Msfs - ok
    22:32:01.0319 1592 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
    22:32:01.0319 1592 msisadrv - ok
    22:32:01.0366 1592 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
    22:32:01.0397 1592 MSiSCSI - ok
    22:32:01.0397 1592 msiserver - ok
    22:32:01.0428 1592 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
    22:32:01.0444 1592 MSKSSRV - ok
    22:32:01.0818 1592 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
    22:32:01.0818 1592 MsMpSvc - ok
    22:32:01.0880 1592 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
    22:32:01.0927 1592 MSPCLOCK - ok
    22:32:01.0974 1592 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
    22:32:01.0990 1592 MSPQM - ok
    22:32:02.0348 1592 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
    22:32:02.0442 1592 MsRPC - ok
    22:32:02.0473 1592 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
    22:32:02.0473 1592 mssmbios - ok
    22:32:02.0504 1592 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
    22:32:02.0520 1592 MSTEE - ok
    22:32:02.0551 1592 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
    22:32:02.0551 1592 Mup - ok
    22:32:03.0050 1592 napagent (c25022cdd18980846973b598900915f8) C:\Windows\system32\qagentRT.dll
    22:32:03.0050 1592 napagent - ok
    22:32:03.0752 1592 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
    22:32:03.0768 1592 NativeWifiP - ok
    22:32:05.0000 1592 NDIS (f9a3ae5c9f047d71a36a99f9abca7d02) C:\Windows\system32\drivers\ndis.sys
    22:32:05.0016 1592 NDIS - ok
    22:32:05.0234 1592 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
    22:32:05.0281 1592 NdisTapi - ok
    22:32:05.0281 1592 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
    22:32:05.0297 1592 Ndisuio - ok
    22:32:05.0437 1592 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
    22:32:05.0453 1592 NdisWan - ok
    22:32:05.0484 1592 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
    22:32:05.0500 1592 NDProxy - ok
    22:32:05.0812 1592 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
    22:32:05.0874 1592 NetBIOS - ok
    22:32:06.0779 1592 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
    22:32:06.0826 1592 netbt - ok
    22:32:06.0904 1592 Netlogon (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
    22:32:06.0904 1592 Netlogon - ok
    22:32:07.0200 1592 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
    22:32:07.0200 1592 Netman - ok
    22:32:07.0715 1592 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
    22:32:07.0762 1592 netprofm - ok
    22:32:08.0089 1592 NetTcpPortSharing (b84613b469b98e09f50a748c1d02e132) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:32:08.0120 1592 NetTcpPortSharing - ok
    22:32:08.0276 1592 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
    22:32:08.0292 1592 nfrd960 - ok
    22:32:08.0354 1592 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    22:32:08.0370 1592 NisDrv - ok
    22:32:08.0620 1592 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
    22:32:08.0651 1592 NisSrv - ok
    22:32:08.0698 1592 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
    22:32:08.0698 1592 NlaSvc - ok
    22:32:08.0791 1592 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
    22:32:08.0838 1592 Npfs - ok
    22:32:08.0885 1592 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
    22:32:08.0900 1592 nsi - ok
    22:32:09.0103 1592 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
    22:32:09.0134 1592 nsiproxy - ok
    22:32:09.0962 1592 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
    22:32:09.0962 1592 Ntfs - ok
    22:32:10.0446 1592 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
    22:32:10.0461 1592 Null - ok
    22:32:10.0493 1592 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
    22:32:10.0508 1592 nvraid - ok
    22:32:10.0602 1592 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
    22:32:10.0617 1592 nvstor - ok
    22:32:10.0727 1592 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
    22:32:10.0773 1592 nv_agp - ok
    22:32:10.0773 1592 NwlnkFlt - ok
    22:32:10.0805 1592 NwlnkFwd - ok
    22:32:10.0851 1592 OA001Ufd (d09cc91e92fd1ff81af3a14be2cbb20d) C:\Windows\system32\DRIVERS\OA001Ufd.sys
    22:32:10.0898 1592 OA001Ufd - ok
    22:32:11.0163 1592 OA001Vid (a42cb6914ad67e1584e807ce53f1e62c) C:\Windows\system32\DRIVERS\OA001Vid.sys
    22:32:11.0195 1592 OA001Vid - ok
    22:32:11.0226 1592 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
    22:32:11.0226 1592 ohci1394 - ok
    22:32:12.0864 1592 p2pimsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
    22:32:13.0004 1592 p2pimsvc - ok
    22:32:13.0004 1592 p2psvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
    22:32:13.0020 1592 p2psvc - ok
    22:32:13.0098 1592 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
    22:32:13.0113 1592 Parport - ok
    22:32:13.0347 1592 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
    22:32:13.0347 1592 partmgr - ok
    22:32:13.0987 1592 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
    22:32:14.0003 1592 PcaSvc - ok
    22:32:14.0892 1592 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
    22:32:14.0907 1592 pci - ok
    22:32:14.0923 1592 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
    22:32:14.0939 1592 pciide - ok
    22:32:15.0890 1592 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
    22:32:15.0953 1592 pcmcia - ok
    22:32:17.0419 1592 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
    22:32:17.0419 1592 PEAUTH - ok
    22:32:17.0887 1592 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
    22:32:17.0903 1592 PerfHost - ok
    22:32:18.0963 1592 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
    22:32:19.0057 1592 pla - ok
    22:32:19.0275 1592 PlugPlay (5aaa0c5534b05ed49919fcd9dbd11a5b) C:\Windows\system32\umpnpmgr.dll
    22:32:19.0369 1592 PlugPlay - ok
    22:32:19.0899 1592 PNRPAutoReg (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
    22:32:19.0962 1592 PNRPAutoReg - ok
    22:32:19.0977 1592 PNRPsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
    22:32:19.0977 1592 PNRPsvc - ok
    22:32:21.0007 1592 PolicyAgent (eef3688d5e9592cbbbed00de71dda1ef) C:\Windows\System32\ipsecsvc.dll
    22:32:21.0101 1592 PolicyAgent - ok
    22:32:21.0615 1592 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
    22:32:21.0631 1592 PptpMiniport - ok
  16. windows90

    windows90 Newcomer, in training Topic Starter Posts: 30

    22:32:21.0990 1592 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
    22:32:22.0005 1592 Processor - ok
    22:32:22.0785 1592 ProfSvc (b21fe10dad3ab59e78df7aa3fbf41e70) C:\Windows\system32\profsvc.dll
    22:32:22.0832 1592 ProfSvc - ok
    22:32:22.0926 1592 ProtectedStorage (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
    22:32:22.0926 1592 ProtectedStorage - ok
    22:32:23.0051 1592 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
    22:32:23.0066 1592 PSched - ok
    22:32:23.0238 1592 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
    22:32:23.0238 1592 PxHlpa64 - ok
    22:32:25.0016 1592 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
    22:32:25.0079 1592 ql2300 - ok
    22:32:25.0110 1592 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
    22:32:25.0141 1592 ql40xx - ok
    22:32:25.0188 1592 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
    22:32:25.0250 1592 QWAVE - ok
    22:32:25.0625 1592 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
    22:32:25.0671 1592 QWAVEdrv - ok
    22:32:28.0713 1592 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
    22:32:29.0415 1592 R300 - ok
    22:32:29.0883 1592 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
    22:32:29.0899 1592 RasAcd - ok
    22:32:30.0039 1592 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
    22:32:30.0071 1592 RasAuto - ok
    22:32:30.0164 1592 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:32:30.0180 1592 Rasl2tp - ok
    22:32:30.0320 1592 RasMan (d0c346d7df0df9b4899631796f177d56) C:\Windows\System32\rasmans.dll
    22:32:30.0492 1592 RasMan - ok
    22:32:30.0507 1592 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
    22:32:30.0523 1592 RasPppoe - ok
    22:32:30.0523 1592 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
    22:32:30.0539 1592 RasSstp - ok
    22:32:30.0679 1592 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
    22:32:30.0695 1592 rdbss - ok
    22:32:30.0710 1592 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:32:30.0710 1592 RDPCDD - ok
    22:32:30.0757 1592 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
    22:32:30.0788 1592 rdpdr - ok
    22:32:30.0788 1592 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
    22:32:30.0804 1592 RDPENCDD - ok
    22:32:31.0007 1592 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
    22:32:31.0022 1592 RDPWD - ok
    22:32:31.0116 1592 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
    22:32:31.0147 1592 RemoteAccess - ok
    22:32:31.0287 1592 RemoteRegistry (416c611369cbe49074b89cee2f83abef) C:\Windows\system32\regsvc.dll
    22:32:31.0319 1592 RemoteRegistry - ok
    22:32:31.0755 1592 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
    22:32:31.0755 1592 rimmptsk - ok
    22:32:32.0099 1592 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
    22:32:32.0130 1592 rimsptsk - ok
    22:32:32.0177 1592 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
    22:32:32.0192 1592 rismxdp - ok
    22:32:32.0270 1592 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
    22:32:32.0364 1592 RpcLocator - ok
    22:32:34.0158 1592 RpcSs (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
    22:32:34.0173 1592 RpcSs - ok
    22:32:34.0407 1592 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
    22:32:34.0423 1592 rspndr - ok
    22:32:34.0485 1592 SamSs (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
    22:32:34.0485 1592 SamSs - ok
    22:32:34.0673 1592 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
    22:32:34.0751 1592 sbp2port - ok
    22:32:34.0860 1592 SCardSvr (f024d560fea06f8b56d673849eb89ae6) C:\Windows\System32\SCardSvr.dll
    22:32:34.0891 1592 SCardSvr - ok
    22:32:35.0390 1592 Schedule (ce75d26e0a1106129f4d156851e298ed) C:\Windows\system32\schedsvc.dll
    22:32:35.0390 1592 Schedule - ok
    22:32:35.0421 1592 SCPolicySvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
    22:32:35.0421 1592 SCPolicySvc - ok
    22:32:35.0687 1592 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
    22:32:35.0702 1592 sdbus - ok
    22:32:35.0733 1592 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
    22:32:35.0765 1592 SDRSVC - ok
    22:32:35.0796 1592 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    22:32:35.0796 1592 secdrv - ok
    22:32:35.0811 1592 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
    22:32:35.0811 1592 seclogon - ok
    22:32:35.0858 1592 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
    22:32:35.0858 1592 SENS - ok
    22:32:35.0889 1592 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
    22:32:35.0905 1592 Serenum - ok
    22:32:35.0967 1592 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
    22:32:35.0983 1592 Serial - ok
    22:32:35.0983 1592 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
    22:32:35.0999 1592 sermouse - ok
    22:32:36.0045 1592 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
    22:32:36.0045 1592 SessionEnv - ok
    22:32:36.0077 1592 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\DRIVERS\sffdisk.sys
    22:32:36.0077 1592 sffdisk - ok
    22:32:36.0123 1592 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
    22:32:36.0139 1592 sffp_mmc - ok
    22:32:36.0685 1592 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\DRIVERS\sffp_sd.sys
    22:32:36.0732 1592 sffp_sd - ok
    22:32:36.0810 1592 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
    22:32:36.0857 1592 sfloppy - ok
    22:32:36.0981 1592 ShellHWDetection (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\System32\shsvcs.dll
    22:32:37.0059 1592 ShellHWDetection - ok
    22:32:37.0091 1592 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
    22:32:37.0106 1592 SiSRaid2 - ok
    22:32:37.0137 1592 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
    22:32:37.0153 1592 SiSRaid4 - ok
    22:32:37.0512 1592 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
    22:32:37.0512 1592 SkypeUpdate - ok
    22:32:40.0148 1592 slsvc (a301d2cefb4747dfe0c24425dcbe0b78) C:\Windows\system32\SLsvc.exe
    22:32:40.0398 1592 slsvc - ok
    22:32:40.0819 1592 SLUINotify (f5ddf7c0af85eb72cb295171f8c3cb35) C:\Windows\system32\SLUINotify.dll
    22:32:40.0850 1592 SLUINotify - ok
    22:32:41.0630 1592 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
    22:32:41.0646 1592 Smb - ok
    22:32:41.0739 1592 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
    22:32:41.0771 1592 SNMPTRAP - ok
    22:32:42.0020 1592 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
    22:32:42.0020 1592 spldr - ok
    22:32:42.0348 1592 Spooler (92e6738d25c2123be9515c0eac0776cd) C:\Windows\System32\spoolsv.exe
    22:32:42.0348 1592 Spooler - ok
    22:32:43.0050 1592 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
    22:32:43.0065 1592 srv - ok
    22:32:43.0596 1592 srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
    22:32:43.0596 1592 srv2 - ok
    22:32:44.0267 1592 srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
    22:32:44.0267 1592 srvnet - ok
    22:32:44.0360 1592 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
    22:32:44.0376 1592 SSDPSRV - ok
    22:32:44.0438 1592 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
    22:32:44.0469 1592 SstpSvc - ok
    22:32:44.0984 1592 STacSV (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_310debf0\STacSV64.exe
    22:32:45.0015 1592 STacSV - ok
    22:32:45.0437 1592 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
    22:32:45.0468 1592 STHDA - ok
    22:32:46.0326 1592 stisvc (f14f7d7d68a66777fb999d5d0f21138d) C:\Windows\System32\wiaservc.dll
    22:32:46.0326 1592 stisvc - ok
    22:32:46.0529 1592 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    22:32:46.0669 1592 stllssvr - ok
    22:32:46.0747 1592 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
    22:32:46.0763 1592 swenum - ok
    22:32:47.0293 1592 swprv (da34d6eb4a3154c0bebaeb0a2483ef3e) C:\Windows\System32\swprv.dll
    22:32:47.0387 1592 swprv - ok
    22:32:47.0402 1592 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
    22:32:47.0418 1592 Symc8xx - ok
    22:32:47.0574 1592 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
    22:32:47.0652 1592 Sym_hi - ok
    22:32:47.0761 1592 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
    22:32:47.0823 1592 Sym_u3 - ok
    22:32:48.0291 1592 SysMain (bea0d5521ed21df8f6ffeed86daede7b) C:\Windows\system32\sysmain.dll
    22:32:48.0338 1592 SysMain - ok
    22:32:48.0385 1592 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
    22:32:48.0401 1592 TabletInputService - ok
    22:32:49.0352 1592 TapiSrv (52091001caf20ae84cf47023ee21b4bb) C:\Windows\System32\tapisrv.dll
    22:32:49.0352 1592 TapiSrv - ok
    22:32:49.0415 1592 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
    22:32:49.0415 1592 TBS - ok
    22:32:51.0021 1592 Tcpip (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\drivers\tcpip.sys
    22:32:51.0146 1592 Tcpip - ok
    22:32:51.0162 1592 Tcpip6 (d43d5336be9dd93e02ee124297295713) C:\Windows\system32\DRIVERS\tcpip.sys
    22:32:51.0162 1592 Tcpip6 - ok
    22:32:51.0396 1592 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
    22:32:51.0396 1592 tcpipreg - ok
    22:32:51.0411 1592 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
    22:32:51.0427 1592 TDPIPE - ok
    22:32:51.0599 1592 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
    22:32:51.0645 1592 TDTCP - ok
    22:32:51.0817 1592 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
    22:32:51.0833 1592 tdx - ok
    22:32:52.0020 1592 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
    22:32:52.0035 1592 TermDD - ok
    22:32:52.0441 1592 TermService (f870a5589d6a94b426efb13689023946) C:\Windows\System32\termsrv.dll
    22:32:52.0441 1592 TermService - ok
    22:32:52.0722 1592 Themes (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\system32\shsvcs.dll
    22:32:52.0737 1592 Themes - ok
    22:32:52.0862 1592 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
    22:32:52.0862 1592 THREADORDER - ok
    22:32:52.0940 1592 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
    22:32:52.0956 1592 TrkWks - ok
    22:32:53.0299 1592 TrustedInstaller (ac6ff1df22ed90bad6417ee5a4c6e2f0) C:\Windows\servicing\TrustedInstaller.exe
    22:32:53.0330 1592 TrustedInstaller - ok
    22:32:53.0361 1592 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:32:53.0377 1592 tssecsrv - ok
    22:32:53.0861 1592 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
    22:32:53.0876 1592 tunmp - ok
    22:32:54.0251 1592 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
    22:32:54.0329 1592 tunnel - ok
    22:32:54.0734 1592 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
    22:32:54.0828 1592 uagp35 - ok
    22:32:54.0953 1592 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
    22:32:54.0984 1592 udfs - ok
    22:32:55.0031 1592 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
    22:32:55.0062 1592 UI0Detect - ok
    22:32:55.0327 1592 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
    22:32:55.0389 1592 uliagpkx - ok
    22:32:55.0889 1592 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
    22:32:55.0935 1592 uliahci - ok
    22:32:55.0967 1592 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
    22:32:55.0982 1592 UlSata - ok
    22:32:56.0029 1592 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
    22:32:56.0045 1592 ulsata2 - ok
    22:32:56.0061 1592 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
    22:32:56.0077 1592 umbus - ok
    22:32:56.0170 1592 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
    22:32:56.0233 1592 upnphost - ok
    22:32:56.0264 1592 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
    22:32:56.0280 1592 USBAAPL64 - ok
    22:32:56.0311 1592 usbccgp (89842ce16285b73405284224cc386dcf) C:\Windows\system32\DRIVERS\usbccgp.sys
    22:32:56.0326 1592 usbccgp - ok
    22:32:56.0514 1592 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
    22:32:56.0529 1592 usbcir - ok
    22:32:56.0638 1592 usbehci (07b738a1f57e4ec870406e74da5754af) C:\Windows\system32\DRIVERS\usbehci.sys
    22:32:56.0654 1592 usbehci - ok
    22:32:56.0935 1592 usbhub (b668e8e0ef2910f28baf550b04de57f2) C:\Windows\system32\DRIVERS\usbhub.sys
    22:32:56.0982 1592 usbhub - ok
    22:32:57.0075 1592 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
    22:32:57.0076 1592 usbohci - ok
    22:32:57.0139 1592 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
    22:32:57.0139 1592 usbprint - ok
    22:32:57.0466 1592 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    22:32:57.0497 1592 USBSTOR - ok
    22:32:57.0529 1592 usbuhci (e76f2b26a5917f555844c128954bb52b) C:\Windows\system32\DRIVERS\usbuhci.sys
    22:32:57.0544 1592 usbuhci - ok
    22:32:57.0591 1592 UxSms (9190f03c82547afa87367f1ceca88f3b) C:\Windows\System32\uxsms.dll
    22:32:57.0622 1592 UxSms - ok
    22:32:57.0872 1592 vds (c15a4a550cba7b9f1f68b72528e04ce1) C:\Windows\System32\vds.exe
    22:32:57.0965 1592 vds - ok
    22:32:57.0997 1592 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
    22:32:58.0012 1592 vga - ok
    22:32:58.0028 1592 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
    22:32:58.0043 1592 VgaSave - ok
    22:32:58.0059 1592 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
    22:32:58.0075 1592 viaide - ok
    22:32:58.0122 1592 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
    22:32:58.0122 1592 volmgr - ok
    22:32:58.0294 1592 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
    22:32:58.0310 1592 volmgrx - ok
    22:32:58.0481 1592 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
    22:32:58.0481 1592 volsnap - ok
    22:32:58.0528 1592 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
    22:32:58.0544 1592 vsmraid - ok
    22:32:59.0558 1592 VSS (186bd53f8a408ad20f5a056c05678629) C:\Windows\system32\vssvc.exe
    22:32:59.0729 1592 VSS - ok
    22:33:00.0213 1592 W32Time (ba29f34a61cb55c0dee29e787542edf4) C:\Windows\system32\w32time.dll
    22:33:00.0228 1592 W32Time - ok
    22:33:00.0275 1592 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
    22:33:00.0275 1592 WacomPen - ok
    22:33:00.0306 1592 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
    22:33:00.0338 1592 Wanarp - ok
    22:33:00.0338 1592 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
    22:33:00.0353 1592 Wanarpv6 - ok
    22:33:00.0525 1592 wcncsvc (055449247c490e24b968b44fe8a969eb) C:\Windows\System32\wcncsvc.dll
    22:33:00.0618 1592 wcncsvc - ok
    22:33:00.0650 1592 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
    22:33:00.0681 1592 WcsPlugInService - ok
    22:33:00.0821 1592 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
    22:33:00.0821 1592 Wd - ok
    22:33:01.0820 1592 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
    22:33:01.0820 1592 Wdf01000 - ok
    22:33:02.0272 1592 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
    22:33:02.0303 1592 WdiServiceHost - ok
    22:33:02.0303 1592 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
    22:33:02.0303 1592 WdiSystemHost - ok
    22:33:02.0350 1592 WebClient (3d4ab55f8178fd0cd3ca45cd0ec9cf5b) C:\Windows\System32\webclnt.dll
    22:33:02.0350 1592 WebClient - ok
    22:33:02.0584 1592 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
    22:33:02.0615 1592 Wecsvc - ok
    22:33:03.0114 1592 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
    22:33:03.0177 1592 wercplsupport - ok
    22:33:03.0333 1592 WerSvc (fc25242b3bcaf7e84d9184082274ae08) C:\Windows\System32\WerSvc.dll
    22:33:03.0333 1592 WerSvc - ok
    22:33:03.0364 1592 WinHttpAutoProxySvc - ok
    22:33:03.0832 1592 Winmgmt (ac98f38feab066a8f983d54ff3f4fd4c) C:\Windows\system32\wbem\WMIsvc.dll
    22:33:03.0879 1592 Winmgmt - ok
    22:33:06.0250 1592 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
    22:33:06.0422 1592 WinRM - ok
    22:33:08.0091 1592 Wlansvc (0a69955261c1b54206adc9beb89517de) C:\Windows\System32\wlansvc.dll
    22:33:08.0169 1592 Wlansvc - ok
    22:33:08.0169 1592 wltrysvc - ok
    22:33:08.0247 1592 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
    22:33:08.0247 1592 WmiAcpi - ok
    22:33:08.0403 1592 wmiApSrv (d303322dd577c3deda1251ed2e7a496c) C:\Windows\system32\wbem\WmiApSrv.exe
    22:33:08.0418 1592 wmiApSrv - ok
    22:33:08.0528 1592 WMPNetworkSvc - ok
    22:33:08.0574 1592 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
    22:33:08.0606 1592 WPCSvc - ok
    22:33:08.0637 1592 WPDBusEnum (a27c8f92d84e2ddc151978e4692c978e) C:\Windows\system32\wpdbusenum.dll
    22:33:08.0637 1592 WPDBusEnum - ok
    22:33:08.0730 1592 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
    22:33:08.0746 1592 WpdUsb - ok
    22:33:09.0698 1592 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
    22:33:09.0807 1592 WPFFontCache_v0400 - ok
    22:33:10.0119 1592 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
    22:33:10.0150 1592 ws2ifsl - ok
    22:33:10.0150 1592 WSearch - ok
    22:33:10.0337 1592 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:33:10.0337 1592 WUDFRd - ok
    22:33:10.0415 1592 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
    22:33:10.0431 1592 wudfsvc - ok
    22:33:10.0478 1592 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    22:33:10.0618 1592 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    22:33:10.0618 1592 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    22:33:10.0618 1592 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
    22:33:10.0618 1592 \Device\Harddisk1\DR1 - ok
    22:33:10.0790 1592 Boot (0x1200) (2f9770032e6bff69f928543361bf5c48) \Device\Harddisk0\DR0\Partition0
    22:33:10.0914 1592 \Device\Harddisk0\DR0\Partition0 - ok
    22:33:10.0992 1592 Boot (0x1200) (d8059160b186040b9dc4999e89106e6d) \Device\Harddisk0\DR0\Partition1
    22:33:10.0992 1592 \Device\Harddisk0\DR0\Partition1 - ok
    22:33:10.0992 1592 Boot (0x1200) (ea5f023d4dbcf254671ea60c4c5317e3) \Device\Harddisk1\DR1\Partition0
    22:33:10.0992 1592 \Device\Harddisk1\DR1\Partition0 - ok
    22:33:10.0992 1592 ============================================================
    22:33:10.0992 1592 Scan finished
    22:33:10.0992 1592 ============================================================
    22:33:10.0992 3900 Detected object count: 1
    22:33:10.0992 3900 Actual detected object count: 1
    22:33:36.0156 3900 \Device\Harddisk0\DR0\# - copied to quarantine
    22:33:36.0156 3900 \Device\Harddisk0\DR0 - copied to quarantine
    22:33:36.0983 3900 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    22:33:37.0077 3900 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    22:33:37.0092 3900 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    22:33:37.0123 3900 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    22:33:37.0607 3900 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    22:33:39.0073 3900 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    22:33:39.0120 3900 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    22:33:39.0120 3900 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    22:33:39.0120 3900 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    22:33:39.0323 3900 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    22:33:39.0432 3900 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    22:33:39.0432 3900 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    22:33:39.0448 3900 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    22:33:39.0604 3900 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    22:33:39.0697 3900 \Device\Harddisk0\DR0 - ok
    22:33:43.0956 3900 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    22:41:21.0179 1140 Deinitialize success
  17. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Good :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    http://download.bleepingcomputer.com/grinler/beta/rkill.exe
    http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    Please post BOTH logs, rKillt.xt and Combofix.txt.
  18. windows90

    windows90 Newcomer, in training Topic Starter Posts: 30

    ComboFix 12-08-10.02 - Owner 08/12/2012 12:49:11.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4054.2740 [GMT -7:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\blekkotb_soc\blEKkotb_019x.dll
    c:\users\Owner\AppData\Roaming\download2
    c:\windows\svchost.exe
    c:\windows\system32\FAPassSync.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-12 to 2012-08-12 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-12 20:01 . 2012-08-12 20:01 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1B082BD-BC02-4257-9DBF-7B380F37F518}\offreg.dll
    2012-08-12 19:57 . 2012-08-12 20:01 -------- d-----w- c:\users\Owner\AppData\Local\temp
    2012-08-12 19:57 . 2012-08-12 19:57 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-08-12 19:57 . 2012-08-12 19:57 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-12 05:49 . 2012-08-12 05:49 -------- d-----w- C:\FRST
    2012-08-12 05:33 . 2012-08-12 05:33 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-08-12 03:37 . 2012-08-12 03:37 -------- d-----w- C:\$WINDOWS.~BT
    2012-08-11 00:13 . 2012-08-11 00:13 -------- d-----w- c:\program files\AVAST Software
    2012-08-10 06:32 . 2012-08-10 06:32 -------- d-----w- c:\users\Owner\.limewire
    2012-08-09 03:11 . 2012-02-09 21:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-08-09 03:11 . 2012-02-09 21:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0062EAD-3E43-4FAD-A98B-6D21165896C3}\gapaengine.dll
    2012-08-09 03:10 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1B082BD-BC02-4257-9DBF-7B380F37F518}\mpengine.dll
    2012-08-09 03:08 . 2012-08-09 03:08 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-08-09 03:07 . 2012-08-09 03:08 -------- d-----w- c:\program files\Microsoft Security Client
    2012-08-03 05:23 . 2012-08-03 05:23 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-08-01 04:32 . 2012-08-01 04:39 -------- d-----w- c:\users\Owner\AppData\Local\IM Providers
    2012-07-19 02:24 . 2012-07-19 02:24 -------- d-----w- c:\users\Owner\AppData\Roaming\SpeedyPC Software
    2012-07-19 02:24 . 2012-07-19 02:24 -------- d-----w- c:\users\Owner\AppData\Roaming\DriverCure
    2012-07-19 02:24 . 2012-07-19 02:46 -------- d-----w- c:\programdata\SpeedyPC Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-03 22:36 . 2012-06-18 00:45 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-03 22:36 . 2011-07-08 01:21 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-12 10:01 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files (x86)\ToggleEN\tbTogg.dll" [2008-11-24 1784856]
    .
    [HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
    2008-11-24 07:03 1784856 ----a-w- c:\program files (x86)\ToggleEN\tbTogg.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files (x86)\ToggleEN\tbTogg.dll" [2008-11-24 1784856]
    .
    [HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-19 39408]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PCMService"="c:\program files (x86)\Dell\MediaDirect\PCMService.exe" [2008-07-04 132392]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "CarboniteSetupLite"="c:\program files (x86)\Carbonite\CarbonitePreinstaller.exe" [2010-03-09 283792]
    "FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2008-09-05 95488]
    .
    c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
    .
    c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-31 1995344]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
    2008-09-05 23:16 140544 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
    R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_310debf0\AESTSr64.exe [2009-03-02 89600]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 22:36]
    .
    2012-07-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2902662569-1094894158-3628613558-1000Core.job
    - c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 11:03]
    .
    2012-08-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2902662569-1094894158-3628613558-1000UA.job
    - c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-17 11:03]
    .
    2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 02:53]
    .
    2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 02:53]
    .
    2012-08-10 c:\windows\Tasks\User_Feed_Synchronization-{E6CF3ADF-9CEF-4597-BAD8-2EDBC1D256F1}.job
    - c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-08-25 272896]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-20 3863040]
    "fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2010-04-28 647528]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    "combofix"="c:\combofix\CF18754.3XE" [2008-01-21 363008]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.0.1
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7ehulrm1.default\
    FF - prefs.js: browser.search.selectedEngine - Blekko
    FF - prefs.js: browser.startup.homepage - hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=9CBED192DC65855AF95A4C4FCAE98330&tbp=homepage
    FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_soc&u=USERGUID&q=
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: security.csp.enable - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-FAStartup - (no file)
    WebBrowser-{038CB5C7-48EA-4AF9-94E0-A1646542E62B} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Dell\DellDock\DockLogin.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe
    c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe
    c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-12 13:09:47 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-12 20:09
    .
    Pre-Run: 212,011,761,664 bytes free
    Post-Run: 213,026,349,056 bytes free
    .
    - - End Of File - - 446528D118C2F5D010E1A3FA233E370F
     
  19. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Looks good :)

    Any current issues?

    =====================================

    Please paste the content of the following file:
    C:\Qoobox\Add-Remove Programs.txt

    =====================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  20. windows90

    windows90 Newcomer, in training Topic Starter Posts: 30

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.12.05

    Windows Vista Service Pack 1 x64 NTFS
    Internet Explorer 8.0.6001.19088
    Owner :: OWNER-PC [administrator]

    8/12/2012 1:51:15 PM
    mbam-log-2012-08-12 (13-51-15).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 219795
    Time elapsed: 4 minute(s), 17 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 8
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} (PUP.BlekkoSearchBar) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0003491.BHO (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0003491.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0003491.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0003491.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0003491.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\Software\InstalledBrowserExtensions\215 Apps|3491 (PUP.CrossFire.SA) -> Data: Vid-Saver -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  21. windows90

    windows90 Newcomer, in training Topic Starter Posts: 30

    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9
    Advanced Audio FX Engine
    Anti-phishing Domain Advisor
    Apple Application Support
    Apple Software Update
    Ares 2.1.1
    Ares 3.1.5.3033
    Bing Bar
    Blekko search bar
    Carbonite Online Backup Setup
    Compatibility Pack for the 2007 Office system
    Cozi
    Dell Getting Started Guide
    Dell Video Chat (remove only)
    Dell Webcam Central
    EDocs
    Facebook Video Calling 1.2.0.159
    Galería fotográfica de Windows Live
    Google Toolbar for Internet Explorer
    Google Update Helper
    Herramienta de carga de Windows Live
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    IDT Audio
    ITECIR
    Java Auto Updater
    Java(TM) 6 Update 19
    Java(TM) 6 Update 7
    Junk Mail filter update
    LimeWire 4.18.8
    Live! Cam Avatar Creator
    Malwarebytes Anti-Malware version 1.61.0.1400
    McAfee Security Scan Plus
    MediaDirect
    Microsoft Choice Guard
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Works
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    QuickTime
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Safari
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Skype Click to Call
    Skype™ 5.10
    ToggleEN Toolbar
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Vid-Saver
    Virtual DJ - Atomix Productions
    Windows Live Asistente para el inicio de sesión
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Sync
    Windows Live Writer
  22. windows90

    windows90 Newcomer, in training Topic Starter Posts: 30

    OTL logfile created on: 8/12/2012 2:03:35 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Owner\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.96 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 62.32% Memory free
    8.13 Gb Paging File | 6.45 Gb Available in Paging File | 79.28% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 288.01 Gb Total Space | 197.78 Gb Free Space | 68.67% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 3.35 Gb Free Space | 33.49% Space Free | Partition Type: NTFS
    Drive E: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive F: | 1.87 Gb Total Space | 1.20 Gb Free Space | 63.88% Space Free | Partition Type: FAT

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/12 13:42:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    PRC - [2012/02/13 21:19:20 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
    PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    PRC - [2008/09/23 21:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2008/09/05 16:17:08 | 001,836,288 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
    PRC - [2008/09/05 16:17:08 | 000,095,488 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    PRC - [2008/09/05 16:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
    PRC - [2008/07/04 13:16:58 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2008/09/05 16:16:36 | 000,233,216 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll
    MOD - [2008/09/05 16:16:36 | 000,059,136 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
    MOD - [2008/09/05 16:16:20 | 000,087,296 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2009/06/29 12:44:38 | 000,240,128 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_310debf0\STacSV64.exe -- (STacSV)
    SRV:64bit: - [2009/03/02 13:42:58 | 000,089,600 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_310debf0\AESTSr64.exe -- (AESTFilters)
    SRV:64bit: - [2008/11/20 03:21:12 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
    SRV:64bit: - [2008/09/23 21:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/08/03 15:36:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/31 21:39:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/02/13 21:19:20 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2012/02/13 21:19:20 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.EXE -- (BBSvc)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2008/09/05 16:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
    SRV - [2008/07/27 11:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2009/08/06 00:24:16 | 000,061,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2009/06/29 12:44:38 | 000,487,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/12/26 18:05:00 | 000,318,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
    DRV:64bit: - [2008/11/26 07:02:18 | 000,158,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
    DRV:64bit: - [2008/11/20 03:20:52 | 000,022,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
    DRV:64bit: - [2008/10/27 04:21:50 | 001,374,712 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
    DRV:64bit: - [2008/09/03 04:59:18 | 000,126,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
    DRV:64bit: - [2008/08/25 04:26:08 | 000,199,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2008/08/25 03:35:36 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
    DRV:64bit: - [2008/08/02 15:36:16 | 000,243,840 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
    DRV:64bit: - [2008/07/17 03:59:12 | 000,057,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
    DRV:64bit: - [2008/07/17 03:59:10 | 000,062,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
    DRV:64bit: - [2008/07/17 03:59:08 | 000,055,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
    DRV:64bit: - [2008/07/16 04:50:42 | 000,239,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)
    DRV:64bit: - [2008/01/20 19:51:07 | 000,016,384 | ---- | M] () [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2008/01/20 19:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2008/01/20 19:46:55 | 000,317,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
    DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
    DRV:64bit: - [2007/11/14 02:00:00 | 000,053,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2006/11/02 00:48:50 | 002,488,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTogg.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2077543


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=skyp&ocid=skydhp
    IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,es-MX;q=0.5
    IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 3B 4F 20 13 41 CD 01 [binary data]
    IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTogg.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348d...ED192DC65855AF95A4C4FCAE98330&q={searchTerms}
    IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7DKUS_enUS310
    IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2077543
    IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Blekko"
    FF - prefs.js..browser.search.order.1: "Blekko"
    FF - prefs.js..browser.search.selectedEngine: "Blekko"
    FF - prefs.js..browser.startup.homepage: "http://blekko.com/ws/?source=c3348d...9CBED192DC65855AF95A4C4FCAE98330&tbp=homepage"
    FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
    FF - prefs.js..extensions.enabledItems: crossriderapp3491@crossrider.com:0.81.24
    FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
    FF - prefs.js..keyword.URL: "http://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_soc&u=USERGUID&q="


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/31 21:39:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/25 21:54:03 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/31 21:39:47 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/25 21:54:03 | 000,000,000 | ---D | M]

    [2010/01/05 23:59:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
    [2012/07/27 23:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\7ehulrm1.default\extensions
    [2012/06/02 18:22:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\7ehulrm1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/06/25 21:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/10/23 23:02:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/07/31 21:39:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/07/09 20:35:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/02 21:35:25 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
    [2012/07/09 20:35:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/08/12 13:01:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7725.1624\swg64.dll (Google Inc.)
    O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTogg.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll (Google Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTogg.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files (x86)\ToggleEN\tbTogg.dll (Conduit Ltd.)
    O3:64bit: - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
    O4 - HKLM..\Run: [PCMService] C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O7 - HKU\S-1-5-21-2902662569-1094894158-3628613558-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EFB7B2B-34F6-4C74-84CF-0D57020BBC17}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D7CDB1A-BA43-422B-819C-43341EF0DA2B}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\cozi - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll ()
    O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
    O24 - Desktop WallPaper: C:\Users\Owner\Pictures\2012-05-07 West Coast trip\West Coast trip 050.JPG
    O24 - Desktop BackupWallPaper: C:\Users\Owner\Pictures\2012-05-07 West Coast trip\West Coast trip 050.JPG
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/01/21 13:00:00 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/12 14:01:00 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2012/08/12 13:09:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
    [2012/08/12 13:01:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/08/12 12:57:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/08/12 12:45:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/12 12:45:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/12 12:45:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/12 12:45:35 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/12 12:45:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/12 12:44:09 | 004,729,547 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
    [2012/08/11 22:49:31 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/08/11 22:33:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/08/11 22:30:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\tdsskiller
    [2012/08/11 20:37:18 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
    [2012/08/10 17:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/08/10 16:22:30 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012/08/09 23:32:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\.limewire
    [2012/08/08 20:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/08/08 20:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/08/02 22:23:37 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/07/31 21:32:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\IM Providers
    [2012/07/18 19:24:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SpeedyPC Software
    [2012/07/18 19:24:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DriverCure
    [2012/07/18 19:24:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
    [2012/07/18 19:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software

    ========== Files - Modified Within 30 Days ==========

    [2012/08/12 13:48:48 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/12 13:48:46 | 000,001,758 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
    [2012/08/12 13:47:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/12 13:42:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2012/08/12 13:36:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/12 13:08:07 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2902662569-1094894158-3628613558-1000UA.job
    [2012/08/12 13:06:07 | 000,724,780 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/08/12 13:06:07 | 000,619,802 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/08/12 13:06:07 | 000,109,772 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/08/12 13:01:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/08/12 13:01:27 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
    [2012/08/12 13:01:12 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/12 13:00:59 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/12 13:00:59 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/12 13:00:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/12 12:25:42 | 004,729,547 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
    [2012/08/11 22:18:54 | 002,117,108 | ---- | M] () -- C:\Users\Owner\Desktop\tdsskiller.zip
    [2012/08/11 20:36:30 | 000,001,887 | ---- | M] () -- C:\Windows\diagwrn.xml
    [2012/08/11 20:36:30 | 000,001,887 | ---- | M] () -- C:\Windows\diagerr.xml
    [2012/08/10 15:53:33 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E6CF3ADF-9CEF-4597-BAD8-2EDBC1D256F1}.job
    [2012/08/10 15:43:43 | 389,837,850 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/08/09 23:00:42 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
    [2012/08/08 20:09:17 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/08/08 20:08:12 | 000,739,784 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/18 19:25:00 | 000,001,771 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

    ========== Files Created - No Company Name ==========

    [2012/08/12 12:45:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/12 12:45:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/12 12:45:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/12 12:45:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/12 12:45:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/08/11 22:29:45 | 002,117,108 | ---- | C] () -- C:\Users\Owner\Desktop\tdsskiller.zip
    [2012/08/11 20:33:57 | 000,001,887 | ---- | C] () -- C:\Windows\diagwrn.xml
    [2012/08/11 20:33:57 | 000,001,887 | ---- | C] () -- C:\Windows\diagerr.xml
    [2012/08/08 20:08:21 | 000,001,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2011/10/25 22:35:51 | 000,023,604 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
    [2011/01/25 21:03:58 | 000,739,784 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
    [2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
    [2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
    [2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2010/03/31 11:05:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/03/26 10:31:29 | 000,560,911 | ---- | C] () -- C:\Users\Owner\Formulario dmv.pdf
    [2009/02/17 14:06:13 | 000,001,758 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
    [2009/02/11 12:07:22 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
    [2009/01/13 15:43:22 | 000,011,776 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== LOP Check ==========

    [2012/07/18 19:24:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DriverCure
    [2012/08/10 16:22:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LimeWire
    [2012/07/18 19:24:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SpeedyPC Software
    [2009/02/17 14:06:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
    [2012/07/12 04:08:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2902662569-1094894158-3628613558-1000Core.job
    [2012/08/12 13:08:07 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2902662569-1094894158-3628613558-1000UA.job
    [2012/08/12 12:59:05 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/08/10 15:53:33 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E6CF3ADF-9CEF-4597-BAD8-2EDBC1D256F1}.job

    ========== Purity Check ==========



    < End of report >
  23. windows90

    windows90 Newcomer, in training Topic Starter Posts: 30

    OTL Extras logfile created on: 8/12/2012 2:03:35 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Owner\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.96 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 62.32% Memory free
    8.13 Gb Paging File | 6.45 Gb Available in Paging File | 79.28% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 288.01 Gb Total Space | 197.78 Gb Free Space | 68.67% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 3.35 Gb Free Space | 33.49% Space Free | Partition Type: NTFS
    Drive E: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive F: | 1.87 Gb Total Space | 1.20 Gb Free Space | 63.88% Space Free | Partition Type: FAT

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" ()
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 ()
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3968D459-B1A6-4655-8791-9A33D5F2D44A}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{49EA332A-05C5-4DED-B26C-5A74043A1696}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{66A86129-4408-42A9-8EC7-87FCC282C0E1}" = rport=2869 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A4E9808E-3DA1-45A1-8C42-DA5192FC7034}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{AB83D7E5-8B11-4888-84D8-E94C1CD8C906}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D49A0090-E2B8-45EF-9229-3607DEF0F268}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{DDE82A88-9715-4365-9877-996E4520289E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{F460D76C-D3FF-4C16-A24E-E3B3FD86B597}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{23DDEB24-FC83-489E-9078-F68FB5020744}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{67DD0CAB-D47C-4F8C-B9F9-4A544255CFB5}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{AC3EF7C0-2365-4351-B642-D5C48EE6A67E}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{60D7B7D1-16A5-4168-9F46-AE956B0C5046}" = FastAccess
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
    "{E33B102B-7D42-4AEF-B0C8-296567736169}" = Windows Live Protección Infantil
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
    "Creative OA001" = Integrated Webcam Driver (1.05.02.1227)
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{}_is1" = Ares 3.1.5.3033
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{16793295-2366-40F7-A045-A3E42A81365E}" = Bing Bar
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
    "{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
    "{2B83A043-BA8C-4164-98AA-29529D0BE756}" = Windows Live Essentials
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{7456BBA3-642F-4E59-9F89-7639977D7C39}" = Cozi
    "{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{8924FD04-AFF1-4387-B08B-6A979485F2BD}" = Windows Live Call
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{914DD274-9C5D-44CA-9AC7-12B8D2D4DA08}" = Windows Live Sync
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
    "{A7BBE3D6-F19A-40E6-96EC-84E1DC88F262}" = Galería fotográfica de Windows Live
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B8583CB3-8ABE-407E-8BC6-F9A83EAC9133}" = Windows Live Writer
    "{BEC001F9-0451-4396-92D7-E1A4E7854BF3}" = Windows Live Mail
    "{C4156B59-DD7E-40DF-AF08-E568A27A6409}" = Windows Live Messenger
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
    "Ares" = Ares 2.1.1
    "blekkotb_soc" = Blekko search bar
    "Carbonite Setup Lite" = Carbonite Online Backup Setup
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Dell Video Chat" = Dell Video Chat (remove only)
    "Dell Webcam Central" = Dell Webcam Central
    "LimeWire" = LimeWire 4.18.8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "ToggleEN Toolbar" = ToggleEN Toolbar
    "Vid-Saver" = Vid-Saver
    "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/3/2011 12:46:22 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 16 64.7.168.192.in-addr.arpa.
    PTR Owner-PC.local.

    Error - 8/3/2011 1:36:48 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 8/3/2011 1:36:48 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1435

    Error - 8/3/2011 1:36:48 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1435

    Error - 8/3/2011 11:43:05 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 8/3/2011 11:43:05 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 79578075

    Error - 8/3/2011 11:43:05 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 79578075

    Error - 8/3/2011 11:43:06 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 8/3/2011 11:43:06 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 79579308

    Error - 8/3/2011 11:43:06 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 79579308

    [ Broadcom Wireless LAN Events ]
    Error - 5/6/2012 1:35:17 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
    Description = 10:35:16, Sun, May 06, 12 Error - Unable to gain access to user store


    Error - 5/14/2012 11:32:35 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
    Description = 20:32:34, Mon, May 14, 12 Error - Unable to gain access to user store


    Error - 7/23/2012 11:09:10 PM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
    Description = 20:09:10, Mon, Jul 23, 12 Error - User "" does not have administrative
    privileges on this system

    Error - 8/10/2012 1:16:42 AM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
    Description = 22:16:42, Thu, Aug 09, 12 Error - Unable to gain access to user store


    Error - 8/10/2012 2:01:13 AM | Computer Name = Owner-PC | Source = WLAN-Tray | ID = 0
    Description = 23:01:13, Thu, Aug 09, 12 Error - Unable to decrypt string

    [ Media Center Events ]
    Error - 11/1/2010 8:00:40 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/21/2012 3:14:17 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 8/3/2012 6:30:46 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 8/3/2012 10:14:50 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 8/4/2012 2:51:10 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 8/4/2012 3:12:38 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 8/5/2012 2:57:03 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 8/5/2012 4:01:36 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 8/7/2012 1:36:27 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 8/8/2012 10:26:38 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 8/12/2012 3:38:12 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7003
    Description =

    Error - 8/12/2012 3:38:12 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7003
    Description =

    Error - 8/12/2012 3:51:50 PM | Computer Name = Owner-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.131.1676.0 Update Source: %%859 Update Stage:
    %%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

    Current
    Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error
    description: The specified service does not exist as an installed service.

    Error - 8/12/2012 3:53:47 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 8/12/2012 3:56:50 PM | Computer Name = Owner-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 8/12/2012 3:58:12 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 8/12/2012 3:58:41 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 8/12/2012 4:00:56 PM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
    Description =

    Error - 8/12/2012 4:01:53 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 8/12/2012 4:13:42 PM | Computer Name = Owner-PC | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.131.1676.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.


    < End of report >
  24. windows90

    windows90 Newcomer, in training Topic Starter Posts: 30

    No issues with the computer at this point.
  25. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Good :)

    Uninstall McAfee Security Scan, typical foistware.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2012/08/11 22:49:31 | 000,000,000 | ---D | C] -- C:\FRST
      [2012/07/18 19:24:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SpeedyPC Software
      [2012/07/18 19:24:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DriverCure
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ==================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.