Solved I have the system fix virus

Status
Not open for further replies.
B

blitz2981

Posts: 10   +0
I have tried to use the uninstall guide on bleepingcomputer.com several times but it comes right back each time I reboot. I dont know what else to do but ask the experts for a walkthrough since I have seen you guys help others.
 
Welcome to TechSpot! I'll help with the malware.

We ask that you run out preliminary scans first- I will review them to see what is running on the system. Then I will have you run the appropriate scans.

If you cannot run any of these scans, please stop and tell me what happens when you try.

If you have any of the scanning program still running from the previous attempt, please remove them.

Do you have an internet connection to download the scans directly to the problem computer? If you can't do this, do you have a flash drive and if so, have you previously disinfected it?
-----------------------------------------
Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
=====================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
 
Earlier I ran RKill and Malwarebytes to stop the virus but if I reboot the virus comes back. I have an internet connection and can download the scans but they are all hidden (the virus is hiding all my folders). However I can download them onto a flash drive and transfer it over. Meanwhile I have uninstalled Malwarebytes. Should I reboot or should I download and run the programs that will give the logs?
 
The problem with running scans randomly is that you don't have the instructions to do them correctly. The instructions for RKill expressly say not to reboot or the infection will return. RKill will stop some of the processes, but a boot restores them.

Please just go along with what I ask you to do- that includes removing the scans you did previously. After you remove the previous scans, reboot the computer and do the following:

Download Unhide.exe and save to the desktop.
  • Double-click on Unhide.exe icon to run the program.
  • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
Note: This will allow you to see most or all of what is hidden now. But it does not remove the malware itself,, so it's important that you continue. The malware isn't "in" the files and folders as you mean. It has dropped the 'hide' attribute. This program will remove it

Once I see the preliminary scans I'll know what running on the system.
 
Here are the required logs

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8351

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/10/2011 9:41:23 PM
mbam-log-2011-12-10 (21-41-23).txt

Scan type: Quick scan
Objects scanned: 183727
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\4lbq47pghsnli2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-11 13:39:10
Windows 6.1.7600
Running: cndrxjpr.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x56 0x14 0x5F 0x64 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x56 0x14 0x5F 0x64 ...

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
Run by Ugo at 13:43:25 on 2011-12-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2156 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Citrix\ICA Client\PNAMAIN.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\4.0\PEhelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [Google Update] "C:\Users\Ugo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [GBWXufOsmTrrX.exe] C:\ProgramData\GBWXufOsmTrrX.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Ugo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Receiver.lnk - C:\Windows\Installer\{C0B728CE-BF48-48C2-A19C-01563CCEDD9F}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7E0A8F85-429A-424E-AC8B-7A0C6BC2E7FC} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7E0A8F85-429A-424E-AC8B-7A0C6BC2E7FC}\3435D4D2055726C69636 : DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{7E0A8F85-429A-424E-AC8B-7A0C6BC2E7FC}\D42616B67756 : DhcpNameServer = 68.87.73.242 68.87.71.226 192.168.0.1
TCP: Interfaces\{7E0A8F85-429A-424E-AC8B-7A0C6BC2E7FC}\D42616B677560223 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7E0A8F85-429A-424E-AC8B-7A0C6BC2E7FC}\D4F6E64776F6D656279713 : DhcpNameServer = 68.87.73.246 68.87.71.230
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\4.0\PEhelper.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ugo\AppData\Roaming\Mozilla\Firefox\Profiles\s62x9xz8.default\
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\Ugo\AppData\Roaming\Mozilla\Firefox\Profiles\s62x9xz8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Ugo\AppData\Roaming\Mozilla\Firefox\Profiles\s62x9xz8.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npmfv.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Ugo\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Ugo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Ugo\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-4-27 98208]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 HPSIService;HP SI Service;C:\Windows\system32\HPSIsvc.exe --> C:\Windows\system32\HPSIsvc.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-10 366152]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-13 994360]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-13 399416]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-10 136176]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-10 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 mvusbews;USB EWS Device;C:\Windows\system32\Drivers\mvusbews.sys --> C:\Windows\system32\Drivers\mvusbews.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-27 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-12-11 05:33:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-11 05:22:07 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C85EEAA6-EE2C-42F2-A921-A9CFBABCBAFB}\offreg.dll
2011-12-10 02:45:10 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C85EEAA6-EE2C-42F2-A921-A9CFBABCBAFB}\mpengine.dll
2011-12-04 08:41:01 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-12-04 08:38:55 -------- d-----w- C:\Users\Ugo\AppData\Local\Secunia PSI
2011-12-04 08:38:47 -------- d-----w- C:\Program Files (x86)\Secunia
2011-12-04 07:05:12 -------- d-----w- C:\Users\Ugo\AppData\Roaming\Malwarebytes
2011-12-04 07:05:02 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-04 07:05:00 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-22 10:47:51 35840 ----a-r- C:\Windows\System32\drivers\BVRPMPR5a64.SYS
2011-11-22 10:47:08 -------- d-----w- C:\Netgear
2011-11-13 20:42:11 -------- d-sh--w- C:\Windows\ftpcache
2011-11-13 20:41:29 127800 ----a-w- C:\Windows\System32\HPSIsvc.exe
2011-11-13 20:41:25 74240 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HP1100PP.dll
2011-11-13 20:41:25 290816 ----a-w- C:\Windows\System32\HP1100LM.DLL
2011-11-13 20:41:25 1695232 ----a-w- C:\Windows\System32\HP1100SM.EXE
2011-11-13 20:40:42 350720 ----a-w- C:\Windows\System32\mvhlewsi.DLL
2011-11-13 20:40:40 82432 ----a-w- C:\Windows\System32\mvusbews.dll
2011-11-13 20:40:40 20480 ----a-w- C:\Windows\System32\drivers\mvusbews.sys
2011-11-13 20:40:40 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2011-11-13 20:40:39 49664 ----a-w- C:\Windows\System32\HP1100SMs.dll
.
==================== Find3M ====================
.
2011-12-04 08:53:03 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-04 08:50:45 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-24 22:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:09:30 3141120 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 13:43:55.71 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/22/2010 7:01:31 PM
System Uptime: 12/11/2011 11:46:29 AM (2 hours ago)
.
Motherboard: Hewlett-Packard | | 1484
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | CPU | 2300/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 248.907 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 2.319 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.093 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6500 E709n
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 6500 E709n
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID:
Description: hp LaserJet 4300
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer:
Name: hp LaserJet 4300
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID:
Description: hp LaserJet 4250
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer:
Name: hp LaserJet 4250
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:
.
Class GUID:
Description: hp color LaserJet 3700
Device ID: ROOT\MULTIFUNCTION\0010
Manufacturer:
Name: hp color LaserJet 3700
PNP Device ID: ROOT\MULTIFUNCTION\0010
Service:
.
Class GUID:
Description: hp LaserJet 4350
Device ID: ROOT\MULTIFUNCTION\0014
Manufacturer:
Name: hp LaserJet 4350
PNP Device ID: ROOT\MULTIFUNCTION\0014
Service:
.
==== System Restore Points ===================
.
RP240: 12/3/2011 10:36:34 PM - Removed Adobe Reader 9.4.0.
RP241: 12/3/2011 10:38:56 PM - Removed Google Earth.
RP242: 12/3/2011 10:39:20 PM - Removed Google Earth.
RP243: 12/3/2011 10:49:16 PM - Installed Adobe Reader 9.4.0.
RP244: 12/4/2011 5:31:22 AM - Removed Adobe Reader 9.4.0.
RP245: 12/4/2011 5:49:35 AM - Removed iTunes
RP246: 12/5/2011 12:01:40 PM - Installed Adobe Reader X (10.1.0).
RP247: 12/6/2011 3:49:54 PM - Windows Update
RP248: 12/8/2011 5:01:59 PM - Windows Update
RP249: 12/9/2011 6:44:40 PM - Windows Update
.
==== Installed Programs ======================
.
.
6500_E709_eDocs
6500_E709_Help
6500_E709n
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player
Adobe Shockwave Player 11.6
AIM 7
Apple Application Support
Apple Software Update
AviSynth 2.5
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Build-a-lot 2
Cake Mania
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix Receiver (Enterprise)
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(PNA)
Citrix Receiver(SSON)
Citrix Receiver(USB)
Compatibility Pack for the 2007 Office system
Conduit Engine
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 8
CyberLink YouCam
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
Diner Dash 2 Restaurant Rescue
DivX Setup
DocMgr
DocProc
Dora's Carnival Adventure
Download Updater (AOL LLC)
Escape Rosecliff Island
ESU for Microsoft Windows 7
Faerie Solitaire
FATE
Fax
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
GPBaseService2
HP Advisor
HP Customer Experience Enhancements
HP Game Console
HP Games
HP Setup
HP Software Framework
HP Support Assistant
HP Update
HP User Guides 0178
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPProductAssistant
HPSSupply
IBM Forms Viewer 4.0.0
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 29
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Microsoft Choice Guard
Microsoft Live Search Toolbar
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 8.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
Mystery P.I. - The New York Fortune
Nexon Game Manager
Norton Online Backup
Online Plug-in
Pando Media Booster
Penguins!
PictureMover
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
ProductContext
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
REALTEK Wireless LAN Software
Recovery Manager
Scan
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Shockwave
Skype Toolbars
Skype™ 5.0
SmartWebPrinting
SolutionCenter
Status
swMSM
TextTwist 2
Toolbox
TrayApp
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
uTorrentBar Toolbar
VC80CRTRedist - 8.0.50727.4053
Videora iPod nano Converter 6
Virtual Families
Virtual Villagers - The Secret City
VLC media player 1.1.11
WebReg
Wheel of Fortune 2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
12/8/2011 4:54:25 PM, Error: Disk [11] - The driver detected a controller error on \...\DR5.
12/4/2011 5:22:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
12/4/2011 5:22:03 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/10/2011 9:21:26 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
12/10/2011 9:10:18 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/10/2011 9:00:36 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/10/2011 9:00:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/10/2011 9:00:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/10/2011 9:00:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/10/2011 9:00:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/10/2011 9:00:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ctxusbm discache spldr sptd Wanarpv6
12/10/2011 8:59:28 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
.
==== End Of File ===========================
 
If only half of the system I look at were as clean as yours, I'd be out of a volunteer job! Whatever you did previously appears to have done some good.

But it won't stay that way unless you get an antivirus program and some resident antimalware. Secunia does not functionsas an AV and Windows Defended is antimalware only. Although you will have to disable (not uninstall unless it's AVG) the AV for the following scans, you need one on the system:
Antivirus :(only one):Both of the following programs are free and known to be good:
[o]Avira-AntiVir-Personal-Free-Antivirus
[o]Avast-Free Antivirus
================================
Download Security Check by screen317 from one of these links and save it to the desktop:
Link1
Link 2
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=================================
Please uninstall both the uTorrent Toolbar and the Conduit Engine while I'm helping you.
To uninstall or change a program:
1. Click on Start> Control Panel> Programs and Features
2. Select the program> click Uninstall.
Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
3. Use Windows Explorer for > Computer> Programs> Right click> Delete each of the program folders.
================================
Before I go on, I have 2 questions:
1. How were you made aware that you had the System Fix malware originally? What happened to the system >other than the hidden files<?
2. What is happening o the system now that was not resolved previously >other than the hidden files<?
=================================
I'd like you to run the following scans to see what entries remain:
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    ***Please note: if you have downloaded Combofix to a flash drive, then run it on the infected machine> the Recovery Console will not install- just bypass and go on.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
======================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=======================================
Please the logs in your next reply and we'll go on accordingly.
 
Security Check log/ Combo Fix Log

Results of screen317's Security Check version 0.99.28
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 29
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.1)
Mozilla Firefox (8.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````
----------------------------------------------------
----------------------------------------------------
I was made aware of the virus because:
1) my desktop turned all black
2) my toolbar was showing me fake alerts
3) fake corruption errors
4)fake scan results
5)attempts at making me purchase something

However none of this is happening anymore. All my files are unhidden but my desktop is still black. I'm sure that can be easily fixed if I just change the theme back to whatever it was. Other than that everything is running fine, and it seems to be no signs of System Fix. I'm afraid it might be hiding and will resurface in the future. By the way, I have uninstalled those programs and installed avast as my AV.
---------------------------------------------------------------------------------
---------------------------------------------------------------------------------
ComboFix 11-12-18.02 - Ugo 12/18/2011 19:16:25.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2322 [GMT -8:00]
Running from: c:\users\Ugo\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ugo\AppData\Roaming\Local
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\4.ddi
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\5.ddi
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\S01E13_ns.avi.ddr
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\spart105_ns.avi.ddr
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\Spartacus_Blood_and_Sand_1x09_ns.avi.ddr
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\SpartaS01E12_ns.avi.ddr
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\S01E13_ns.avi.ddp
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\spart105_ns.avi.ddp
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Spartacus_Blood_and_Sand_1x09_ns.avi
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\SpartaS01E12_ns.avi
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\the.vampire.diaries.s02e11.hdtv.xvid-fever.avi.ddp
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\the.vampire.diaries.s02e11.hdtv.xvid-fever_ns.avi
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\the.vampire.diaries.s02e11.hdtv.xvid-fever_ns.avi(2).ddp
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\the.vampire.diaries.s02e11.hdtv.xvid-fever_ns.avi.ddp
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\video.avi
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\video.avi.ddp
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\warez-bb.org-sbas3_ns.avi.ddp
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\the.vampire.diaries.s02e11.hdtv.xvid-fever.avi.ddr
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\the.vampire.diaries.s02e11.hdtv.xvid-fever_ns.avi(2).ddr
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\the.vampire.diaries.s02e11.hdtv.xvid-fever_ns.avi(3).ddr
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\the.vampire.diaries.s02e11.hdtv.xvid-fever_ns.avi.ddr
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\video.avi.ddr
c:\users\Ugo\AppData\Roaming\Local\Temp\DDM\Settings\warez-bb.org-sbas3_ns.avi.ddr
c:\users\Ugo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\users\Ugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\Ugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk
c:\users\Ugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\users\Ugo\Desktop\System Fix.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))))
.
.
2011-12-19 03:44 . 2011-12-19 03:44 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC850A60-1480-419C-A3C6-5CD16F7A044B}\offreg.dll
2011-12-19 03:37 . 2011-12-19 03:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-19 02:46 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-19 02:46 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-19 02:46 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-19 02:46 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-19 02:46 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-19 02:46 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-19 02:46 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-19 02:45 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-19 02:45 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-12-19 02:45 . 2011-12-19 02:45 -------- d-----w- c:\programdata\AVAST Software
2011-12-19 02:45 . 2011-12-19 02:45 -------- d-----w- c:\program files\AVAST Software
2011-12-16 14:35 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC850A60-1480-419C-A3C6-5CD16F7A044B}\mpengine.dll
2011-12-11 05:33 . 2011-12-11 05:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-05 20:02 . 2011-12-05 20:02 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-12-04 08:50 . 2011-12-04 08:50 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-04 08:41 . 2011-12-04 08:40 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-04 08:38 . 2011-12-04 08:38 -------- d-----w- c:\users\Ugo\AppData\Local\Secunia PSI
2011-12-04 08:38 . 2011-12-04 08:38 -------- d-----w- c:\program files (x86)\Secunia
2011-12-04 07:05 . 2011-12-04 07:05 -------- d-----w- c:\users\Ugo\AppData\Roaming\Malwarebytes
2011-12-04 07:05 . 2011-12-04 07:05 -------- d-----w- c:\programdata\Malwarebytes
2011-12-04 07:05 . 2011-09-01 01:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-22 10:47 . 2009-08-19 21:49 35840 ----a-r- c:\windows\system32\drivers\BVRPMPR5a64.SYS
2011-11-22 10:47 . 2011-11-23 17:02 -------- d-----w- C:\Netgear
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 02:39 . 2011-06-04 02:22 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-04 08:50 . 2010-07-22 23:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-09-29 16:24 . 2011-11-11 15:27 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-06-16 2736128]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2010-09-09 4424024]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-11 14940040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
c:\users\Ugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-5-24 430080]
Receiver.lnk - c:\windows\Installer\{C0B728CE-BF48-48C2-A19C-01563CCEDD9F}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2011-10-5 38848]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-13 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 136176]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-15 92216]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWSNX
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 20:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 04:37]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-11 04:37]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1798590920-3308767487-1014369584-1001Core.job
- c:\users\Ugo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28 00:35]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1798590920-3308767487-1014369584-1001UA.job
- c:\users\Ugo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28 00:35]
.
2011-12-19 c:\windows\Tasks\HPCeeScheduleForUgo.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-01-29 6160928]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ugo\AppData\Roaming\Mozilla\Firefox\Profiles\s62x9xz8.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Wow6432Node-HKCU-Run-GBWXufOsmTrrX.exe - c:\programdata\GBWXufOsmTrrX.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~2\UNWISE.EXE
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10y_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10y.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Citrix\ICA Client\ssonsvr.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Citrix\ICA Client\PNAMAIN.EXE
c:\program files (x86)\Citrix\ICA Client\WFCRUN32.EXE
c:\program files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
.
**************************************************************************
.
Completion time: 2011-12-18 20:10:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-19 04:10
.
Pre-Run: 267,609,194,496 bytes free
Post-Run: 271,887,806,464 bytes free
.
- - End Of File - - E1BEB3E2AB2D5CE609A6C6E235BA0A5F

Unfortunately the Eset online scan is taking too long so I will post that later, as soon as its finished but so far it has picked up 3 threats. Its been on 99% completion for a few hours and is running through my C drive.
 
ESET scan log

C:\Users\Ugo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\1a0534d7-175cb00a multiple threats
C:\Users\Ugo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3958e6c3-3728d692 a variant of Java/TrojanDownloader.OpenStream.NBF trojan
C:\Users\Ugo\Downloads\Setup_FreeBurner.exe a variant of Win32/Adware.Toolbar.Dealio application
 
Holiday Notice! I will not be working on the threads Sat. Dec. 24 or Sunday Dec. 25. I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that. Please do not send a PM during those days.
------------------------------------------
Okay, let's make sure all the entries get removed. You will also find help for that black screen. (#6) It's important that you follow the order below. Best to print out the instructions:

it is important that you do not delete any files from your Temp folder or use any temp file cleaners.

1. Download Unhide.exe and save to the desktop.
  • Double-click on Unhide.exe icon to run the program.
  • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
Note: This does not remove the malware- only the attribute that hides icons and programs. It is important that you continue.
================================
2. Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode with Networking option when the Windows Advanced Opti; ons
    menu appears, using your up/down arrows to reach it and then press ENTER.
=======================================
3. To end the processes that belong to the rogue program:
Please click on RKill
  • At the download page, click on Download now button for iExplore.exe download link and save to the desktop
  • Double click on the iExplore.exe icon
  • Please be patient- it may take a bit.
  • The black Window will close when through and you can continue.
Note: If you get a message that RKilll is malware, ignore it> it's from the malware.
=======================================
Do not reboot your computer after runningRKilll as the malware programs will start again.
================================
4. This malware frequently comes with the TDSSrootkit, so do the following:
  • Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
  • Right-click the tdsskillerr.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
  • Double click on TDSSKiller.exe. to run the scan
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
  • After clicking Next, the utility applies selected actions and outputs the result.
  • A reboot is required after disinfection.
====================================
If TDSSKillerr requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
====================================
5. Update and rescan with Malwarebytes:
  • Select Perform Full Scan on the Scanner tab
  • Click on the Scan button.
  • When scan has finished, you will see this image:
    scan-finished.jpg
  • Click on OK to close box and continue.
  • Click on the Show Results button.
  • Click on the Remove Selected button to remove all the listed malware.
  • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format>Uncheckk Word Wrap before copying the log to paste in your next reply.
==============================
6. Correct Display Changes if needed:
If the desktop background is black or if the theme has been removed:
For Windows XP: Click on Start> Control Panel> Display> change theme and/or background if needed.
For Windows Vista or Windows 7: Click on Start> Control Panel> Appearance & Personalization> Select Change Theme or Change Desktop Background
=====================================
You can now reboot back into Normal Mode
====================================
For the Eset entries:

Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: 
    :Files 
 C:\Users\Ugo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\1a0534d7-175cb00a 
C:\Users\Ugo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3958e6c3-3728d692 
C:\Users\Ugo\Downloads\Setup_FreeBurner.exe 
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please include logs from:
TDSS
New Mbam
OTM
==================================
After this has been completed, I will give you some script to run through Combofix to remove some entries. It will include emptying the Java cache.
 
I have used unhide ex earlier to get my hidden files back, should I do it again before proceeding/ does it matter?
 
Did you do this:
6. Correct Display Changes if needed:
If the desktop background is black or if the theme has been removed:
For Windows XP: Click on Start> Control Panel> Display> change theme and/or background if needed.
For Windows Vista or Windows 7: Click on Start> Control Panel> Appearance & Personalization> Select Change Theme or Change Desktop Background


New Holiday Notice! I will not be working on the threads Sat. Dec. 31 or Sunday Jan. 1 I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that.

Please do not send a PM during those days.
 
TDSS/ New Mbam/OTM

15:16:25.0207 1692 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
15:16:25.0519 1692 ============================================================
15:16:25.0519 1692 Current date / time: 2012/01/03 15:16:25.0519
15:16:25.0519 1692 SystemInfo:
15:16:25.0519 1692
15:16:25.0519 1692 OS Version: 6.1.7600 ServicePack: 0.0
15:16:25.0519 1692 Product type: Workstation
15:16:25.0519 1692 ComputerName: UGO-PC
15:16:25.0519 1692 UserName: Ugo
15:16:25.0519 1692 Windows directory: C:\Windows
15:16:25.0519 1692 System windows directory: C:\Windows
15:16:25.0519 1692 Running under WOW64
15:16:25.0519 1692 Processor architecture: Intel x64
15:16:25.0519 1692 Number of processors: 2
15:16:25.0519 1692 Page size: 0x1000
15:16:25.0519 1692 Boot type: Safe boot with network
15:16:25.0519 1692 ============================================================
15:16:26.0159 1692 Initialize success
15:16:36.0439 1788 ============================================================
15:16:36.0439 1788 Scan started
15:16:36.0439 1788 Mode: Manual;
15:16:36.0439 1788 ============================================================
15:16:36.0845 1788 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
15:16:36.0860 1788 1394ohci - ok
15:16:37.0094 1788 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
15:16:37.0094 1788 ACPI - ok
15:16:37.0219 1788 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
15:16:37.0219 1788 AcpiPmi - ok
15:16:37.0344 1788 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:16:37.0360 1788 adp94xx - ok
15:16:37.0484 1788 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:16:37.0484 1788 adpahci - ok
15:16:37.0609 1788 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:16:37.0609 1788 adpu320 - ok
15:16:37.0750 1788 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
15:16:37.0750 1788 AFD - ok
15:16:37.0859 1788 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
15:16:37.0859 1788 agp440 - ok
15:16:37.0999 1788 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
15:16:37.0999 1788 aliide - ok
15:16:38.0108 1788 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
15:16:38.0108 1788 amdide - ok
15:16:38.0218 1788 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:16:38.0218 1788 AmdK8 - ok
15:16:38.0327 1788 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:16:38.0327 1788 AmdPPM - ok
15:16:38.0452 1788 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
15:16:38.0452 1788 amdsata - ok
15:16:38.0592 1788 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:16:38.0592 1788 amdsbs - ok
15:16:38.0701 1788 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
15:16:38.0701 1788 amdxata - ok
15:16:38.0826 1788 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
15:16:38.0826 1788 AppID - ok
15:16:38.0998 1788 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:16:38.0998 1788 arc - ok
15:16:39.0107 1788 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:16:39.0107 1788 arcsas - ok
15:16:39.0232 1788 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
15:16:39.0232 1788 aswFsBlk - ok
15:16:39.0388 1788 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
15:16:39.0388 1788 aswMonFlt - ok
15:16:39.0497 1788 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
15:16:39.0497 1788 aswRdr - ok
15:16:39.0653 1788 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
15:16:39.0653 1788 aswSnx - ok
15:16:39.0793 1788 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
15:16:39.0793 1788 aswSP - ok
15:16:39.0902 1788 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
15:16:39.0902 1788 aswTdi - ok
15:16:40.0027 1788 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:16:40.0027 1788 AsyncMac - ok
15:16:40.0136 1788 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
15:16:40.0136 1788 atapi - ok
15:16:40.0308 1788 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:16:40.0308 1788 b06bdrv - ok
15:16:40.0433 1788 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:16:40.0448 1788 b57nd60a - ok
15:16:40.0573 1788 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:16:40.0573 1788 Beep - ok
15:16:40.0714 1788 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:16:40.0714 1788 blbdrive - ok
15:16:40.0854 1788 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
15:16:40.0854 1788 bowser - ok
15:16:40.0963 1788 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:16:40.0963 1788 BrFiltLo - ok
15:16:41.0057 1788 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:16:41.0057 1788 BrFiltUp - ok
15:16:41.0182 1788 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:16:41.0182 1788 Brserid - ok
15:16:41.0306 1788 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:16:41.0306 1788 BrSerWdm - ok
15:16:41.0431 1788 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:16:41.0431 1788 BrUsbMdm - ok
15:16:41.0572 1788 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:16:41.0572 1788 BrUsbSer - ok
15:16:41.0696 1788 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:16:41.0696 1788 BTHMODEM - ok
15:16:41.0868 1788 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
15:16:41.0868 1788 BVRPMPR5a64 - ok
15:16:41.0899 1788 catchme - ok
15:16:42.0024 1788 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:16:42.0024 1788 cdfs - ok
15:16:42.0149 1788 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
15:16:42.0149 1788 cdrom - ok
15:16:42.0289 1788 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:16:42.0289 1788 circlass - ok
15:16:42.0398 1788 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:16:42.0398 1788 CLFS - ok
15:16:42.0554 1788 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:16:42.0554 1788 CmBatt - ok
15:16:42.0648 1788 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
15:16:42.0648 1788 cmdide - ok
15:16:42.0788 1788 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
15:16:42.0788 1788 CNG - ok
15:16:42.0913 1788 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:16:42.0913 1788 Compbatt - ok
15:16:43.0038 1788 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:16:43.0038 1788 CompositeBus - ok
15:16:43.0178 1788 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:16:43.0178 1788 crcdisk - ok
15:16:43.0334 1788 ctxusbm (bf62ff663ae55e4ed99de76881c2c0f1) C:\Windows\system32\DRIVERS\ctxusbm.sys
15:16:43.0334 1788 ctxusbm - ok
15:16:43.0459 1788 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
15:16:43.0459 1788 dc3d - ok
15:16:43.0615 1788 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
15:16:43.0615 1788 DfsC - ok
15:16:43.0740 1788 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:16:43.0740 1788 discache - ok
15:16:43.0834 1788 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:16:43.0834 1788 Disk - ok
15:16:43.0974 1788 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
15:16:43.0974 1788 Dot4 - ok
15:16:44.0068 1788 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:16:44.0068 1788 Dot4Print - ok
15:16:44.0177 1788 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
15:16:44.0177 1788 dot4usb - ok
15:16:44.0286 1788 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:16:44.0286 1788 drmkaud - ok
15:16:44.0426 1788 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
15:16:44.0426 1788 DXGKrnl - ok
15:16:44.0598 1788 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:16:44.0660 1788 ebdrv - ok
15:16:44.0801 1788 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:16:44.0801 1788 elxstor - ok
15:16:44.0879 1788 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
15:16:44.0879 1788 ErrDev - ok
15:16:44.0972 1788 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:16:44.0972 1788 exfat - ok
15:16:45.0066 1788 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:16:45.0082 1788 fastfat - ok
15:16:45.0222 1788 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:16:45.0222 1788 fdc - ok
15:16:45.0331 1788 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:16:45.0331 1788 FileInfo - ok
15:16:45.0425 1788 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:16:45.0425 1788 Filetrace - ok
15:16:45.0503 1788 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:16:45.0503 1788 flpydisk - ok
15:16:45.0612 1788 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
15:16:45.0612 1788 FltMgr - ok
15:16:45.0706 1788 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:16:45.0706 1788 FsDepends - ok
15:16:46.0080 1788 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:16:46.0080 1788 Fs_Rec - ok
15:16:46.0142 1788 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:16:46.0142 1788 fvevol - ok
15:16:46.0205 1788 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:16:46.0205 1788 gagp30kx - ok
15:16:46.0345 1788 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:16:46.0345 1788 hcw85cir - ok
15:16:46.0376 1788 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
15:16:46.0376 1788 HdAudAddService - ok
15:16:46.0408 1788 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:16:46.0408 1788 HDAudBus - ok
15:16:46.0423 1788 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:16:46.0423 1788 HidBatt - ok
15:16:46.0470 1788 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:16:46.0470 1788 HidBth - ok
15:16:46.0501 1788 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:16:46.0501 1788 HidIr - ok
15:16:46.0610 1788 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
15:16:46.0610 1788 HidUsb - ok
15:16:46.0798 1788 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:16:46.0798 1788 HpSAMD - ok
15:16:46.0954 1788 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
15:16:46.0954 1788 HTTP - ok
15:16:46.0985 1788 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
15:16:46.0985 1788 hwpolicy - ok
15:16:47.0094 1788 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:16:47.0094 1788 i8042prt - ok
15:16:47.0125 1788 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
15:16:47.0141 1788 iaStor - ok
15:16:47.0250 1788 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
15:16:47.0250 1788 iaStorV - ok
15:16:47.0484 1788 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:16:47.0687 1788 igfx - ok
15:16:47.0827 1788 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:16:47.0827 1788 iirsp - ok
15:16:47.0890 1788 IntcAzAudAddService (a3bcbd0f710580a07d1b929d787d36ce) C:\Windows\system32\drivers\RTKVHD64.sys
15:16:47.0936 1788 IntcAzAudAddService - ok
15:16:48.0046 1788 IntcHdmiAddService (cfc68ca36a63637e8ca69669ee3693da) C:\Windows\system32\drivers\IntcHdmi.sys
15:16:48.0046 1788 IntcHdmiAddService - ok
15:16:48.0077 1788 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
15:16:48.0077 1788 intelide - ok
15:16:48.0108 1788 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:16:48.0108 1788 intelppm - ok
15:16:48.0139 1788 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:16:48.0139 1788 IpFilterDriver - ok
15:16:48.0170 1788 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:16:48.0170 1788 IPMIDRV - ok
15:16:48.0186 1788 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:16:48.0186 1788 IPNAT - ok
15:16:48.0202 1788 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:16:48.0217 1788 IRENUM - ok
15:16:48.0233 1788 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
15:16:48.0233 1788 isapnp - ok
15:16:48.0264 1788 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
15:16:48.0264 1788 iScsiPrt - ok
15:16:48.0373 1788 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:16:48.0373 1788 kbdclass - ok
15:16:48.0420 1788 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
15:16:48.0420 1788 kbdhid - ok
15:16:48.0436 1788 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
15:16:48.0436 1788 KSecDD - ok
15:16:48.0467 1788 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
15:16:48.0467 1788 KSecPkg - ok
15:16:48.0576 1788 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:16:48.0576 1788 ksthunk - ok
15:16:48.0716 1788 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:16:48.0716 1788 lltdio - ok
15:16:48.0763 1788 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:16:48.0763 1788 LSI_FC - ok
15:16:48.0779 1788 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:16:48.0794 1788 LSI_SAS - ok
15:16:48.0810 1788 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:16:48.0810 1788 LSI_SAS2 - ok
15:16:48.0872 1788 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:16:48.0872 1788 LSI_SCSI - ok
15:16:48.0904 1788 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:16:48.0904 1788 luafv - ok
15:16:49.0013 1788 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
15:16:49.0013 1788 MBAMProtector - ok
15:16:49.0075 1788 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:16:49.0075 1788 megasas - ok
15:16:49.0106 1788 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:16:49.0106 1788 MegaSR - ok
15:16:49.0200 1788 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:16:49.0200 1788 Modem - ok
15:16:49.0231 1788 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:16:49.0231 1788 monitor - ok
15:16:49.0262 1788 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:16:49.0262 1788 mouclass - ok
15:16:49.0309 1788 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:16:49.0309 1788 mouhid - ok
15:16:49.0340 1788 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
15:16:49.0340 1788 mountmgr - ok
15:16:49.0372 1788 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
15:16:49.0372 1788 mpio - ok
15:16:49.0403 1788 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:16:49.0403 1788 mpsdrv - ok
15:16:49.0418 1788 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
15:16:49.0418 1788 MRxDAV - ok
15:16:49.0465 1788 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:16:49.0465 1788 mrxsmb - ok
15:16:49.0512 1788 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:16:49.0512 1788 mrxsmb10 - ok
15:16:49.0559 1788 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:16:49.0559 1788 mrxsmb20 - ok
15:16:49.0574 1788 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
15:16:49.0574 1788 msahci - ok
15:16:49.0606 1788 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
15:16:49.0621 1788 msdsm - ok
15:16:49.0637 1788 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:16:49.0637 1788 Msfs - ok
15:16:49.0699 1788 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:16:49.0699 1788 mshidkmdf - ok
15:16:49.0715 1788 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
15:16:49.0715 1788 msisadrv - ok
15:16:49.0824 1788 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:16:49.0824 1788 MSKSSRV - ok
15:16:49.0824 1788 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:16:49.0840 1788 MSPCLOCK - ok
15:16:49.0855 1788 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:16:49.0855 1788 MSPQM - ok
15:16:49.0886 1788 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
15:16:49.0886 1788 MsRPC - ok
15:16:49.0918 1788 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:16:49.0918 1788 mssmbios - ok
15:16:49.0933 1788 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:16:49.0933 1788 MSTEE - ok
15:16:49.0949 1788 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:16:49.0949 1788 MTConfig - ok
15:16:49.0980 1788 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:16:49.0980 1788 Mup - ok
15:16:50.0058 1788 mvusbews (86292363b050c1b55fe77d75af3efb71) C:\Windows\system32\Drivers\mvusbews.sys
15:16:50.0058 1788 mvusbews - ok
15:16:50.0120 1788 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:16:50.0136 1788 NativeWifiP - ok
15:16:50.0198 1788 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
15:16:50.0214 1788 NDIS - ok
15:16:50.0261 1788 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:16:50.0261 1788 NdisCap - ok
15:16:50.0276 1788 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:16:50.0276 1788 NdisTapi - ok
15:16:50.0308 1788 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
15:16:50.0308 1788 Ndisuio - ok
15:16:50.0339 1788 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:16:50.0339 1788 NdisWan - ok
15:16:50.0354 1788 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
15:16:50.0354 1788 NDProxy - ok
15:16:50.0495 1788 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:16:50.0495 1788 NetBIOS - ok
15:16:50.0510 1788 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
15:16:50.0526 1788 NetBT - ok
15:16:50.0744 1788 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:16:50.0854 1788 netw5v64 - ok
15:16:50.0963 1788 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:16:50.0963 1788 nfrd960 - ok
15:16:51.0010 1788 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:16:51.0010 1788 Npfs - ok
15:16:51.0025 1788 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:16:51.0025 1788 nsiproxy - ok
15:16:51.0088 1788 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
15:16:51.0119 1788 Ntfs - ok
15:16:51.0212 1788 NuidFltr (4c08a14d04e62963e96e0bb57bbc953b) C:\Windows\system32\DRIVERS\NuidFltr.sys
15:16:51.0212 1788 NuidFltr - ok
15:16:51.0244 1788 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:16:51.0244 1788 Null - ok
15:16:51.0290 1788 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
15:16:51.0290 1788 nvraid - ok
15:16:51.0337 1788 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
15:16:51.0337 1788 nvstor - ok
15:16:51.0368 1788 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
15:16:51.0368 1788 nv_agp - ok
15:16:51.0400 1788 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
15:16:51.0400 1788 ohci1394 - ok
15:16:51.0493 1788 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:16:51.0493 1788 Parport - ok
15:16:51.0540 1788 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
15:16:51.0540 1788 partmgr - ok
15:16:51.0571 1788 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
15:16:51.0571 1788 pci - ok
15:16:51.0602 1788 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
15:16:51.0602 1788 pciide - ok
15:16:51.0634 1788 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:16:51.0649 1788 pcmcia - ok
15:16:51.0665 1788 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:16:51.0665 1788 pcw - ok
15:16:51.0696 1788 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:16:51.0696 1788 PEAUTH - ok
15:16:51.0868 1788 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
15:16:51.0868 1788 Point64 - ok
15:16:51.0914 1788 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
15:16:51.0914 1788 PptpMiniport - ok
15:16:51.0946 1788 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:16:51.0946 1788 Processor - ok
15:16:52.0070 1788 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
15:16:52.0070 1788 Psched - ok
15:16:52.0102 1788 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
15:16:52.0102 1788 PSI - ok
15:16:52.0180 1788 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:16:52.0211 1788 ql2300 - ok
15:16:52.0320 1788 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:16:52.0320 1788 ql40xx - ok
15:16:52.0351 1788 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:16:52.0351 1788 QWAVEdrv - ok
15:16:52.0367 1788 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:16:52.0367 1788 RasAcd - ok
15:16:52.0414 1788 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:16:52.0414 1788 RasAgileVpn - ok
15:16:52.0429 1788 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:16:52.0429 1788 Rasl2tp - ok
15:16:52.0554 1788 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:16:52.0554 1788 RasPppoe - ok
15:16:52.0570 1788 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:16:52.0570 1788 RasSstp - ok
15:16:52.0601 1788 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
15:16:52.0601 1788 rdbss - ok
15:16:52.0616 1788 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:16:52.0616 1788 rdpbus - ok
15:16:52.0663 1788 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:16:52.0663 1788 RDPCDD - ok
15:16:52.0663 1788 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:16:52.0679 1788 RDPENCDD - ok
15:16:52.0710 1788 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:16:52.0710 1788 RDPREFMP - ok
15:16:52.0726 1788 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
15:16:52.0741 1788 RDPWD - ok
15:16:52.0819 1788 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
15:16:52.0835 1788 rdyboost - ok
15:16:52.0975 1788 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:16:52.0975 1788 rspndr - ok
15:16:53.0116 1788 RSUSBSTOR (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\system32\Drivers\RtsUStor.sys
15:16:53.0116 1788 RSUSBSTOR - ok
15:16:53.0131 1788 RTL8167 (777fc2c418465404e3d8a290dc247d24) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:16:53.0147 1788 RTL8167 - ok
15:16:53.0194 1788 rtl8192se (03e0627c26943916a7276ac5306206c7) C:\Windows\system32\DRIVERS\rtl8192se.sys
15:16:53.0194 1788 rtl8192se - ok
15:16:53.0225 1788 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
15:16:53.0225 1788 sbp2port - ok
15:16:53.0240 1788 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
15:16:53.0240 1788 scfilter - ok
15:16:53.0287 1788 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
15:16:53.0287 1788 sdbus - ok
15:16:53.0318 1788 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:16:53.0318 1788 secdrv - ok
15:16:53.0412 1788 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:16:53.0412 1788 Serenum - ok
15:16:53.0459 1788 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:16:53.0459 1788 Serial - ok
15:16:53.0490 1788 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:16:53.0490 1788 sermouse - ok
15:16:53.0521 1788 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
15:16:53.0537 1788 sffdisk - ok
15:16:53.0552 1788 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:16:53.0568 1788 sffp_mmc - ok
15:16:53.0584 1788 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:16:53.0584 1788 sffp_sd - ok
15:16:53.0615 1788 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:16:53.0615 1788 sfloppy - ok
15:16:53.0662 1788 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:16:53.0662 1788 SiSRaid2 - ok
15:16:53.0693 1788 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:16:53.0693 1788 SiSRaid4 - ok
15:16:53.0740 1788 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:16:53.0740 1788 Smb - ok
15:16:53.0786 1788 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:16:53.0786 1788 spldr - ok
15:16:53.0880 1788 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
15:16:53.0896 1788 sptd - ok
15:16:53.0942 1788 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
15:16:53.0942 1788 srv - ok
15:16:53.0989 1788 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
15:16:54.0005 1788 srv2 - ok
15:16:54.0036 1788 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:16:54.0052 1788 SrvHsfHDA - ok
15:16:54.0083 1788 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:16:54.0114 1788 SrvHsfV92 - ok
15:16:54.0145 1788 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:16:54.0161 1788 SrvHsfWinac - ok
15:16:54.0208 1788 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
15:16:54.0223 1788 srvnet - ok
15:16:54.0254 1788 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:16:54.0254 1788 stexstor - ok
15:16:54.0286 1788 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
15:16:54.0286 1788 StillCam - ok
15:16:54.0317 1788 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:16:54.0317 1788 swenum - ok
15:16:54.0395 1788 SynTP (91853f78b68f9f036670291f5edd4eae) C:\Windows\system32\DRIVERS\SynTP.sys
15:16:54.0410 1788 SynTP - ok
15:16:54.0520 1788 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
15:16:54.0551 1788 Tcpip - ok
15:16:54.0707 1788 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
15:16:54.0707 1788 TCPIP6 - ok
15:16:54.0738 1788 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:16:54.0738 1788 tcpipreg - ok
15:16:54.0769 1788 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:16:54.0769 1788 TDPIPE - ok
15:16:54.0785 1788 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:16:54.0785 1788 TDTCP - ok
15:16:54.0800 1788 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:16:54.0816 1788 tdx - ok
15:16:54.0832 1788 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
15:16:54.0832 1788 TermDD - ok
15:16:54.0878 1788 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:16:54.0878 1788 tssecsrv - ok
15:16:54.0925 1788 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:16:54.0925 1788 tunnel - ok
15:16:54.0941 1788 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:16:54.0956 1788 uagp35 - ok
15:16:55.0003 1788 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\Windows\system32\DRIVERS\udfs.sys
15:16:55.0003 1788 udfs - ok
15:16:55.0034 1788 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:16:55.0034 1788 uliagpkx - ok
15:16:55.0066 1788 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
15:16:55.0066 1788 umbus - ok
15:16:55.0097 1788 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:16:55.0112 1788 UmPass - ok
15:16:55.0144 1788 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
15:16:55.0144 1788 USBAAPL64 - ok
15:16:55.0175 1788 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
15:16:55.0190 1788 usbccgp - ok
15:16:55.0206 1788 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:16:55.0206 1788 usbcir - ok
15:16:55.0253 1788 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
15:16:55.0253 1788 usbehci - ok
15:16:55.0300 1788 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
15:16:55.0315 1788 usbhub - ok
15:16:55.0346 1788 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
15:16:55.0346 1788 usbohci - ok
15:16:55.0393 1788 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:16:55.0393 1788 usbprint - ok
15:16:55.0424 1788 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:16:55.0424 1788 usbscan - ok
15:16:55.0487 1788 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:16:55.0487 1788 USBSTOR - ok
15:16:55.0518 1788 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
15:16:55.0518 1788 usbuhci - ok
15:16:55.0549 1788 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
15:16:55.0549 1788 usbvideo - ok
15:16:55.0596 1788 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:16:55.0596 1788 vdrvroot - ok
15:16:55.0721 1788 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:16:55.0721 1788 vga - ok
15:16:55.0736 1788 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:16:55.0736 1788 VgaSave - ok
15:16:55.0783 1788 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
15:16:55.0783 1788 vhdmp - ok
15:16:55.0799 1788 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
15:16:55.0799 1788 viaide - ok
15:16:55.0814 1788 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
15:16:55.0814 1788 volmgr - ok
15:16:55.0846 1788 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:16:55.0861 1788 volmgrx - ok
15:16:55.0908 1788 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
15:16:55.0908 1788 volsnap - ok
15:16:55.0939 1788 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:16:55.0955 1788 vsmraid - ok
15:16:55.0986 1788 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:16:55.0986 1788 vwifibus - ok
15:16:56.0017 1788 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:16:56.0017 1788 vwififlt - ok
15:16:56.0064 1788 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:16:56.0064 1788 WacomPen - ok
15:16:56.0189 1788 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:16:56.0189 1788 WANARP - ok
15:16:56.0204 1788 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:16:56.0204 1788 Wanarpv6 - ok
15:16:56.0329 1788 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:16:56.0329 1788 Wd - ok
15:16:56.0392 1788 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:16:56.0392 1788 Wdf01000 - ok
15:16:56.0438 1788 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:16:56.0438 1788 WfpLwf - ok
15:16:56.0470 1788 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:16:56.0470 1788 WIMMount - ok
15:16:56.0626 1788 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
15:16:56.0626 1788 WinUsb - ok
15:16:56.0657 1788 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:16:56.0657 1788 WmiAcpi - ok
15:16:56.0782 1788 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:16:56.0782 1788 ws2ifsl - ok
15:16:56.0828 1788 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
15:16:56.0844 1788 WudfPf - ok
15:16:56.0938 1788 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:16:56.0938 1788 WUDFRd - ok
15:16:56.0984 1788 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
15:16:56.0984 1788 yukonw7 - ok
15:16:57.0016 1788 MBR (0x1B8) (be385453bd55e519c7725718385b5673) \Device\Harddisk0\DR0
15:16:57.0047 1788 \Device\Harddisk0\DR0 - ok
15:16:57.0062 1788 Boot (0x1200) (444ad36eb9b0915ddf01e271f0600fac) \Device\Harddisk0\DR0\Partition0
15:16:57.0062 1788 \Device\Harddisk0\DR0\Partition0 - ok
15:16:57.0078 1788 Boot (0x1200) (fcca9079a92bf0e92a2940ecb52c9fa0) \Device\Harddisk0\DR0\Partition1
15:16:57.0078 1788 \Device\Harddisk0\DR0\Partition1 - ok
15:16:57.0109 1788 Boot (0x1200) (e9975b21146aa44f2fa3e45f217b03e7) \Device\Harddisk0\DR0\Partition2
15:16:57.0109 1788 \Device\Harddisk0\DR0\Partition2 - ok
15:16:57.0125 1788 Boot (0x1200) (b141a0c75018cb420521344edca588e3) \Device\Harddisk0\DR0\Partition3
15:16:57.0125 1788 \Device\Harddisk0\DR0\Partition3 - ok
15:16:57.0125 1788 ============================================================
15:16:57.0125 1788 Scan finished
15:16:57.0125 1788 ============================================================
15:16:57.0140 1140 Detected object count: 0
15:16:57.0140 1140 Actual detected object count: 0
15:17:30.0946 1356 Deinitialize success

__________________________________________________________________________________________________________________________________

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.03.04

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7600.16385
Ugo :: UGO-PC [administrator]

Protection: Disabled

1/3/2012 4:13:42 PM
mbam-log-2012-01-03 (16-13-42).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 396936
Time elapsed: 41 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Ugo\AppData\Local\Temp\ICReinstall\cnet2_ashampoo_burning_studio_6_free_6_80_4312_exe.exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.
C:\Users\Ugo\Downloads\cnet2_ashampoo_burning_studio_6_free_6_80_4312_exe.exe (PUP.CNET.Adware.Bundle) -> Quarantined and deleted successfully.

(end)

__________________________________________________________________________________________________________________________________
All processes killed
========== FILES ==========
C:\Users\Ugo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\1a0534d7-175cb00a moved successfully.
C:\Users\Ugo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3958e6c3-3728d692 moved successfully.
C:\Users\Ugo\Downloads\Setup_FreeBurner.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Ugo
->Temp folder emptied: 35355268 bytes
->Temporary Internet Files folder emptied: 43374050 bytes
->Java cache emptied: 15722356 bytes
->FireFox cache emptied: 721112119 bytes
->Google Chrome cache emptied: 350854797 bytes
->Apple Safari cache emptied: 9719808 bytes
->Flash cache emptied: 219736 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9245145 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 31665610 bytes

Total Files Cleaned = 1,161.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 01032012_180947

Files moved on Reboot...
C:\Users\Ugo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
From OTM: Total Files Cleaned = 1,161.00 mb Oh my goodness! When was the last time you did maintenance on the system? This is a lot of files!
Set up a regular schedule to do this- the frequency will be according to your use.> every week or 2 for heavy use, stretching to every month for lighter use:
Delete temporary internet files and Cookies
Disc Cleanup
Error Check
Defrag
Check Add/Remove Program and uninstall any you aren't using> be sure to use Wundows Explorer to access Computer> Local Drive> Programs> do a right click> Delete for any folder for program you uninstalled.
=========================================
Lot of bad entries handled in Combofix. Let's remove a few more:
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
KillAll::
File::
DDS::
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
Registry::
[Clearjavacache]
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Have the problems been resolved? If not, what remains?.
 
How do I delete temp files, defrag, error check and perform disk cleanups?
Nothing seems to be wrong currently and the system is running smooth.
 
Oh my! Install Date: 7/22/2010 7:01:31 PM and you don't know how to keep the system running well!

Windows 101: Maintenance for the Computer System

The following is a list of the basic maintenance that should be done on the computer. "Average" length of time between> is one month. Less time between if you are a heavy user.

To access System Properties
Right click on Start> Explore> click on Computer> right click on Local Drive (usually C)> Properties> This will open a screen with the options to do the following:
Best order to run is: First, Error Check to ensure that your hard drive is healthy and working. Then run Disk Cleanup to remove any extra or useless files. Finally, optimize the disk by running Defrag.

  1. Tools tab
  2. Error Checking (CHKDSK) This checks your hard drive for errors.
    Tools tab: Error Checking: click on Check now. On screen that comes up, check both of the boxes.
    You will get a nag message that some files are in use. Close the message> Reboot the Computer> Checking will start. Computer will reboot when finished.
    There are 5 stages to this. Let them finish. It will take a while since you have not been doing it.
    Tools tab
  3. Disk defrag, This takes all of the bits of data on your hard drive and puts them in order. If you use your computer a lot, you can have data scattered all over your hard drive. It makes you computer run slower when it is looking for this information. click on Defragment now.
    General tab:
  4. Disc Cleanup button> Check all the files you want cleaned when the screen opens: Included:
    [o]Deleting temporary internet files, Each time you go to a site, a temporary file is placed on you computer's hard drive. These can add up to a lot of space if not deleted regularly.
    [o]Deleting cookies, These are small files web site put on your hard drive to identify you and track your surfing habits. If you have a password save for a certain web site, deleting your cookies will delete that as well. Over the years there have been some lively debates about how often to do this. I don't very often, others do it daily. It is really up to each person.
    [o]Delete History- This is similar to temporary internet files. But when you delete History, it deletes the URLs in the Address box drop-down menu.
    ====================================
  5. Checking for security and critical updates,
    Windows:This requires you to go to Microsoft.com and do an Windows update scan. Often there are security problems or hackers have found a vulnerable spot in Windows that needs to be fixed.
    Java
    Adobe Reader
    ===============================================
  6. Unused programs
    Control Panel> Programs> Look for any programs you don't use and uninstall them. If you don't know what a program is for, do a Google search to identify.
    ===========================================
  7. Unnecessary Startup:Use the Windows msconfig utility to uncheck any programs that don't need to start on boot.
  8. Security scans: Make sure all of the security scans are updated ad run occasional scans
 
Sincw the problems have been resolved:

Remove all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
    [o] Click START> then RUN
    [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  • Download OTCleanIt by OldTimer and save it to your Desktop.
    [o] Double click OTCleanIt.exe.
    [o] Click the CleanUp! button.
    [o] If you are prompted to Reboot during the cleanup, select Yes.
    [o]The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
  • Set a new, clean Restore Point
    [o] Click on Start> right click on Computer> Properties
    [o] Select System Protection
    [o] Click on the Create button (near bottom)
    [o] Type a name for the Restore Point
    [o] Click on Create again to save the restore point.
  • Deleting all but the most recent System Protection point in Windows 7
    [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
    [o] Click Disk Cleanup from there.
    image2.png

    [o] Click Clean up system files
    This restarts Disk Cleanup to run in elevated mode.
    [o] Click the More Options tab
    w7-srp2.png

    [o] Click the Clean up under System Restore and Shadow Copies.
    [o] Click OK.
    [o] You will get a confirmation screen> Just click Delete.
    [o] Click OK on the Disk Cleanup Screen.
    [o] Click Delete Files on the Confirmation screen.
image6.png

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin

Stay safe!
 
Status
Not open for further replies.

Similar threads

Jess_123
My num pad + doesn't work ...
Replies
0
Views
265
Jess_123
Jess_123
kasun123450
How do I fix my network cable port?
Replies
0
Views
654
kasun123450
kasun123450
Mickey1
PC Freezes & won't open anything
Replies
3
Views
509
info12345
info12345

Latest posts

Back