Solved Malwarebytes malicious IP address popups

[BlackScardonia]

I am getting popups about Malwarebytes blocking malicious IP addresses from the processes svchost.exe and firefox.exe. They are usually incoming. Also, my computer lags a lot when going to Youtube. Other sites not so much, but Youtube can take 5-30 seconds to load, and it would normally load immediately.

---

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.09.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Veruni :: THELUCKYONE [administrator]

Protection: Enabled

8/10/2012 12:40:05 AM
mbam-log-2012-08-10 (00-40-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198448
Time elapsed: 5 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-10 11:59:43
Windows 6.1.7600
Running: slyglhji.exe


---- Files - GMER 1.0.15 ----

File C:\System Recovery Files\2012-03-24 104124\D-OS\System Recovery Files\2011-04-08 214958\D-OS\Users\Robin\AppData\Local\Microsoft\Device Metadata\dmrccache\en-US\49c38ed9-27a2-455e-a177-c0f3e64f7379\DeviceStage\Task\{1b9a7e4a-0684-4d0f-a3e5-b75bc49d947d}\en-US\resource.xml 1290 bytes
File C:\System Recovery Files\2012-03-24 104124\D-OS\System Recovery Files\2011-04-08 214958\D-OS\Users\Robin\AppData\Local\Microsoft\Device Metadata\dmrccache\en-US\49c38ed9-27a2-455e-a177-c0f3e64f7379\DeviceStage\Task\{1b9a7e4a-0684-4d0f-a3e5-b75bc49d947d}\en-US\tasks.xml 7955 bytes
File C:\System Recovery Files\2012-03-24 104124\D-OS\System Recovery Files\2011-04-08 214958\D-OS\Users\Robin\AppData\Local\Microsoft\Device Metadata\dmrccache\en-US\49c38ed9-27a2-455e-a177-c0f3e64f7379\DeviceStage\Task\{4ac0d437-916a-4cce-89ca-e8da14bffab8}\en-US\resource.xml 1152 bytes
File C:\System Recovery Files\2012-03-24 104124\D-OS\System Recovery Files\2011-04-08 214958\D-OS\Users\Robin\AppData\Local\Microsoft\Device Metadata\dmrccache\en-US\49c38ed9-27a2-455e-a177-c0f3e64f7379\DeviceStage\Task\{4ac0d437-916a-4cce-89ca-e8da14bffab8}\en-US\tasks.xml 4340 bytes
File C:\System Recovery Files\2012-03-24 104124\D-OS\System Recovery Files\2011-04-08 214958\D-OS\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\5578800e7e608029f06ca51e2a79e5a7244d80d9.HomeGroupClassifier\e0c05e6779e3fde6bc45950ffdb997b8\grouping\db.mdb 1056768 bytes
File C:\System Recovery Files\2012-03-24 112948\D-OS\System Recovery Files\2011-04-08 214958\D-OS\Users\Robin\AppData\Local\Microsoft\Device Metadata\dmrccache\en-US\49c38ed9-27a2-455e-a177-c0f3e64f7379\DeviceStage\Task\{1b9a7e4a-0684-4d0f-a3e5-b75bc49d947d}\en-US\resource.xml 1290 bytes
File C:\System Recovery Files\2012-03-24 112948\D-OS\System Recovery Files\2011-04-08 214958\D-OS\Users\Robin\AppData\Local\Microsoft\Device Metadata\dmrccache\en-US\49c38ed9-27a2-455e-a177-c0f3e64f7379\DeviceStage\Task\{1b9a7e4a-0684-4d0f-a3e5-b75bc49d947d}\en-US\tasks.xml 7955 bytes
File C:\System Recovery Files\2012-03-24 112948\D-OS\System Recovery Files\2011-04-08 214958\D-OS\Users\Robin\AppData\Local\Microsoft\Device Metadata\dmrccache\en-US\49c38ed9-27a2-455e-a177-c0f3e64f7379\DeviceStage\Task\{4ac0d437-916a-4cce-89ca-e8da14bffab8}\en-US\resource.xml 1152 bytes
File C:\System Recovery Files\2012-03-24 112948\D-OS\System Recovery Files\2011-04-08 214958\D-OS\Users\Robin\AppData\Local\Microsoft\Device Metadata\dmrccache\en-US\49c38ed9-27a2-455e-a177-c0f3e64f7379\DeviceStage\Task\{4ac0d437-916a-4cce-89ca-e8da14bffab8}\en-US\tasks.xml 4340 bytes
File C:\System Recovery Files\2012-03-24 112948\D-OS\System Recovery Files\2011-04-08 214958\D-OS\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\5578800e7e608029f06ca51e2a79e5a7244d80d9.HomeGroupClassifier\e0c05e6779e3fde6bc45950ffdb997b8\grouping\db.mdb 1056768 bytes
File C:\System Recovery Files\2012-03-24 120952\D-OS\System Recovery Files\2011-04-08 214958\D-OS\Users\Robin\AppData\Local\Microsoft\Device Metadata\dmrccache\en-US\49c38ed9-27a2-455e-a177-c0f3e64f7379\DeviceStage\Task\{1b9a7e4a-0684-4d0f-a3e5-b75bc49d947d}\en-US\resource.xml 1290 bytes
File C:\System Recovery Files\2012-03-24 120952\D-OS\System Recovery Files\2011-04-08 214958\D-OS\Users\Robin\AppData\Local\Microsoft\Device Metadata\dmrccache\en-US\49c38ed9-27a2-455e-a177-c0f3e64f7379\DeviceStage\Task\{1b9a7e4a-0684-4d0f-a3e5-b75bc49d947d}\en-US\tasks.xml 7955 bytes
File C:\System Recovery Files\2012-03-24 120952\D-OS\System Recovery Files\2011-04-08 214958\D-OS\Users\Robin\AppData\Local\Microsoft\Device Metadata\dmrccache\en-US\49c38ed9-27a2-455e-a177-c0f3e64f7379\DeviceStage\Task\{4ac0d437-916a-4cce-89ca-e8da14bffab8}\en-US\resource.xml 1152 bytes
File C:\System Recovery Files\2012-03-24 120952\D-OS\System Recovery Files\2011-04-08 214958\D-OS\Users\Robin\AppData\Local\Microsoft\Device Metadata\dmrccache\en-US\49c38ed9-27a2-455e-a177-c0f3e64f7379\DeviceStage\Task\{4ac0d437-916a-4cce-89ca-e8da14bffab8}\en-US\tasks.xml 4340 bytes
File C:\System Recovery Files\2012-03-24 120952\D-OS\System Recovery Files\2011-04-08 214958\D-OS\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\5578800e7e608029f06ca51e2a79e5a7244d80d9.HomeGroupClassifier\e0c05e6779e3fde6bc45950ffdb997b8\grouping\db.mdb 1056768 bytes

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Veruni at 12:15:46 on 2012-08-10
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5880.3242 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Fraps\fraps.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Users\Veruni\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Fraps\fraps64.dat
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\Winampa.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce: [tv_enua] RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\tv_enua.inf, RemoveCabinet
StartupFolder: C:\Users\Veruni\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Veruni\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{452AA06E-271D-43C8-AD8B-E8429C5EDAF1} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\Winampa.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRunOnce-x64: [tv_enua] RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\tv_enua.inf, RemoveCabinet
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Veruni\AppData\Roaming\Mozilla\Firefox\Profiles\fdywu1fw.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll
FF - plugin: C:\Users\Veruni\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Veruni\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Veruni\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-10 44808]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-4 655944]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-10 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-28 250056]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-4-27 1315592]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-10 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-7-24 14544]
.
=============== Created Last 30 ================
.
2012-08-10 04:34:19 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-08-10 04:34:12 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-08-10 04:34:06 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-08-10 04:33:38 41224 ----a-w- C:\Windows\avastSS.scr
2012-08-10 04:33:28 -------- d-----w- C:\ProgramData\AVAST Software
2012-08-10 04:33:28 -------- d-----w- C:\Program Files\AVAST Software
2012-08-06 19:19:02 -------- d-----w- C:\Windows\lhsp
2012-08-06 19:18:59 -------- d-----w- C:\Program Files (x86)\CFS-Technologies
2012-08-04 22:55:01 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-04 10:11:12 98816 ----a-w- C:\Windows\sed.exe
2012-08-04 10:11:12 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-04 10:11:12 256000 ----a-w- C:\Windows\PEV.exe
2012-08-04 10:11:12 208896 ----a-w- C:\Windows\MBR.exe
2012-08-04 09:48:56 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-08-04 08:13:13 -------- d-----w- C:\Users\Veruni\AppData\Roaming\Malwarebytes
2012-08-04 08:13:00 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-04 08:13:00 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-04 08:13:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-03 08:56:35 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D66C50EA-5093-45BD-946D-FB51486FD601}\mpengine.dll
2012-07-30 02:35:06 -------- d-----w- C:\Program Files\HyperCam 2
2012-07-26 18:00:59 73544 ----a-w- C:\Windows\System32\XAPOFX1_3.dll
2012-07-26 17:58:35 -------- d--h--w- C:\Windows\msdownld.tmp
2012-07-26 17:58:32 -------- d-----w- C:\Windows\SysWow64\directx
2012-07-18 23:48:59 -------- d-----w- C:\Users\Veruni\AppData\Local\Google
.
==================== Find3M ====================
.
2012-08-04 05:15:13 328704 ----a-w- C:\Windows\System32\services.exe
2012-08-03 05:17:17 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 05:17:17 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-12 03:02:52 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-26 20:01:39 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-05-26 20:01:39 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2009-05-15 02:15:24 5719400 ----a-w- C:\Program Files\Common Files\adlmint_libFNP.dll
2009-05-15 02:15:24 4397928 ----a-w- C:\Program Files\Common Files\adlmint.dll
.
============= FINISH: 12:16:24.55 ===============.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/24/2012 1:30:59 PM
System Uptime: 8/4/2012 6:53:39 PM (138 hours ago)
.
Motherboard: FOXCONN | | 2A92
Processor: AMD Athlon(tm) II X4 635 Processor | CPU 1 | 2900/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 920 GiB total, 276.104 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.387 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 298 GiB total, 136.227 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP92: 8/3/2012 4:55:46 AM - Windows Update
RP93: 8/10/2012 12:33:11 AM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
µTorrent
2010 DR PEPPER EA GAMES EVERY BOTTLE/CUP WINS PROMOTION
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Reader X (10.1.3)
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Audacity 2.0
avast! Free Antivirus
Bejeweled 2 Deluxe
Bing Bar
Black and White
Blackhawk Striker 2
Blasterball 3
BufferChm
Build-a-lot 2
C4700
Cake Mania
CamStudio OSS Desktop Recorder
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
D-Fend Reloaded 1.2.1 (deinstall)
D3DX10
Destinations
DeviceDiscovery
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Dropbox
DVD Menu Pack for HP MediaSmart Video
Escape Rosecliff Island
Faerie Solitaire
FATE
Fraps (remove only)
Game Booster 3
GIMP 2.6.11
Google Chrome
Google Talk Plugin
Google Update Helper
GPBaseService2
HP Advisor
HP Customer Experience Enhancements
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Photo Creations
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
HPPhotoGadget
HPProductAssistant
HPSSupply
Hulu Desktop
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 31
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
LAME v3.99.3 (for Windows)
Lernout & Hauspie TruVoice American English TTS Engine
LightScribe System Software
Livestream Procaster
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The New York Fortune
Norton Online Backup
Origin
PDF Settings CS5
Penguins!
PhotoFiltre
PhotoNow!
PictureMover
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PS_AIO_06_C4700_SW_Min
QuickTime
QuickTransfer
Ralink RT2860 Wireless LAN Card
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recovery Manager
Resource Hacker Version 3.6.0
Resource Tuner 1.99 R6
Roxio CinemaNow 2.0
Scan
Sculptris Alpha 6
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
SmartWebPrinting
SolutionCenter
Sony Vegas Pro 8.0
Speakonia
SPORE™
SPORE™ Creepy & Cute Parts Pack
SPORE™ Galactic Adventures
Status
Steam
Team Fortress 2
TextTwist 2
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Virtual Families
Virtual Villagers - The Secret City
WebReg
Wheel of Fortune 2
Winamp (Remove Only)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
YTD Video Downloader 3.9
Zip Motion Block Video codec (Remove Only)
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
8/4/2012 6:56:59 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: A device attached to the system is not functioning.
8/4/2012 6:56:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
8/4/2012 6:56:38 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/4/2012 6:54:31 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
8/4/2012 6:54:27 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
8/4/2012 6:53:18 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/4/2012 6:46:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
8/4/2012 6:42:55 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/4/2012 6:41:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/4/2012 6:41:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/4/2012 6:41:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/4/2012 6:41:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/4/2012 6:41:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/4/2012 6:41:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/4/2012 6:41:37 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
8/4/2012 6:41:37 PM, Error: Service Control Manager [7003] - The Windows Firewall service depends the following service: BFE. This service might not be installed.
8/4/2012 6:41:37 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/4/2012 6:41:37 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/4/2012 6:41:37 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/4/2012 6:41:37 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/4/2012 6:41:37 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/4/2012 6:41:37 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/4/2012 6:41:37 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/4/2012 6:41:37 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/4/2012 6:41:37 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/4/2012 6:41:37 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/4/2012 6:41:37 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/4/2012 6:41:37 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/4/2012 6:41:37 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/4/2012 6:20:51 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/4/2012 5:39:11 AM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
8/4/2012 5:39:11 AM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
8/4/2012 1:36:51 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/4/2012 1:14:25 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
8/10/2012 12:00:34 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
8/10/2012 12:00:34 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================

Please download the below tool named Rkill (courtesy of BleepingComputer.com) to your desktop.

There are 2 different versions. If one of them won't run then download and try to run the other one.

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

http://download.bleepingcomputer.com/grinler/beta/rkill.exe
http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[BlackScardonia]

Thank you for the help.

Here are the requested logs:
Rkill 2.1.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/10/2012 12:48:59 PM in x64 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@" was reset to comfile!


Performing miscellaneous checks.

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/10/2012 12:49:18 PM
Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s)

-----

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-10 12:50:43
-----------------------------
12:50:43.627 OS Version: Windows x64 6.1.7600
12:50:43.627 Number of processors: 4 586 0x503
12:50:43.627 ComputerName: THELUCKYONE UserName: Veruni
12:50:46.591 Initialize success
12:50:46.685 AVAST engine defs: 12081000
12:51:01.489 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000052
12:51:01.489 Disk 0 Vendor: WDC_____ 01.0 Size: 953869MB BusType: 8
12:51:01.505 Disk 0 MBR read successfully
12:51:01.505 Disk 0 MBR scan
12:51:01.520 Disk 0 unknown MBR code
12:51:01.520 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:51:01.520 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 941819 MB offset 206848
12:51:01.567 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11753 MB offset 1929052160
12:51:01.567 Disk 0 scanning C:\Windows\system32\drivers
12:51:06.855 Service scanning
12:51:19.055 Modules scanning
12:51:19.055 Disk 0 trace - called modules:
12:51:19.070 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll amdsbs.sys
12:51:19.585 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005fa0060]
12:51:19.585 3 CLASSPNP.SYS[fffff8800190343f] -> nt!IofCallDriver -> \Device\00000052[0xfffffa8005db39c0]
12:51:21.410 AVAST engine scan C:\Windows
12:51:25.950 AVAST engine scan C:\Windows\system32
12:53:25.712 AVAST engine scan C:\Windows\system32\drivers
12:53:34.121 AVAST engine scan C:\Users\Veruni
12:54:52.527 Disk 0 MBR has been saved successfully to "C:\Users\Veruni\Desktop\MBR.dat"
12:54:52.543 The log file has been saved successfully to "C:\Users\Veruni\Desktop\aswMBR.txt"

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[BlackScardonia]

I have to split this one between two replies due to the length.

13:11:50.0477 8736 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:11:50.0804 8736 ============================================================
13:11:50.0804 8736 Current date / time: 2012/08/10 13:11:50.0804
13:11:50.0804 8736 SystemInfo:
13:11:50.0804 8736
13:11:50.0804 8736 OS Version: 6.1.7600 ServicePack: 0.0
13:11:50.0804 8736 Product type: Workstation
13:11:50.0804 8736 ComputerName: THELUCKYONE
13:11:50.0804 8736 UserName: Veruni
13:11:50.0804 8736 Windows directory: C:\Windows
13:11:50.0804 8736 System windows directory: C:\Windows
13:11:50.0804 8736 Running under WOW64
13:11:50.0804 8736 Processor architecture: Intel x64
13:11:50.0804 8736 Number of processors: 4
13:11:50.0804 8736 Page size: 0x1000
13:11:50.0804 8736 Boot type: Normal boot
13:11:50.0804 8736 ============================================================
13:11:54.0954 8736 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:11:55.0001 8736 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:11:57.0076 8736 ============================================================
13:11:57.0076 8736 \Device\Harddisk0\DR0:
13:11:57.0091 8736 MBR partitions:
13:11:57.0091 8736 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:11:57.0091 8736 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72F7D800
13:11:57.0091 8736 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72FB0000, BlocksNum 0x16F4800
13:11:57.0091 8736 \Device\Harddisk1\DR1:
13:11:57.0091 8736 MBR partitions:
13:11:57.0091 8736 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542DAB0
13:11:57.0091 8736 ============================================================
13:11:57.0169 8736 C: <-> \Device\Harddisk0\DR0\Partition1
13:11:57.0341 8736 D: <-> \Device\Harddisk0\DR0\Partition2
13:11:57.0419 8736 J: <-> \Device\Harddisk1\DR1\Partition0
13:11:57.0419 8736 ============================================================
13:11:57.0419 8736 Initialize success
13:11:57.0419 8736 ============================================================
13:11:59.0462 9428 ============================================================
13:11:59.0462 9428 Scan started
13:11:59.0462 9428 Mode: Manual;
13:11:59.0462 9428 ============================================================
13:12:07.0621 9428 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:12:07.0621 9428 1394ohci - ok
13:12:07.0684 9428 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:12:07.0684 9428 ACPI - ok
13:12:07.0715 9428 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:12:07.0715 9428 AcpiPmi - ok
13:12:07.0871 9428 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:12:07.0871 9428 AdobeARMservice - ok
13:12:08.0011 9428 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:12:08.0011 9428 AdobeFlashPlayerUpdateSvc - ok
13:12:08.0089 9428 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:12:08.0105 9428 adp94xx - ok
13:12:08.0183 9428 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:12:08.0183 9428 adpahci - ok
13:12:08.0214 9428 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:12:08.0214 9428 adpu320 - ok
13:12:08.0276 9428 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:12:08.0276 9428 AeLookupSvc - ok
13:12:08.0370 9428 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
13:12:08.0370 9428 AFD - ok
13:12:08.0417 9428 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:12:08.0417 9428 agp440 - ok
13:12:08.0448 9428 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:12:08.0448 9428 ALG - ok
13:12:08.0495 9428 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:12:08.0495 9428 aliide - ok
13:12:08.0526 9428 AMD External Events Utility (c4c88cd854b28fc85495c841a0f6a069) C:\Windows\system32\atiesrxx.exe
13:12:08.0526 9428 AMD External Events Utility - ok
13:12:08.0573 9428 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:12:08.0573 9428 amdide - ok
13:12:08.0588 9428 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:12:08.0588 9428 AmdK8 - ok
13:12:10.0164 9428 amdkmdag (1147f8816d4ddc9fc43a40df52f40500) C:\Windows\system32\DRIVERS\atipmdag.sys
13:12:10.0195 9428 amdkmdag - ok
13:12:10.0414 9428 amdkmdap (ebc963d8f5b04c98f5ef597aae79cddd) C:\Windows\system32\DRIVERS\atikmpag.sys
13:12:10.0414 9428 amdkmdap - ok
13:12:10.0523 9428 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:12:10.0523 9428 AmdPPM - ok
13:12:10.0538 9428 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
13:12:10.0554 9428 amdsata - ok
13:12:10.0616 9428 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:12:10.0616 9428 amdsbs - ok
13:12:10.0632 9428 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
13:12:10.0632 9428 amdxata - ok
13:12:10.0694 9428 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:12:10.0694 9428 AppID - ok
13:12:10.0741 9428 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:12:10.0741 9428 AppIDSvc - ok
13:12:10.0772 9428 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
13:12:10.0772 9428 Appinfo - ok
13:12:11.0100 9428 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:12:11.0100 9428 Apple Mobile Device - ok
13:12:11.0802 9428 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:12:11.0802 9428 arc - ok
13:12:11.0974 9428 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:12:11.0974 9428 arcsas - ok
13:12:12.0067 9428 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
13:12:12.0067 9428 aswFsBlk - ok
13:12:12.0317 9428 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
13:12:12.0317 9428 aswMonFlt - ok
13:12:13.0268 9428 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
13:12:13.0268 9428 aswRdr - ok
13:12:15.0640 9428 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
13:12:15.0655 9428 aswSnx - ok
13:12:16.0295 9428 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
13:12:16.0295 9428 aswSP - ok
13:12:16.0466 9428 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
13:12:16.0466 9428 aswTdi - ok
13:12:16.0607 9428 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:12:16.0607 9428 AsyncMac - ok
13:12:16.0747 9428 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:12:16.0763 9428 atapi - ok
13:12:17.0574 9428 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
13:12:17.0574 9428 AtiPcie - ok
13:12:18.0900 9428 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:12:18.0900 9428 AudioEndpointBuilder - ok
13:12:18.0900 9428 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:12:18.0900 9428 AudioSrv - ok
13:12:19.0508 9428 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:12:19.0508 9428 avast! Antivirus - ok
13:12:19.0508 9428 avkmgr - ok
13:12:19.0602 9428 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
13:12:19.0602 9428 AxInstSV - ok
13:12:20.0164 9428 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:12:20.0164 9428 b06bdrv - ok
13:12:20.0710 9428 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:12:20.0710 9428 b57nd60a - ok
13:12:21.0568 9428 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
13:12:21.0568 9428 BBSvc - ok
13:12:21.0833 9428 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
13:12:21.0833 9428 BBUpdate - ok
13:12:22.0020 9428 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:12:22.0020 9428 BDESVC - ok
13:12:22.0082 9428 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:12:22.0082 9428 Beep - ok
13:12:23.0346 9428 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
13:12:23.0346 9428 BFE - ok
13:12:23.0486 9428 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:12:23.0486 9428 blbdrive - ok
13:12:24.0734 9428 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:12:24.0734 9428 Bonjour Service - ok
13:12:24.0859 9428 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
13:12:24.0859 9428 bowser - ok
13:12:24.0953 9428 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:12:24.0953 9428 BrFiltLo - ok
13:12:24.0984 9428 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:12:24.0984 9428 BrFiltUp - ok
13:12:25.0093 9428 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:12:25.0093 9428 BridgeMP - ok
13:12:25.0280 9428 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
13:12:25.0280 9428 Browser - ok
13:12:26.0138 9428 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:12:26.0138 9428 Brserid - ok
13:12:26.0404 9428 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:12:26.0404 9428 BrSerWdm - ok
13:12:26.0466 9428 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:12:26.0466 9428 BrUsbMdm - ok
13:12:26.0575 9428 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:12:26.0575 9428 BrUsbSer - ok
13:12:26.0700 9428 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:12:26.0700 9428 BTHMODEM - ok
13:12:27.0230 9428 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:12:27.0230 9428 bthserv - ok
13:12:27.0230 9428 catchme - ok
13:12:27.0714 9428 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:12:27.0714 9428 cdfs - ok
13:12:28.0634 9428 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:12:28.0634 9428 cdrom - ok
13:12:28.0822 9428 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:12:28.0822 9428 CertPropSvc - ok
13:12:29.0149 9428 CinemaNow Service (2c24db5f78f0aca759803001e6b4f320) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
13:12:29.0149 9428 CinemaNow Service - ok
13:12:29.0227 9428 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:12:29.0227 9428 circlass - ok
13:12:30.0397 9428 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:12:30.0397 9428 CLFS - ok
13:12:30.0600 9428 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:12:30.0600 9428 clr_optimization_v2.0.50727_32 - ok
13:12:30.0740 9428 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:12:30.0740 9428 clr_optimization_v2.0.50727_64 - ok
13:12:30.0974 9428 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:12:30.0974 9428 clr_optimization_v4.0.30319_32 - ok
13:12:31.0271 9428 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:12:31.0271 9428 clr_optimization_v4.0.30319_64 - ok
13:12:31.0349 9428 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:12:31.0349 9428 CmBatt - ok
13:12:31.0380 9428 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:12:31.0380 9428 cmdide - ok
13:12:32.0893 9428 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
13:12:32.0893 9428 CNG - ok
13:12:32.0971 9428 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:12:32.0971 9428 Compbatt - ok
13:12:33.0112 9428 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:12:33.0112 9428 CompositeBus - ok
13:12:33.0143 9428 COMSysApp - ok
13:12:33.0626 9428 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:12:33.0642 9428 crcdisk - ok
13:12:33.0751 9428 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
13:12:33.0751 9428 CryptSvc - ok
13:12:34.0360 9428 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
13:12:34.0375 9428 DcomLaunch - ok
13:12:34.0734 9428 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:12:34.0734 9428 defragsvc - ok
13:12:34.0952 9428 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
13:12:34.0952 9428 DfsC - ok
13:12:35.0920 9428 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
13:12:35.0920 9428 Dhcp - ok
13:12:36.0013 9428 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:12:36.0013 9428 discache - ok
13:12:36.0107 9428 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:12:36.0107 9428 Disk - ok
13:12:36.0247 9428 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
13:12:36.0247 9428 Dnscache - ok
13:12:36.0668 9428 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
13:12:36.0668 9428 dot3svc - ok
13:12:36.0887 9428 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
13:12:36.0887 9428 Dot4 - ok
13:12:37.0058 9428 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:12:37.0058 9428 Dot4Print - ok
13:12:37.0121 9428 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
13:12:37.0121 9428 dot4usb - ok
13:12:37.0573 9428 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
13:12:37.0573 9428 DPS - ok
13:12:37.0636 9428 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:12:37.0636 9428 drmkaud - ok
13:12:39.0586 9428 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
13:12:39.0586 9428 DXGKrnl - ok
13:12:40.0085 9428 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:12:40.0100 9428 EapHost - ok
13:12:45.0935 9428 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:12:45.0950 9428 ebdrv - ok
13:12:46.0668 9428 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
13:12:46.0668 9428 EFS - ok
13:12:47.0713 9428 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
13:12:47.0729 9428 ehRecvr - ok
13:12:48.0571 9428 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:12:48.0571 9428 ehSched - ok
13:12:49.0429 9428 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:12:49.0429 9428 elxstor - ok
13:12:49.0476 9428 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:12:49.0476 9428 ErrDev - ok
13:12:49.0866 9428 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:12:49.0866 9428 EventSystem - ok
13:12:50.0069 9428 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:12:50.0069 9428 exfat - ok
13:12:50.0162 9428 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:12:50.0162 9428 fastfat - ok
13:12:50.0584 9428 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
13:12:50.0584 9428 Fax - ok
13:12:50.0646 9428 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:12:50.0646 9428 fdc - ok
13:12:50.0677 9428 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:12:50.0677 9428 fdPHost - ok
13:12:50.0708 9428 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:12:50.0708 9428 FDResPub - ok
13:12:50.0771 9428 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:12:50.0771 9428 FileInfo - ok
13:12:50.0927 9428 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:12:50.0927 9428 Filetrace - ok
13:12:54.0421 9428 FLEXnet Licensing Service 64 (f1a9c61436e12a637a647870dd6d9eef) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
13:12:54.0421 9428 FLEXnet Licensing Service 64 - ok
13:12:54.0827 9428 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:12:54.0827 9428 flpydisk - ok
13:12:55.0264 9428 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:12:55.0264 9428 FltMgr - ok
13:12:55.0451 9428 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
13:12:55.0466 9428 FontCache - ok
13:12:55.0513 9428 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:12:55.0513 9428 FontCache3.0.0.0 - ok
13:12:55.0544 9428 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:12:55.0544 9428 FsDepends - ok
13:12:55.0560 9428 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
13:12:55.0560 9428 Fs_Rec - ok
13:12:55.0622 9428 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:12:55.0622 9428 fvevol - ok
13:12:55.0654 9428 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:12:55.0654 9428 gagp30kx - ok
13:12:55.0747 9428 GameConsoleService (e53ee18a21c025deabcfe0f72fc481bb) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
13:12:55.0763 9428 GameConsoleService - ok
13:12:55.0810 9428 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:12:55.0810 9428 GEARAspiWDM - ok
13:12:55.0872 9428 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
13:12:55.0872 9428 gpsvc - ok
13:12:55.0966 9428 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:12:55.0966 9428 gupdate - ok
13:12:55.0981 9428 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:12:55.0997 9428 gupdatem - ok
13:12:56.0028 9428 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:12:56.0028 9428 hcw85cir - ok
13:12:56.0059 9428 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
13:12:56.0059 9428 HdAudAddService - ok
13:12:56.0090 9428 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:12:56.0090 9428 HDAudBus - ok
13:12:56.0106 9428 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:12:56.0106 9428 HidBatt - ok
13:12:56.0106 9428 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:12:56.0106 9428 HidBth - ok
13:12:56.0137 9428 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:12:56.0137 9428 HidIr - ok
13:12:56.0153 9428 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:12:56.0153 9428 hidserv - ok
13:12:56.0184 9428 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:12:56.0184 9428 HidUsb - ok
13:12:56.0215 9428 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
13:12:56.0215 9428 hkmsvc - ok
13:12:56.0231 9428 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
13:12:56.0231 9428 HomeGroupListener - ok
13:12:56.0278 9428 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
13:12:56.0278 9428 HomeGroupProvider - ok
13:12:56.0371 9428 HP Health Check Service (c84bcc03858daeac4db1e95efcce1934) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
13:12:56.0371 9428 HP Health Check Service - ok
13:12:56.0574 9428 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
13:12:56.0590 9428 hpqcxs08 - ok
13:12:56.0605 9428 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
13:12:56.0605 9428 hpqddsvc - ok
13:12:56.0668 9428 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
13:12:56.0668 9428 hpqwmiex - ok
13:12:56.0730 9428 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:12:56.0730 9428 HpSAMD - ok
13:12:56.0855 9428 HPSLPSVC (d4f91cf4de215d6f14a06087d46725e4) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
13:12:56.0855 9428 HPSLPSVC - ok
13:12:56.0933 9428 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:12:56.0933 9428 HTTP - ok
13:12:56.0933 9428 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:12:56.0933 9428 hwpolicy - ok
13:12:56.0964 9428 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:12:56.0964 9428 i8042prt - ok
13:12:57.0026 9428 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
13:12:57.0026 9428 iaStorV - ok
13:12:57.0151 9428 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:12:57.0151 9428 idsvc - ok
13:12:57.0182 9428 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:12:57.0182 9428 iirsp - ok
13:12:57.0260 9428 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
13:12:57.0276 9428 IKEEXT - ok
13:12:57.0448 9428 IntcAzAudAddService (28ceefbd2c63f91dc17ded3e8d27ecf5) C:\Windows\system32\drivers\RTKVHD64.sys
13:12:57.0463 9428 IntcAzAudAddService - ok
13:12:57.0541 9428 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:12:57.0541 9428 intelide - ok
13:12:57.0557 9428 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:12:57.0572 9428 intelppm - ok
13:12:57.0588 9428 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:12:57.0588 9428 IPBusEnum - ok
13:12:57.0619 9428 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:12:57.0619 9428 IpFilterDriver - ok
13:12:57.0666 9428 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
13:12:57.0666 9428 iphlpsvc - ok
13:12:57.0697 9428 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:12:57.0697 9428 IPMIDRV - ok
13:12:57.0713 9428 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:12:57.0713 9428 IPNAT - ok
13:12:57.0822 9428 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
13:12:57.0838 9428 iPod Service - ok
13:12:57.0869 9428 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:12:57.0869 9428 IRENUM - ok
13:12:57.0884 9428 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:12:57.0884 9428 isapnp - ok
13:12:57.0916 9428 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:12:57.0916 9428 iScsiPrt - ok
13:12:57.0947 9428 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:12:57.0947 9428 kbdclass - ok
13:12:57.0947 9428 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:12:57.0947 9428 kbdhid - ok
13:12:57.0994 9428 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:12:58.0009 9428 KeyIso - ok
13:12:58.0040 9428 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
13:12:58.0040 9428 KSecDD - ok
13:12:58.0056 9428 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
13:12:58.0056 9428 KSecPkg - ok
13:12:58.0056 9428 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:12:58.0056 9428 ksthunk - ok
13:12:58.0103 9428 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:12:58.0118 9428 KtmRm - ok
13:12:58.0196 9428 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
13:12:58.0196 9428 LanmanServer - ok
13:12:58.0228 9428 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
13:12:58.0228 9428 LanmanWorkstation - ok
13:12:58.0306 9428 LightScribeService (3503f257b3203f824b1567238ebe17e2) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
13:12:58.0306 9428 LightScribeService - ok
13:12:58.0352 9428 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:12:58.0352 9428 lltdio - ok
13:12:58.0384 9428 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:12:58.0399 9428 lltdsvc - ok
13:12:58.0415 9428 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:12:58.0415 9428 lmhosts - ok
13:12:58.0446 9428 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:12:58.0446 9428 LSI_FC - ok
13:12:58.0462 9428 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:12:58.0462 9428 LSI_SAS - ok
13:12:58.0477 9428 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:12:58.0477 9428 LSI_SAS2 - ok
13:12:58.0493 9428 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:12:58.0493 9428 LSI_SCSI - ok
13:12:58.0524 9428 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:12:58.0524 9428 luafv - ok
13:12:58.0571 9428 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
13:12:58.0571 9428 MBAMProtector - ok
13:12:58.0680 9428 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:12:58.0680 9428 MBAMService - ok
13:12:58.0742 9428 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
13:12:58.0742 9428 Mcx2Svc - ok
13:12:58.0758 9428 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:12:58.0758 9428 megasas - ok
13:12:58.0805 9428 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:12:58.0805 9428 MegaSR - ok
13:12:58.0820 9428 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:12:58.0820 9428 MMCSS - ok
13:12:58.0852 9428 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:12:58.0852 9428 Modem - ok
13:12:58.0883 9428 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:12:58.0883 9428 monitor - ok
13:12:58.0914 9428 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:12:58.0914 9428 mouclass - ok
13:12:58.0914 9428 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:12:58.0914 9428 mouhid - ok
13:12:58.0930 9428 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:12:58.0930 9428 mountmgr - ok
13:12:59.0008 9428 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:12:59.0008 9428 MozillaMaintenance - ok
13:12:59.0023 9428 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:12:59.0023 9428 mpio - ok
13:12:59.0039 9428 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:12:59.0039 9428 mpsdrv - ok
13:12:59.0117 9428 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
13:12:59.0117 9428 MpsSvc - ok
13:12:59.0164 9428 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:12:59.0164 9428 MRxDAV - ok
13:12:59.0210 9428 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:12:59.0210 9428 mrxsmb - ok
13:12:59.0257 9428 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:12:59.0257 9428 mrxsmb10 - ok
13:12:59.0288 9428 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:12:59.0304 9428 mrxsmb20 - ok
13:12:59.0320 9428 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
13:12:59.0320 9428 msahci - ok
13:12:59.0351 9428 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:12:59.0351 9428 msdsm - ok
13:12:59.0366 9428 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:12:59.0382 9428 MSDTC - ok
13:12:59.0398 9428 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:12:59.0398 9428 Msfs - ok
13:12:59.0429 9428 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:12:59.0429 9428 mshidkmdf - ok
13:12:59.0429 9428 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:12:59.0429 9428 msisadrv - ok
13:12:59.0460 9428 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:12:59.0460 9428 MSiSCSI - ok
13:12:59.0476 9428 msiserver - ok
13:12:59.0491 9428 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:12:59.0491 9428 MSKSSRV - ok
13:12:59.0491 9428 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:12:59.0491 9428 MSPCLOCK - ok
13:12:59.0522 9428 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:12:59.0522 9428 MSPQM - ok
13:12:59.0538 9428 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:12:59.0538 9428 MsRPC - ok
13:12:59.0554 9428 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:12:59.0554 9428 mssmbios - ok
13:12:59.0554 9428 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:12:59.0554 9428 MSTEE - ok
13:12:59.0585 9428 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:12:59.0585 9428 MTConfig - ok
13:12:59.0585 9428 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:12:59.0585 9428 Mup - ok
13:12:59.0632 9428 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
13:12:59.0647 9428 napagent - ok
13:12:59.0710 9428 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:12:59.0710 9428 NativeWifiP - ok
13:12:59.0788 9428 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:12:59.0788 9428 NDIS - ok
13:12:59.0819 9428 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:12:59.0819 9428 NdisCap - ok
13:12:59.0834 9428 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:12:59.0834 9428 NdisTapi - ok
13:12:59.0850 9428 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:12:59.0866 9428 Ndisuio - ok
13:12:59.0866 9428 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:12:59.0866 9428 NdisWan - ok

 

[BlackScardonia]

13:12:59.0881 9428 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:12:59.0881 9428 NDProxy - ok
13:12:59.0944 9428 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
13:12:59.0959 9428 Net Driver HPZ12 - ok
13:12:59.0959 9428 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:12:59.0959 9428 NetBIOS - ok
13:12:59.0975 9428 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:12:59.0975 9428 NetBT - ok
13:13:00.0022 9428 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:13:00.0022 9428 Netlogon - ok
13:13:00.0068 9428 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:13:00.0068 9428 Netman - ok
13:13:00.0131 9428 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:13:00.0131 9428 netprofm - ok
13:13:00.0240 9428 netr28x (064ab63c9a588d2611306ae16d017e7e) C:\Windows\system32\DRIVERS\netr28x.sys
13:13:00.0240 9428 netr28x - ok
13:13:00.0334 9428 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:13:00.0334 9428 NetTcpPortSharing - ok
13:13:00.0365 9428 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:13:00.0365 9428 nfrd960 - ok
13:13:00.0396 9428 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
13:13:00.0396 9428 NlaSvc - ok
13:13:00.0412 9428 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:13:00.0412 9428 Npfs - ok
13:13:00.0443 9428 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:13:00.0443 9428 nsi - ok
13:13:00.0443 9428 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:13:00.0443 9428 nsiproxy - ok
13:13:00.0568 9428 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
13:13:00.0583 9428 Ntfs - ok
13:13:00.0661 9428 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:13:00.0661 9428 Null - ok
13:13:00.0724 9428 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
13:13:00.0724 9428 nvraid - ok
13:13:00.0770 9428 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
13:13:00.0770 9428 nvstor - ok
13:13:00.0802 9428 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
13:13:00.0802 9428 nv_agp - ok
13:13:00.0817 9428 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:13:00.0817 9428 ohci1394 - ok
13:13:00.0848 9428 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:13:00.0848 9428 p2pimsvc - ok
13:13:00.0880 9428 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:13:00.0880 9428 p2psvc - ok
13:13:00.0926 9428 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:13:00.0926 9428 Parport - ok
13:13:00.0958 9428 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
13:13:00.0973 9428 partmgr - ok
13:13:00.0989 9428 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:13:00.0989 9428 PcaSvc - ok
13:13:01.0020 9428 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:13:01.0020 9428 pci - ok
13:13:01.0051 9428 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
13:13:01.0051 9428 pciide - ok
13:13:01.0067 9428 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:13:01.0067 9428 pcmcia - ok
13:13:01.0082 9428 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:13:01.0082 9428 pcw - ok
13:13:01.0145 9428 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:13:01.0160 9428 PEAUTH - ok
13:13:01.0254 9428 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:13:01.0254 9428 PerfHost - ok
13:13:01.0348 9428 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
13:13:01.0348 9428 pla - ok
13:13:01.0426 9428 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
13:13:01.0426 9428 PlugPlay - ok
13:13:01.0519 9428 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
13:13:01.0519 9428 Pml Driver HPZ12 - ok
13:13:01.0535 9428 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:13:01.0535 9428 PNRPAutoReg - ok
13:13:01.0566 9428 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:13:01.0566 9428 PNRPsvc - ok
13:13:01.0628 9428 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
13:13:01.0628 9428 PolicyAgent - ok
13:13:01.0675 9428 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:13:01.0675 9428 Power - ok
13:13:01.0722 9428 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:13:01.0722 9428 PptpMiniport - ok
13:13:01.0753 9428 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:13:01.0753 9428 Processor - ok
13:13:01.0800 9428 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
13:13:01.0800 9428 ProfSvc - ok
13:13:01.0847 9428 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:13:01.0847 9428 ProtectedStorage - ok
13:13:01.0862 9428 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:13:01.0862 9428 Psched - ok
13:13:02.0003 9428 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:13:02.0003 9428 ql2300 - ok
13:13:02.0112 9428 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:13:02.0112 9428 ql40xx - ok
13:13:02.0159 9428 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:13:02.0159 9428 QWAVE - ok
13:13:02.0174 9428 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:13:02.0174 9428 QWAVEdrv - ok
13:13:02.0190 9428 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:13:02.0190 9428 RasAcd - ok
13:13:02.0221 9428 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:13:02.0221 9428 RasAgileVpn - ok
13:13:02.0237 9428 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:13:02.0237 9428 RasAuto - ok
13:13:02.0237 9428 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:13:02.0237 9428 Rasl2tp - ok
13:13:02.0315 9428 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
13:13:02.0315 9428 RasMan - ok
13:13:02.0330 9428 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:13:02.0330 9428 RasPppoe - ok
13:13:02.0330 9428 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:13:02.0330 9428 RasSstp - ok
13:13:02.0346 9428 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:13:02.0346 9428 rdbss - ok
13:13:02.0377 9428 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:13:02.0377 9428 rdpbus - ok
13:13:02.0393 9428 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:13:02.0408 9428 RDPCDD - ok
13:13:02.0408 9428 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:13:02.0408 9428 RDPENCDD - ok
13:13:02.0424 9428 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:13:02.0424 9428 RDPREFMP - ok
13:13:02.0486 9428 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
13:13:02.0486 9428 RDPWD - ok
13:13:02.0518 9428 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:13:02.0518 9428 rdyboost - ok
13:13:02.0533 9428 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:13:02.0549 9428 RemoteAccess - ok
13:13:02.0549 9428 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:13:02.0564 9428 RemoteRegistry - ok
13:13:02.0596 9428 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:13:02.0596 9428 RpcEptMapper - ok
13:13:02.0627 9428 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:13:02.0627 9428 RpcLocator - ok
13:13:02.0658 9428 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\System32\rpcss.dll
13:13:02.0674 9428 RpcSs - ok
13:13:02.0705 9428 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:13:02.0705 9428 rspndr - ok
13:13:02.0752 9428 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:13:02.0752 9428 RTL8167 - ok
13:13:02.0783 9428 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:13:02.0783 9428 SamSs - ok
13:13:02.0814 9428 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:13:02.0814 9428 sbp2port - ok
13:13:02.0830 9428 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:13:02.0830 9428 SCardSvr - ok
13:13:02.0845 9428 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:13:02.0845 9428 scfilter - ok
13:13:02.0908 9428 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
13:13:02.0923 9428 Schedule - ok
13:13:02.0970 9428 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:13:02.0970 9428 SCPolicySvc - ok
13:13:03.0001 9428 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
13:13:03.0001 9428 SDRSVC - ok
13:13:03.0048 9428 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:13:03.0048 9428 secdrv - ok
13:13:03.0064 9428 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
13:13:03.0064 9428 seclogon - ok
13:13:03.0079 9428 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:13:03.0079 9428 SENS - ok
13:13:03.0095 9428 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:13:03.0095 9428 SensrSvc - ok
13:13:03.0126 9428 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:13:03.0126 9428 Serenum - ok
13:13:03.0142 9428 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:13:03.0142 9428 Serial - ok
13:13:03.0157 9428 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:13:03.0157 9428 sermouse - ok
13:13:03.0188 9428 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
13:13:03.0188 9428 SessionEnv - ok
13:13:03.0204 9428 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
13:13:03.0204 9428 sffdisk - ok
13:13:03.0220 9428 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:13:03.0220 9428 sffp_mmc - ok
13:13:03.0235 9428 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:13:03.0235 9428 sffp_sd - ok
13:13:03.0235 9428 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:13:03.0235 9428 sfloppy - ok
13:13:03.0282 9428 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:13:03.0282 9428 SharedAccess - ok
13:13:03.0313 9428 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
13:13:03.0329 9428 ShellHWDetection - ok
13:13:03.0344 9428 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:13:03.0344 9428 SiSRaid2 - ok
13:13:03.0376 9428 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:13:03.0376 9428 SiSRaid4 - ok
13:13:03.0407 9428 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:13:03.0407 9428 Smb - ok
13:13:03.0422 9428 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:13:03.0422 9428 SNMPTRAP - ok
13:13:03.0438 9428 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:13:03.0438 9428 spldr - ok
13:13:03.0500 9428 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
13:13:03.0500 9428 Spooler - ok
13:13:03.0688 9428 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
13:13:03.0703 9428 sppsvc - ok
13:13:03.0797 9428 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:13:03.0797 9428 sppuinotify - ok
13:13:03.0859 9428 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
13:13:03.0859 9428 srv - ok
13:13:03.0922 9428 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
13:13:03.0922 9428 srv2 - ok
13:13:03.0968 9428 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
13:13:03.0984 9428 srvnet - ok
13:13:04.0000 9428 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:13:04.0000 9428 SSDPSRV - ok
13:13:04.0015 9428 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:13:04.0015 9428 SstpSvc - ok
13:13:04.0078 9428 Steam Client Service - ok
13:13:04.0109 9428 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:13:04.0109 9428 stexstor - ok
13:13:04.0171 9428 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
13:13:04.0187 9428 stisvc - ok
13:13:04.0187 9428 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:13:04.0187 9428 swenum - ok
13:13:04.0327 9428 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:13:04.0327 9428 SwitchBoard - ok
13:13:04.0374 9428 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:13:04.0374 9428 swprv - ok
13:13:04.0483 9428 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
13:13:04.0499 9428 SysMain - ok
13:13:04.0608 9428 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
13:13:04.0608 9428 TabletInputService - ok
13:13:04.0639 9428 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
13:13:04.0639 9428 TapiSrv - ok
13:13:04.0655 9428 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:13:04.0655 9428 TBS - ok
13:13:04.0795 9428 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
13:13:04.0795 9428 Tcpip - ok
13:13:04.0951 9428 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
13:13:04.0967 9428 TCPIP6 - ok
13:13:05.0014 9428 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:13:05.0014 9428 tcpipreg - ok
13:13:05.0029 9428 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:13:05.0029 9428 TDPIPE - ok
13:13:05.0060 9428 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
13:13:05.0060 9428 TDTCP - ok
13:13:05.0076 9428 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:13:05.0076 9428 tdx - ok
13:13:05.0092 9428 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:13:05.0092 9428 TermDD - ok
13:13:05.0138 9428 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
13:13:05.0154 9428 TermService - ok
13:13:05.0170 9428 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:13:05.0170 9428 Themes - ok
13:13:05.0201 9428 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:13:05.0201 9428 THREADORDER - ok
13:13:05.0216 9428 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:13:05.0232 9428 TrkWks - ok
13:13:05.0248 9428 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
13:13:05.0248 9428 TrustedInstaller - ok
13:13:05.0263 9428 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:13:05.0263 9428 tssecsrv - ok
13:13:05.0294 9428 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:13:05.0294 9428 tunnel - ok
13:13:05.0310 9428 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:13:05.0310 9428 uagp35 - ok
13:13:05.0341 9428 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:13:05.0357 9428 udfs - ok
13:13:05.0372 9428 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:13:05.0372 9428 UI0Detect - ok
13:13:05.0388 9428 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:13:05.0388 9428 uliagpkx - ok
13:13:05.0404 9428 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:13:05.0404 9428 umbus - ok
13:13:05.0435 9428 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:13:05.0435 9428 UmPass - ok
13:13:05.0450 9428 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:13:05.0466 9428 upnphost - ok
13:13:05.0513 9428 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
13:13:05.0513 9428 USBAAPL64 - ok
13:13:05.0544 9428 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
13:13:05.0544 9428 usbccgp - ok
13:13:05.0560 9428 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:13:05.0560 9428 usbcir - ok
13:13:05.0606 9428 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
13:13:05.0606 9428 usbehci - ok
13:13:05.0622 9428 usbfilter (858be9c0e498c8e505e198e17eece0d9) C:\Windows\system32\DRIVERS\usbfilter.sys
13:13:05.0638 9428 usbfilter - ok
13:13:05.0669 9428 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
13:13:05.0669 9428 usbhub - ok
13:13:05.0684 9428 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
13:13:05.0684 9428 usbohci - ok
13:13:05.0700 9428 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:13:05.0700 9428 usbprint - ok
13:13:05.0747 9428 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:13:05.0747 9428 usbscan - ok
13:13:05.0778 9428 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:13:05.0778 9428 USBSTOR - ok
13:13:05.0809 9428 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
13:13:05.0809 9428 usbuhci - ok
13:13:05.0825 9428 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:13:05.0825 9428 UxSms - ok
13:13:05.0872 9428 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:13:05.0872 9428 VaultSvc - ok
13:13:05.0887 9428 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:13:05.0887 9428 vdrvroot - ok
13:13:05.0934 9428 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
13:13:05.0934 9428 vds - ok
13:13:05.0950 9428 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:13:05.0950 9428 vga - ok
13:13:05.0950 9428 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:13:05.0950 9428 VgaSave - ok
13:13:05.0981 9428 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:13:05.0996 9428 vhdmp - ok
13:13:06.0012 9428 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:13:06.0012 9428 viaide - ok
13:13:06.0012 9428 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:13:06.0028 9428 volmgr - ok
13:13:06.0043 9428 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:13:06.0043 9428 volmgrx - ok
13:13:06.0074 9428 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:13:06.0074 9428 volsnap - ok
13:13:06.0106 9428 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:13:06.0106 9428 vsmraid - ok
13:13:06.0215 9428 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
13:13:06.0215 9428 VSS - ok
13:13:06.0293 9428 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:13:06.0293 9428 vwifibus - ok
13:13:06.0308 9428 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:13:06.0308 9428 vwififlt - ok
13:13:06.0308 9428 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
13:13:06.0308 9428 vwifimp - ok
13:13:06.0355 9428 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:13:06.0355 9428 W32Time - ok
13:13:06.0371 9428 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:13:06.0371 9428 WacomPen - ok
13:13:06.0386 9428 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:13:06.0386 9428 WANARP - ok
13:13:06.0402 9428 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:13:06.0402 9428 Wanarpv6 - ok
13:13:06.0511 9428 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:13:06.0527 9428 WatAdminSvc - ok
13:13:06.0620 9428 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
13:13:06.0636 9428 wbengine - ok
13:13:06.0698 9428 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:13:06.0698 9428 WbioSrvc - ok
13:13:06.0745 9428 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
13:13:06.0761 9428 wcncsvc - ok
13:13:06.0776 9428 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:13:06.0776 9428 WcsPlugInService - ok
13:13:06.0792 9428 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:13:06.0792 9428 Wd - ok
13:13:06.0823 9428 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:13:06.0839 9428 Wdf01000 - ok
13:13:06.0854 9428 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:13:06.0870 9428 WdiServiceHost - ok
13:13:06.0870 9428 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:13:06.0870 9428 WdiSystemHost - ok
13:13:06.0917 9428 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
13:13:06.0917 9428 WebClient - ok
13:13:06.0948 9428 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:13:06.0948 9428 Wecsvc - ok
13:13:06.0964 9428 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:13:06.0964 9428 wercplsupport - ok
13:13:06.0979 9428 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:13:06.0979 9428 WerSvc - ok
13:13:06.0995 9428 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:13:06.0995 9428 WfpLwf - ok
13:13:07.0010 9428 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:13:07.0010 9428 WIMMount - ok
13:13:07.0057 9428 WinDefend - ok
13:13:07.0057 9428 WinHttpAutoProxySvc - ok
13:13:07.0104 9428 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:13:07.0104 9428 Winmgmt - ok
13:13:07.0229 9428 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys
13:13:07.0229 9428 WinRing0_1_2_0 - ok
13:13:07.0354 9428 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
13:13:07.0369 9428 WinRM - ok
13:13:07.0478 9428 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
13:13:07.0478 9428 WinUsb - ok
13:13:07.0556 9428 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:13:07.0556 9428 Wlansvc - ok
13:13:07.0744 9428 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:13:07.0759 9428 wlidsvc - ok
13:13:07.0837 9428 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:13:07.0837 9428 WmiAcpi - ok
13:13:07.0868 9428 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:13:07.0884 9428 wmiApSrv - ok
13:13:07.0915 9428 WMPNetworkSvc - ok
13:13:07.0931 9428 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:13:07.0931 9428 WPCSvc - ok
13:13:07.0946 9428 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
13:13:07.0946 9428 WPDBusEnum - ok
13:13:07.0962 9428 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:13:07.0962 9428 ws2ifsl - ok
13:13:08.0009 9428 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
13:13:08.0009 9428 wscsvc - ok
13:13:08.0009 9428 WSearch - ok
13:13:08.0180 9428 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
13:13:08.0196 9428 wuauserv - ok
13:13:08.0243 9428 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:13:08.0243 9428 WudfPf - ok
13:13:08.0274 9428 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:13:08.0274 9428 WUDFRd - ok
13:13:08.0290 9428 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
13:13:08.0290 9428 wudfsvc - ok
13:13:08.0321 9428 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:13:08.0321 9428 WwanSvc - ok
13:13:08.0352 9428 MBR (0x1B8) (05a9b2e4056a863b0ac16384e91f5aac) \Device\Harddisk0\DR0
13:13:08.0570 9428 \Device\Harddisk0\DR0 - ok
13:13:08.0586 9428 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
13:13:08.0586 9428 \Device\Harddisk1\DR1 - ok
13:13:08.0586 9428 Boot (0x1200) (a3f0b1e7fc3d4abed9b26f9902229e13) \Device\Harddisk0\DR0\Partition0
13:13:08.0586 9428 \Device\Harddisk0\DR0\Partition0 - ok
13:13:08.0602 9428 Boot (0x1200) (a29ba1bb832e3dabc8a0f9ea878e53e9) \Device\Harddisk0\DR0\Partition1
13:13:08.0602 9428 \Device\Harddisk0\DR0\Partition1 - ok
13:13:08.0648 9428 Boot (0x1200) (aad8bab4dbeb9fda718fa0ab76fd61ea) \Device\Harddisk0\DR0\Partition2
13:13:08.0648 9428 \Device\Harddisk0\DR0\Partition2 - ok
13:13:08.0648 9428 Boot (0x1200) (1e027cb5a0b8d40a3fcf3ef1d68a7bdd) \Device\Harddisk1\DR1\Partition0
13:13:08.0648 9428 \Device\Harddisk1\DR1\Partition0 - ok
13:13:08.0648 9428 ============================================================
13:13:08.0648 9428 Scan finished
13:13:08.0648 9428 ============================================================
13:13:08.0664 7468 Detected object count: 0
13:13:08.0664 7468 Actual detected object count: 0

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[BlackScardonia]

Combofix did not produce a log.

 

[Broni]

Re-run it.

 

[BlackScardonia]

ComboFix 12-08-09.01 - Veruni 08/10/2012 14:10:35.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5880.4067 [GMT -4:00]
Running from: c:\users\Veruni\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-10 18:22 . 2012-08-10 18:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-10 04:34 . 2012-08-10 04:35 -------- d-----w- c:\program files (x86)\Google
2012-08-10 04:34 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-10 04:34 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-10 04:34 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-10 04:34 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-10 04:34 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-10 04:34 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-10 04:34 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-10 04:33 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-10 04:33 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-10 04:33 . 2012-08-10 04:33 -------- d-----w- c:\programdata\AVAST Software
2012-08-10 04:33 . 2012-08-10 04:33 -------- d-----w- c:\program files\AVAST Software
2012-08-06 19:19 . 2012-08-06 19:19 -------- d-----w- c:\windows\lhsp
2012-08-06 19:18 . 2012-08-06 19:18 -------- d-----w- c:\program files (x86)\CFS-Technologies
2012-08-04 09:48 . 2012-08-04 09:48 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-04 08:13 . 2012-08-04 08:13 -------- d-----w- c:\users\Veruni\AppData\Roaming\Malwarebytes
2012-08-04 08:13 . 2012-08-04 08:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-04 08:13 . 2012-08-04 08:13 -------- d-----w- c:\programdata\Malwarebytes
2012-08-04 08:13 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-03 08:56 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D66C50EA-5093-45BD-946D-FB51486FD601}\mpengine.dll
2012-07-30 02:35 . 2012-07-30 02:35 -------- d-----w- c:\program files\HyperCam 2
2012-07-26 18:00 . 2009-09-04 21:44 73544 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-07-26 17:58 . 2012-07-26 17:59 -------- d--h--w- c:\windows\msdownld.tmp
2012-07-18 23:48 . 2012-08-10 04:37 -------- d-----w- c:\users\Veruni\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 05:15 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-08-03 05:17 . 2012-03-29 03:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 05:17 . 2012-03-24 17:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-12 03:02 . 2012-07-11 07:04 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:30 . 2012-07-11 06:56 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 05:50 . 2012-07-11 06:56 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:50 . 2012-07-11 06:56 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:09 . 2012-07-11 06:56 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-11 06:56 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-02 22:19 . 2012-06-21 19:27 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 19:27 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 19:27 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 19:27 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 19:27 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 19:27 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 19:27 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 19:27 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 19:27 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-11 07:00 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 07:00 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 07:00 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 07:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 07:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 07:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 07:01 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 07:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 07:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 07:00 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 07:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 07:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 07:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 07:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 07:00 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 07:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 07:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 07:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 07:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:38 . 2012-07-11 06:56 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:38 . 2012-07-11 06:56 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:37 . 2012-07-11 06:56 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:27 . 2012-07-11 06:56 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:27 . 2012-07-11 06:56 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:48 . 2012-07-11 06:56 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:48 . 2012-07-11 06:56 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:47 . 2012-07-11 06:56 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:42 . 2012-07-11 06:56 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 16:25 . 2012-03-24 17:48 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-26 20:01 . 2010-03-03 06:04 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-26 20:01 . 2010-03-03 06:04 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2009-05-15 02:15 . 2009-05-15 02:15 5719400 ----a-w- c:\program files\Common Files\adlmint_libFNP.dll
2009-05-15 02:15 . 2009-05-15 02:15 4397928 ----a-w- c:\program files\Common Files\adlmint.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-04_22.55.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-08-10 18:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-04 10:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-04 10:30 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-10 18:26 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-04 10:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-10 18:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-24 17:32 . 2012-08-10 18:25 36436 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-10 18:25 34034 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-03-24 17:27 . 2012-08-04 10:02 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-24 17:27 . 2012-08-07 16:29 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-04 10:02 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-07 16:29 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 1999-01-12 15:35 . 1999-01-12 15:35 53760 c:\windows\Speech\WrapSAPI.dll
+ 1998-09-24 19:15 . 1998-09-24 19:15 40960 c:\windows\lhsp\tv\tvenuax.dll
+ 2012-08-10 04:39 . 2012-08-10 04:39 25600 c:\windows\Installer\1af72ecf.msi
- 2012-03-27 07:17 . 2012-08-04 10:28 6934 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-03-27 07:17 . 2012-08-10 17:39 6934 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-03-24 18:30 . 2012-08-10 18:25 6426 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1700804395-3559298931-3066016950-1000_UserData.bin
- 2012-08-04 22:54 . 2012-08-04 22:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-10 18:23 . 2012-08-10 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-04 22:54 . 2012-08-04 22:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-10 18:23 . 2012-08-10 18:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 1999-01-12 15:39 . 1999-01-12 15:39 6656 c:\windows\delttsul.exe
+ 1997-01-23 01:26 . 1997-01-23 01:26 565760 c:\windows\SysWOW64\msvcp50.dll
+ 2009-07-14 02:36 . 2012-08-08 12:30 623940 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-26 18:00 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-08 12:30 106316 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-26 18:00 106316 c:\windows\system32\perfc009.dat
+ 2012-03-24 17:27 . 2012-08-07 16:29 262144 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-24 17:27 . 2012-08-04 10:02 262144 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 1999-01-12 19:19 . 1999-01-12 19:19 195584 c:\windows\Speech\Xvoice.dll
+ 1999-01-12 19:19 . 1999-01-12 19:19 203776 c:\windows\Speech\XTel.Dll
+ 1999-01-12 19:19 . 1999-01-12 19:19 208896 c:\windows\Speech\Xlisten.dll
+ 1999-01-12 19:19 . 1999-01-12 19:19 128000 c:\windows\Speech\Xcommand.dll
+ 1999-01-12 19:19 . 1999-01-12 19:19 173056 c:\windows\Speech\VText.dll
+ 1999-01-12 19:19 . 1999-01-12 19:19 179712 c:\windows\Speech\Vdict.dll
+ 1999-01-12 19:19 . 1999-01-12 19:19 156160 c:\windows\Speech\vcmshl.dll
+ 1999-01-12 19:09 . 1999-01-12 19:09 380928 c:\windows\Speech\vcmd.exe
+ 1999-01-12 19:19 . 1999-01-12 19:19 562176 c:\windows\Speech\speech.dll
+ 1999-01-12 19:19 . 1999-01-12 19:19 248832 c:\windows\Speech\spchtel.dll
- 2009-07-14 05:01 . 2012-08-04 10:28 377456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-10 18:22 377456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-24 18:26 . 2012-08-10 17:39 1971864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1700804395-3559298931-3066016950-1000-12288.dat
- 2012-03-24 18:26 . 2012-07-24 22:29 1971864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1700804395-3559298931-3066016950-1000-12288.dat
+ 1998-09-30 14:09 . 1998-09-30 14:09 1276416 c:\windows\lhsp\tv\tv_enua.dll
+ 2009-07-14 02:34 . 2012-08-10 07:35 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-08-04 12:49 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-03-24 18:26 . 2012-08-10 18:22 39292612 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1700804395-3559298931-3066016950-1000-8192.dat
- 2012-03-24 18:26 . 2012-08-04 10:29 39292612 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1700804395-3559298931-3066016950-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Veruni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Veruni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Veruni\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-04 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-03 98304]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"WinampAgent"="c:\program files (x86)\Winamp\Winampa.exe" [2012-04-13 24576]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-05-26 296056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\users\Veruni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Veruni\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-28 1315592]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-26 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-02 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-02-02 6366720]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-02-02 186880]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-12-19 852256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 05:17]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 04:34]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 04:34]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1700804395-3559298931-3066016950-1000Core.job
- c:\users\Veruni\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-18 23:48]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1700804395-3559298931-3066016950-1000UA.job
- c:\users\Veruni\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-18 23:48]
.
2012-07-28 c:\windows\Tasks\HPCeeScheduleForVeruni.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
2012-07-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2010-02-01 23:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Veruni\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Veruni\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Veruni\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Veruni\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\Veruni\AppData\Roaming\Mozilla\Firefox\Profiles\fdywu1fw.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1700804395-3559298931-3066016950-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1700804395-3559298931-3066016950-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1700804395-3559298931-3066016950-1000\Software\SecuROM\License information*]
"datasecu"=hex:74,02,14,74,fd,cf,c0,27,00,f6,d1,90,73,83,f8,c4,92,d7,f2,2d,bf,
41,5a,f6,18,49,2f,96,25,02,05,a7,92,3b,8a,c7,b6,66,84,05,8f,2c,d5,e2,40,51,\
"rkeysecu"=hex:b4,06,60,55,9c,c2,0d,e3,6d,1b,da,33,95,9b,ba,bf
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\IObit\Game Booster 3\gbtray.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-08-10 14:40:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-10 18:40
ComboFix2.txt 2012-08-04 23:01
.
Pre-Run: 297,453,944,832 bytes free
Post-Run: 297,048,842,240 bytes free
.
- - End Of File - - 4B57A9BC53EE7229F3C129D39CC03A65

 

[Broni]

Looks good.

Is MBAM still complaining?

========================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[BlackScardonia]

Actually, the popups have stopped. I'm still concerned because some sites take a long time to load, though.

OTL did not create an Extras log. Just the OTL.txt.

OTL logfile created on: 8/10/2012 3:12:51 PM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Veruni\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.74 Gb Total Physical Memory | 4.37 Gb Available Physical Memory | 76.08% Memory free
11.48 Gb Paging File | 10.15 Gb Available in Paging File | 88.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.75 Gb Total Space | 276.71 Gb Free Space | 30.09% Space Free | Partition Type: NTFS
Drive D: | 11.48 Gb Total Space | 1.39 Gb Free Space | 12.08% Space Free | Partition Type: NTFS
Drive J: | 298.09 Gb Total Space | 136.23 Gb Free Space | 45.70% Space Free | Partition Type: NTFS

Computer Name: THELUCKYONE | User Name: Veruni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Veruni\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Users\Veruni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe (IObit)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys (OpenLibSys.org)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4AC3D5A1-8855-4991-AC09-3DD80359A7DB}
IE:64bit: - HKLM\..\SearchScopes\{06C11803-197F-4657-8057-649EC3ED39E7}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{4AC3D5A1-8855-4991-AC09-3DD80359A7DB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {4AC3D5A1-8855-4991-AC09-3DD80359A7DB}
IE - HKLM\..\SearchScopes\{06C11803-197F-4657-8057-649EC3ED39E7}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{4AC3D5A1-8855-4991-AC09-3DD80359A7DB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1700804395-3559298931-3066016950-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-1700804395-3559298931-3066016950-1000\..\SearchScopes,DefaultScope = {4AC3D5A1-8855-4991-AC09-3DD80359A7DB}
IE - HKU\S-1-5-21-1700804395-3559298931-3066016950-1000\..\SearchScopes\{06C11803-197F-4657-8057-649EC3ED39E7}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-1700804395-3559298931-3066016950-1000\..\SearchScopes\{4AC3D5A1-8855-4991-AC09-3DD80359A7DB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1700804395-3559298931-3066016950-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1700804395-3559298931-3066016950-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Veruni\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Veruni\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Veruni\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Veruni\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/19 15:36:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/26 16:01:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/10 00:33:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 16:54:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/19 15:36:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 16:54:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/03/24 13:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Veruni\AppData\Roaming\Mozilla\Extensions
[2012/08/04 01:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Veruni\AppData\Roaming\Mozilla\Firefox\Profiles\fdywu1fw.default\extensions
[2012/04/25 23:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/24 13:52:05 | 000,097,169 | ---- | M] () (No name found) -- C:\USERS\VERUNI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FDYWU1FW.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
[2012/07/18 16:54:58 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/06 17:51:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/06 17:51:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: avast! WebRep = C:\Users\Veruni\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Veruni\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2012/08/10 14:24:22 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\Winampa.exe ()
O4 - HKU\S-1-5-21-1700804395-3559298931-3066016950-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKU\S-1-5-21-1700804395-3559298931-3066016950-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Veruni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Veruni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1700804395-3559298931-3066016950-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1700804395-3559298931-3066016950-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{452AA06E-271D-43C8-AD8B-E8429C5EDAF1}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/09 07:20:05 | 000,000,000 | ---D | M] - J:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/10 15:12:10 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Veruni\Desktop\OTL.exe
[2012/08/10 13:17:31 | 000,000,000 | ---D | C] -- C:\Users\Veruni\Documents\[Active] - Malwarebytes malicious IP address popups - TechSpot Forums_files
[2012/08/10 13:16:15 | 004,728,003 | R--- | C] (Swearware) -- C:\Users\Veruni\Desktop\ComboFix.exe
[2012/08/10 12:48:21 | 001,118,624 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Veruni\Desktop\rkill.exe
[2012/08/10 00:41:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Veruni\Desktop\dds.com
[2012/08/10 00:35:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/10 00:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/08/10 00:34:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/10 00:34:32 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/10 00:34:31 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/10 00:34:19 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/10 00:34:16 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/10 00:34:12 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/10 00:34:06 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/10 00:34:05 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/10 00:33:38 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/10 00:33:37 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/10 00:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/08/10 00:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/08 04:23:55 | 000,000,000 | ---D | C] -- C:\Users\Veruni\Documents\Jaffar_files
[2012/08/06 15:19:02 | 000,000,000 | ---D | C] -- C:\Windows\lhsp
[2012/08/06 15:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CFS-Technologies
[2012/08/06 15:18:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CFS-Technologies
[2012/08/04 19:48:06 | 000,000,000 | ---D | C] -- C:\Users\Veruni\Documents\2667937729_files
[2012/08/04 18:53:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/04 06:11:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/04 06:11:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/04 06:11:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/04 05:48:56 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/08/04 05:39:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/04 05:39:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/04 04:13:13 | 000,000,000 | ---D | C] -- C:\Users\Veruni\AppData\Roaming\Malwarebytes
[2012/08/04 04:13:00 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/04 04:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/04 04:13:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/04 04:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/29 22:35:06 | 000,000,000 | ---D | C] -- C:\Users\Veruni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2
[2012/07/29 22:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam 2
[2012/07/26 13:58:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012/07/18 19:48:59 | 000,000,000 | ---D | C] -- C:\Users\Veruni\AppData\Local\Google
[2009/05/14 22:15:24 | 005,719,400 | ---- | C] (Acresso Software Inc.) -- C:\Program Files\Common Files\adlmint_libFNP.dll
[2009/05/14 22:15:24 | 004,397,928 | ---- | C] (Autodesk) -- C:\Program Files\Common Files\adlmint.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\SysNative\
[2012/08/10 15:12:10 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Veruni\Desktop\OTL.exe
[2012/08/10 14:59:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1700804395-3559298931-3066016950-1000UA.job
[2012/08/10 14:44:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/10 14:31:18 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/10 14:31:18 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/10 14:24:22 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/10 14:24:05 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/10 14:23:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/10 14:23:48 | 329,166,847 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/10 14:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/10 13:17:32 | 000,212,211 | ---- | M] () -- C:\Users\Veruni\Documents\[Active] - Malwarebytes malicious IP address popups - TechSpot Forums.htm
[2012/08/10 13:16:16 | 004,728,003 | R--- | M] (Swearware) -- C:\Users\Veruni\Desktop\ComboFix.exe
[2012/08/10 12:54:52 | 000,000,512 | ---- | M] () -- C:\Users\Veruni\Desktop\MBR.dat
[2012/08/10 12:48:22 | 001,118,624 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Veruni\Desktop\rkill.exe
[2012/08/10 00:41:42 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Veruni\Desktop\dds.com
[2012/08/10 00:41:27 | 000,302,592 | ---- | M] () -- C:\Users\Veruni\Desktop\slyglhji.exe
[2012/08/10 00:35:19 | 000,002,245 | ---- | M] () -- C:\Users\Veruni\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/10 00:34:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/09 19:59:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1700804395-3559298931-3066016950-1000Core.job
[2012/08/08 08:30:10 | 000,726,142 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/08 08:30:10 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/08 08:30:10 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/08 08:13:06 | 013,530,294 | ---- | M] () -- C:\Users\Veruni\Documents\doing prince penguin ms sam.wav
[2012/08/08 04:23:55 | 000,098,007 | ---- | M] () -- C:\Users\Veruni\Documents\Jaffar.htm
[2012/08/07 19:39:56 | 000,013,074 | ---- | M] () -- C:\Users\Veruni\.recently-used.xbel
[2012/08/07 18:36:00 | 000,108,037 | ---- | M] () -- C:\Users\Veruni\Documents\2667937729.htm
[2012/08/06 15:18:59 | 000,002,184 | ---- | M] () -- C:\Users\Veruni\Application Data\Microsoft\Internet Explorer\Quick Launch\Speakonia.lnk
[2012/07/31 14:14:39 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/07/30 00:24:31 | 002,241,944 | ---- | M] () -- C:\Users\Veruni\Documents\clip0001.avi.sfk
[2012/07/27 21:26:03 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForVeruni.job
[2012/07/26 13:58:07 | 000,208,235 | ---- | M] () -- C:\Windows\hpoins43.dat
[2012/07/13 05:11:27 | 575,232,757 | ---- | M] () -- C:\Users\Veruni\Documents\Spore - Epic Bret!.wmv
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Windows\SysNative\
[2012/08/10 13:17:31 | 000,212,211 | ---- | C] () -- C:\Users\Veruni\Documents\[Active] - Malwarebytes malicious IP address popups - TechSpot Forums.htm
[2012/08/10 12:54:52 | 000,000,512 | ---- | C] () -- C:\Users\Veruni\Desktop\MBR.dat
[2012/08/10 00:41:22 | 000,302,592 | ---- | C] () -- C:\Users\Veruni\Desktop\slyglhji.exe
[2012/08/10 00:35:19 | 000,002,245 | ---- | C] () -- C:\Users\Veruni\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/10 00:34:46 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/10 00:34:44 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/10 00:34:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/08/08 08:12:26 | 013,530,294 | ---- | C] () -- C:\Users\Veruni\Documents\doing prince penguin ms sam.wav
[2012/08/08 04:23:54 | 000,098,007 | ---- | C] () -- C:\Users\Veruni\Documents\Jaffar.htm
[2012/08/07 19:39:56 | 000,013,074 | ---- | C] () -- C:\Users\Veruni\.recently-used.xbel
[2012/08/06 15:18:59 | 000,002,184 | ---- | C] () -- C:\Users\Veruni\Application Data\Microsoft\Internet Explorer\Quick Launch\Speakonia.lnk
[2012/08/04 19:48:06 | 000,108,037 | ---- | C] () -- C:\Users\Veruni\Documents\2667937729.htm
[2012/08/04 06:11:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/04 06:11:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/04 06:11:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/04 06:11:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/04 06:11:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/30 00:23:11 | 002,241,944 | ---- | C] () -- C:\Users\Veruni\Documents\clip0001.avi.sfk
[2012/07/26 13:53:00 | 000,208,235 | ---- | C] () -- C:\Windows\hpoins43.dat
[2012/07/26 06:32:28 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2012/07/18 19:49:01 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1700804395-3559298931-3066016950-1000UA.job
[2012/07/18 19:49:00 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1700804395-3559298931-3066016950-1000Core.job
[2012/07/13 04:42:56 | 575,232,757 | ---- | C] () -- C:\Users\Veruni\Documents\Spore - Epic Bret!.wmv
[2012/04/12 20:28:27 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini
[2012/04/06 15:35:00 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2012/04/06 15:27:55 | 000,000,132 | ---- | C] () -- C:\Users\Veruni\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2012/04/06 15:06:23 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/03/25 18:13:08 | 000,002,048 | -HS- | C] () -- C:\Users\Veruni\AppData\Local\{e4d0d6a1-d39e-1e76-641d-29452484c818}\@

========== LOP Check ==========

[2012/06/12 15:46:15 | 000,000,000 | ---D | M] -- C:\Users\Veruni\AppData\Roaming\Audacity
[2012/04/27 20:39:00 | 000,000,000 | ---D | M] -- C:\Users\Veruni\AppData\Roaming\Autodesk
[2012/04/06 13:52:48 | 000,000,000 | ---D | M] -- C:\Users\Veruni\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/08/10 14:25:16 | 000,000,000 | ---D | M] -- C:\Users\Veruni\AppData\Roaming\Dropbox
[2012/08/07 19:38:17 | 000,000,000 | ---D | M] -- C:\Users\Veruni\AppData\Roaming\gtk-2.0
[2012/05/05 14:53:57 | 000,000,000 | ---D | M] -- C:\Users\Veruni\AppData\Roaming\IrfanView
[2012/03/24 16:19:18 | 000,000,000 | ---D | M] -- C:\Users\Veruni\AppData\Roaming\Origin
[2012/03/24 18:02:25 | 000,000,000 | ---D | M] -- C:\Users\Veruni\AppData\Roaming\PhotoFiltre
[2012/03/24 13:36:46 | 000,000,000 | ---D | M] -- C:\Users\Veruni\AppData\Roaming\PictureMover
[2012/03/24 19:22:37 | 000,000,000 | ---D | M] -- C:\Users\Veruni\AppData\Roaming\Publish Providers
[2012/03/28 16:14:00 | 000,000,000 | ---D | M] -- C:\Users\Veruni\AppData\Roaming\Resource Tuner
[2012/03/24 19:22:31 | 000,000,000 | ---D | M] -- C:\Users\Veruni\AppData\Roaming\Sony
[2012/06/12 00:31:20 | 000,000,000 | ---D | M] -- C:\Users\Veruni\AppData\Roaming\SPORE
[2012/03/24 19:23:18 | 000,000,000 | ---D | M] -- C:\Users\Veruni\AppData\Roaming\SYSTEMAX Software Development
[2012/08/10 00:21:31 | 000,000,000 | ---D | M] -- C:\Users\Veruni\AppData\Roaming\uTorrent
[2012/07/31 14:14:39 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2009/07/14 01:08:49 | 000,008,874 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:888AFB86

< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:888AFB86
  
  :Services
  
  :Reg
  
  :Files
  C:\Users\Veruni\AppData\Local\{e4d0d6a1-d39e-1e76-641d-29452484c818}
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step run the fix from safe mode.

======================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[BlackScardonia]

After running that OTL script, Flash doesn't work anymore.

All processes killed
========== OTL ==========
ADS C:\ProgramData\Temp:888AFB86 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\Veruni\AppData\Local\{e4d0d6a1-d39e-1e76-641d-29452484c818}\U folder moved successfully.
C:\Users\Veruni\AppData\Local\{e4d0d6a1-d39e-1e76-641d-29452484c818}\L folder moved successfully.
C:\Users\Veruni\AppData\Local\{e4d0d6a1-d39e-1e76-641d-29452484c818} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Veruni
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 435705 bytes
->Java cache emptied: 3628061 bytes
->FireFox cache emptied: 179927538 bytes
->Google Chrome cache emptied: 6233172 bytes
->Flash cache emptied: 68215 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2226 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 51019805 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 230.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Veruni
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Veruni
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08102012_153616

Files\Folders moved on Reboot...
C:\Users\Veruni\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Veruni\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012/08/10 15:38:23 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 31
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 06-08-2012
Ran by Veruni (administrator) on 10-08-2012 at 15:54:58
Running from "C:\Users\Veruni\Downloads"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-03-25 18:14] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-12 06:00] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-12 17:27] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

ESET Online Scanner is currently scanning, and is taking a very long time, so I will post these first and include its log in my next reply.

 

[Broni]

When done with Eset....

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

=============================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

===============================

We have one corrupted registry key affecting Windows updates.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/

Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find several files inside.
Double click on bits.reg file and confirm the prompt.
Restart computer.
Post new FSS log.

 

[BlackScardonia]

Flash is still borked even after I installed the updated version as instructed. Here is the log for Eset.

C:\Qoobox\Quarantine\C\Windows\Installer\{e4d0d6a1-d39e-1e76-641d-29452484c818}\U\80000000.@.vir Win64/Sirefef.AL trojan
C:\System Recovery Files\2012-03-24 104124\D-OS\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientDic\index.html HTML/WhiteSmoke application
C:\System Recovery Files\2012-03-24 104124\D-OS\Users\Veruni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UAE4OKZ\software[1].htm HTML/ScrInject.B.Gen virus
C:\System Recovery Files\2012-03-24 104124\D-OS\Users\Veruni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FBZB0XD\software[1].htm HTML/ScrInject.B.Gen virus
C:\System Recovery Files\2012-03-24 104124\D-OS\Users\Veruni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQVNVHZB\software[1].htm HTML/ScrInject.B.Gen virus
C:\System Recovery Files\2012-03-24 104124\D-OS\Users\Veruni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNELD4J2\software[1].htm HTML/ScrInject.B.Gen virus
C:\System Recovery Files\2012-03-24 104124\D-OS\Users\Veruni\Downloads\PlayFLV.zip Win32/TrojanDownloader.Adload.NIQ trojan
C:\System Recovery Files\2012-03-24 112948\D-OS\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientDic\index.html HTML/WhiteSmoke application
C:\System Recovery Files\2012-03-24 112948\D-OS\Users\Veruni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UAE4OKZ\software[1].htm HTML/ScrInject.B.Gen virus
C:\System Recovery Files\2012-03-24 112948\D-OS\Users\Veruni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FBZB0XD\software[1].htm HTML/ScrInject.B.Gen virus
C:\System Recovery Files\2012-03-24 112948\D-OS\Users\Veruni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQVNVHZB\software[1].htm HTML/ScrInject.B.Gen virus
C:\System Recovery Files\2012-03-24 112948\D-OS\Users\Veruni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNELD4J2\software[1].htm HTML/ScrInject.B.Gen virus
C:\System Recovery Files\2012-03-24 112948\D-OS\Users\Veruni\Downloads\PlayFLV.zip Win32/TrojanDownloader.Adload.NIQ trojan
C:\System Recovery Files\2012-03-24 120952\D-OS\Program Files (x86)\WhiteSmokeTranslator\html\english\dictClientDic\index.html HTML/WhiteSmoke application
C:\System Recovery Files\2012-03-24 120952\D-OS\Users\Veruni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UAE4OKZ\software[1].htm HTML/ScrInject.B.Gen virus
C:\System Recovery Files\2012-03-24 120952\D-OS\Users\Veruni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FBZB0XD\software[1].htm HTML/ScrInject.B.Gen virus
C:\System Recovery Files\2012-03-24 120952\D-OS\Users\Veruni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQVNVHZB\software[1].htm HTML/ScrInject.B.Gen virus
C:\System Recovery Files\2012-03-24 120952\D-OS\Users\Veruni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RNELD4J2\software[1].htm HTML/ScrInject.B.Gen virus
C:\System Recovery Files\2012-03-24 120952\D-OS\Users\Veruni\Downloads\PlayFLV.zip Win32/TrojanDownloader.Adload.NIQ trojan
C:\Users\Veruni\Downloads\PlayFLV.zip Win32/TrojanDownloader.Adload.NIQ trojan
C:\Users\Veruni\Downloads\YouTubeDownloaderSetup35.exe Win32/Toolbar.Widgi application
J:\Laptop Files\Downloads\HC2Setup64.exe Win32/Somoto application
J:\Laptop Files\Downloads\SoftonicDownloader34294(2).exe a variant of Win32/SoftonicDownloader.A application
J:\Laptop Files\Downloads\SoftonicDownloader34294.exe a variant of Win32/SoftonicDownloader.A application
J:\Laptop Files\Downloads\windows.7.codec.pack.v2.6.1.setup.exe Win32/Toolbar.Widgi application
J:\Laptop Files\Downloads\YouTubeDownloaderSetup272.exe a variant of Win32/Toolbar.Widgi application
J:\Laptop Files\Downloads\YouTubeDownloaderSetup32.exe a variant of Win32/Toolbar.Widgi application
J:\Laptop Files\Downloads\FL Studio 9 XXL Producer Edition\FL Studio 9 XXL Producer Edition.rar Win32/BadJoke.F trojan
J:\New Desktop Files\Downloads\PlayFLV.zip Win32/TrojanDownloader.Adload.NIQ trojan
J:\Old Desktop Files\Extra Stuff\Stuff\More Stuff\Hacks and Hacking Stuff\Poketronic\pttrosetup2.exe probably a variant of Win32/IRCBot.DRCUEUW trojan

I will now apply the registry fix and run FSS after the reboot.

 

[BlackScardonia]

Here is the FSS log. After trying other browsers, it seems that Flash is only broken with Firefox. Should I reinstall my browser?

Farbar Service Scanner Version: 06-08-2012
Ran by Veruni (administrator) on 10-08-2012 at 20:43:04
Running from "C:\Users\Veruni\Downloads"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-03-25 18:14] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-12 06:00] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-12 17:27] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

[Broni]

Flash is still borked even after I installed the updated version as instructed.

Details please.

 

[BlackScardonia]

Flash doesn't work at all in Mozilla Firefox. It does work in other browsers, however.

Also, my computer is plodding along remarkably slowly since I applied that registry fix and restarted it. It also took a good minute or so for the desktop to appear; after the Welcome splash screen, it was at an all-black screen with nothing but my cursor.

 

[Broni]

Uninstall Firefox completely using this guide: http://kb.mozillazine.org/Uninstalling_Firefox
Install fresh copy.

 

[BlackScardonia]

Flash still does not work with Firefox even after I followed those directions. And my computer is still outrageously slow.

 

[Broni]

What actually is slow?

Uninstall Flash using this tool: http://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html
Install fresh copy.

 

[BlackScardonia]

Doing another complete reinstall of both Firefox and Flash resolved the problem.

The lag was a problem with Firefox, apparently, since it went away after doing the complete reinstall.

 

[Broni]

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[BlackScardonia]

Thank you for the help

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Veruni
->Temp folder emptied: 4343362 bytes
->Temporary Internet Files folder emptied: 1177323 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 335242930 bytes
->Google Chrome cache emptied: 362708565 bytes
->Flash cache emptied: 1828 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26179 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1706544 bytes

Total Files Cleaned = 673.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Veruni
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Veruni
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.56.0 log created on 08112012_200310

Files\Folders moved on Reboot...
C:\Users\Veruni\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Veruni\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012/08/11 20:06:56 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...