promethian
-
Posts
9 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by promethian
-
-
The Scan hung at 49% and I had to restart, but here is the log:
C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\ireyln.dll.vir a variant of Win32/Medfos.AD trojan
C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\n.vir Win64/Sirefef.W trojan
C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\L\80000032.@.vir probably a variant of Win32/Sirefef.EU trojan
C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\U\00000008.@.vir Win64/Agent.BA trojan
C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\U\80000000.@.vir Win64/Sirefef.AE trojan
C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\U\80000032.@.vir probably a variant of Win32/Sirefef.EU trojan
C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\U\80000064.@.vir Win64/Sirefef.AE trojan
C:\Users\Hot Blonde Babe\Desktop\SoftonicDownloader_for_itunes.exe a variant of Win32/SoftonicDownloader.A application
-
Thanks for all the help BTW... I have made a small donation to help you continue to do this fine work for luddites like me!
No issues with these steps, or so far with the computer symptoms. for the CCcleaner, there were some menu items greyed out that I couldn't checkmark.
Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.17.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Scott :: SCOTT-PC [administrator]
Protection: Enabled
17/06/2012 5:52:19 PM
mbam-log-2012-06-17 (17-52-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235741
Time elapsed: 1 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:04:40 PM, on 17/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
Q:\140061.enu\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4831&r=17360410p416p0435v185k44m1r575
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - Startup: Dropbox.lnk = Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.114.238.141/activex/AxisCamControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: intu-tt2010 - {97A0575E-2309-4E75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll
O18 - Protocol: intu-tt2011 - {B3B5DAD9-E96D-45B4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
O23 - Service: USBS3S4Detection - Unknown owner - C:\OEM\USBDECTION\USBS3S4Detection.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13947 bytes
-
No issues running the program, so far no symptoms of the virus/malware. Here is the log:
ComboFix 12-06-16.02 - Scott 17/06/2012 15:35:15.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8151.5593 [GMT -7:00]
Running from: c:\users\Scott\Downloads\ComboFix.exe
Command switches used :: c:\users\Scott\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\autoHost64.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\autoHost64.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-17 to 2012-06-17 )))))))))))))))))))))))))))))))
.
.
2012-06-17 22:40 . 2012-06-17 22:40 -------- d-----w- c:\users\Hot Blonde Babe\AppData\Local\temp
2012-06-17 22:40 . 2012-06-17 22:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-16 22:48 . 2012-06-16 22:48 -------- d-----w- c:\programdata\HP Photo Creations
2012-06-16 22:48 . 2012-06-16 22:48 -------- d-----w- c:\program files (x86)\HP Photo Creations
2012-06-16 22:48 . 2012-06-16 22:48 -------- d-----w- c:\users\Scott\AppData\Roaming\HpUpdate
2012-06-16 22:47 . 2012-06-16 22:47 -------- d-----w- c:\programdata\HP Product Assistant
2012-06-16 22:28 . 2012-06-16 22:28 -------- d-----w- c:\windows\Hewlett-Packard
2012-06-16 22:16 . 2012-06-16 22:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-16 17:17 . 2012-06-16 17:21 -------- d-----w- c:\programdata\PLAV
2012-06-16 17:17 . 2012-06-16 17:17 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2012-06-16 15:35 . 2012-06-16 15:35 -------- d-----w- c:\windows\system32\Macromed
2012-06-15 10:37 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01FC08EE-DB8E-43EA-A4F6-892949FB4D26}\mpengine.dll
2012-06-12 07:44 . 2012-06-12 07:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-12 07:44 . 2012-05-09 19:21 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-30 23:55 . 2012-05-30 23:55 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes
2012-05-30 23:55 . 2012-05-30 23:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-30 23:55 . 2012-05-30 23:55 -------- d-----w- c:\programdata\Malwarebytes
2012-05-30 23:55 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-30 23:36 . 2012-05-30 23:36 -------- d-----w- c:\programdata\B7E8587100017DC3000BDF33B4EB2367
2012-05-30 23:36 . 2012-05-31 00:36 -------- d-----w- c:\users\Scott\AppData\Local\CMI
2012-05-30 13:19 . 2012-06-16 15:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-30 13:19 . 2012-06-16 15:35 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-22 01:48 . 2012-05-22 01:48 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 19:21 . 2010-07-06 15:57 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-03-30 11:35 . 2012-05-12 08:18 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-17_16.56.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-06-17 18:49 34428 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-15 17:18 . 2012-06-17 18:49 15080 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4185144697-2658366279-3439496175-1001_UserData.bin
+ 2009-07-14 04:46 . 2012-06-17 17:02 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-06-17 16:54 . 2012-06-17 16:54 3035 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-06-17 22:40 . 2012-06-17 22:40 3035 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-04-25 23:18 . 2012-06-17 18:46 1604 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-06-17 16:55 . 2012-06-17 16:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-17 22:41 . 2012-06-17 22:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-17 22:41 . 2012-06-17 22:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-17 16:55 . 2012-06-17 16:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-15 23:37 . 2012-06-17 18:46 316062 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-06-16 23:06 628866 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-17 18:52 628866 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-17 18:52 110792 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-16 23:06 110792 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-06-17 22:40 311980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-17 16:54 311980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-01-22 08:57 . 2012-06-17 22:40 26882956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4185144697-2658366279-3439496175-1001-8192.dat
- 2011-01-22 08:57 . 2012-06-17 16:54 26882956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4185144697-2658366279-3439496175-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-01 39408]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-12 244480]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-20 98304]
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
.
c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE [2012-1-4 3208032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257224]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-12 62208]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 15:35]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 20:36]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 20:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4831&r=17360410p416p0435v185k44m1r575
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files (x86)\TurboTax 2011\ic2011pp.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-06-17 15:46:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-17 22:46
ComboFix2.txt 2012-06-17 17:06
.
Pre-Run: 794,524,135,424 bytes free
Post-Run: 794,382,938,112 bytes free
.
- - End Of File - - 82582CBFA81B361663F0F193AD5BB3EB
-
OK... here are the logs. No reboot was needed for TDSSKiller and no suspicious files were found. aswMBR did find infected files but I did not select the "fix" button as it was not in the instructions, log included:
12:24:04.0356 5480 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
12:24:04.0746 5480 ============================================================
12:24:04.0746 5480 Current date / time: 2012/06/17 12:24:04.0746
12:24:04.0746 5480 SystemInfo:
12:24:04.0746 5480
12:24:04.0746 5480 OS Version: 6.1.7601 ServicePack: 1.0
12:24:04.0746 5480 Product type: Workstation
12:24:04.0746 5480 ComputerName: SCOTT-PC
12:24:04.0746 5480 UserName: Scott
12:24:04.0746 5480 Windows directory: C:\Windows
12:24:04.0746 5480 System windows directory: C:\Windows
12:24:04.0746 5480 Running under WOW64
12:24:04.0746 5480 Processor architecture: Intel x64
12:24:04.0746 5480 Number of processors: 4
12:24:04.0746 5480 Page size: 0x1000
12:24:04.0746 5480 Boot type: Normal boot
12:24:04.0746 5480 ============================================================
12:24:05.0026 5480 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:24:05.0089 5480 ============================================================
12:24:05.0089 5480 \Device\Harddisk0\DR0:
12:24:05.0089 5480 MBR partitions:
12:24:05.0089 5480 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2200800, BlocksNum 0x32000
12:24:05.0089 5480 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2232800, BlocksNum 0x724D3800
12:24:05.0089 5480 ============================================================
12:24:05.0104 5480 C: <-> \Device\Harddisk0\DR0\Partition1
12:24:05.0104 5480 ============================================================
12:24:05.0104 5480 Initialize success
12:24:05.0104 5480 ============================================================
12:24:09.0940 5140 ============================================================
12:24:09.0940 5140 Scan started
12:24:09.0940 5140 Mode: Manual;
12:24:09.0940 5140 ============================================================
12:24:10.0393 5140 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:24:10.0408 5140 1394ohci - ok
12:24:10.0455 5140 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:24:10.0455 5140 ACPI - ok
12:24:10.0486 5140 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:24:10.0486 5140 AcpiPmi - ok
12:24:10.0564 5140 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:24:10.0564 5140 AdobeARMservice - ok
12:24:10.0674 5140 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:24:10.0674 5140 AdobeFlashPlayerUpdateSvc - ok
12:24:10.0752 5140 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:24:10.0752 5140 adp94xx - ok
12:24:10.0783 5140 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:24:10.0798 5140 adpahci - ok
12:24:10.0814 5140 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:24:10.0814 5140 adpu320 - ok
12:24:10.0830 5140 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:24:10.0830 5140 AeLookupSvc - ok
12:24:10.0892 5140 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:24:10.0892 5140 AFD - ok
12:24:10.0939 5140 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:24:10.0939 5140 agp440 - ok
12:24:10.0986 5140 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:24:10.0986 5140 ALG - ok
12:24:11.0001 5140 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:24:11.0001 5140 aliide - ok
12:24:11.0032 5140 AMD External Events Utility (0fe0ec32ff5d33017405c465239c0441) C:\Windows\system32\atiesrxx.exe
12:24:11.0048 5140 AMD External Events Utility - ok
12:24:11.0048 5140 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:24:11.0048 5140 amdide - ok
12:24:11.0079 5140 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:24:11.0079 5140 AmdK8 - ok
12:24:11.0079 5140 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:24:11.0079 5140 AmdPPM - ok
12:24:11.0142 5140 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:24:11.0142 5140 amdsata - ok
12:24:11.0157 5140 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:24:11.0157 5140 amdsbs - ok
12:24:11.0188 5140 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:24:11.0188 5140 amdxata - ok
12:24:11.0251 5140 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:24:11.0251 5140 AppID - ok
12:24:11.0282 5140 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:24:11.0282 5140 AppIDSvc - ok
12:24:11.0313 5140 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:24:11.0313 5140 Appinfo - ok
12:24:11.0438 5140 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:24:11.0438 5140 Apple Mobile Device - ok
12:24:11.0485 5140 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:24:11.0485 5140 arc - ok
12:24:11.0516 5140 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:24:11.0516 5140 arcsas - ok
12:24:11.0532 5140 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:24:11.0532 5140 AsyncMac - ok
12:24:11.0563 5140 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:24:11.0563 5140 atapi - ok
12:24:11.0594 5140 AtiHdmiService (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
12:24:11.0594 5140 AtiHdmiService - ok
12:24:11.0922 5140 atikmdag (dbfadf1a452484a3d0e069866e26cc43) C:\Windows\system32\DRIVERS\atikmdag.sys
12:24:11.0968 5140 atikmdag - ok
12:24:12.0093 5140 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:24:12.0093 5140 AudioEndpointBuilder - ok
12:24:12.0093 5140 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:24:12.0109 5140 AudioSrv - ok
12:24:12.0156 5140 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:24:12.0156 5140 AxInstSV - ok
12:24:12.0187 5140 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:24:12.0202 5140 b06bdrv - ok
12:24:12.0218 5140 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:24:12.0234 5140 b57nd60a - ok
12:24:12.0249 5140 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:24:12.0249 5140 BDESVC - ok
12:24:12.0280 5140 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:24:12.0280 5140 Beep - ok
12:24:12.0343 5140 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:24:12.0358 5140 BFE - ok
12:24:12.0405 5140 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:24:12.0421 5140 BITS - ok
12:24:12.0452 5140 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:24:12.0452 5140 blbdrive - ok
12:24:12.0530 5140 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:24:12.0546 5140 Bonjour Service - ok
12:24:12.0577 5140 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:24:12.0592 5140 bowser - ok
12:24:12.0608 5140 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:24:12.0608 5140 BrFiltLo - ok
12:24:12.0608 5140 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:24:12.0624 5140 BrFiltUp - ok
12:24:12.0639 5140 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:24:12.0639 5140 BridgeMP - ok
12:24:12.0670 5140 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:24:12.0686 5140 Browser - ok
12:24:12.0702 5140 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:24:12.0702 5140 Brserid - ok
12:24:12.0717 5140 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:24:12.0717 5140 BrSerWdm - ok
12:24:12.0733 5140 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:24:12.0733 5140 BrUsbMdm - ok
12:24:12.0748 5140 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:24:12.0748 5140 BrUsbSer - ok
12:24:12.0748 5140 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:24:12.0764 5140 BTHMODEM - ok
12:24:12.0780 5140 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:24:12.0780 5140 bthserv - ok
12:24:12.0811 5140 catchme - ok
12:24:12.0842 5140 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:24:12.0842 5140 cdfs - ok
12:24:12.0873 5140 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:24:12.0873 5140 cdrom - ok
12:24:12.0904 5140 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:24:12.0920 5140 CertPropSvc - ok
12:24:12.0920 5140 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:24:12.0920 5140 circlass - ok
12:24:12.0967 5140 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:24:12.0967 5140 CLFS - ok
12:24:13.0014 5140 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:24:13.0014 5140 clr_optimization_v2.0.50727_32 - ok
12:24:13.0029 5140 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:24:13.0029 5140 clr_optimization_v2.0.50727_64 - ok
12:24:13.0076 5140 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:24:13.0076 5140 clr_optimization_v4.0.30319_32 - ok
12:24:13.0123 5140 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:24:13.0123 5140 clr_optimization_v4.0.30319_64 - ok
12:24:13.0138 5140 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:24:13.0138 5140 CmBatt - ok
12:24:13.0170 5140 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:24:13.0170 5140 cmdide - ok
12:24:13.0232 5140 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:24:13.0248 5140 CNG - ok
12:24:13.0248 5140 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:24:13.0248 5140 Compbatt - ok
12:24:13.0294 5140 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:24:13.0294 5140 CompositeBus - ok
12:24:13.0310 5140 COMSysApp - ok
12:24:13.0326 5140 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:24:13.0326 5140 crcdisk - ok
12:24:13.0372 5140 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
12:24:13.0372 5140 CryptSvc - ok
12:24:13.0497 5140 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:24:13.0497 5140 cvhsvc - ok
12:24:13.0560 5140 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:24:13.0575 5140 DcomLaunch - ok
12:24:13.0591 5140 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:24:13.0606 5140 defragsvc - ok
12:24:13.0638 5140 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:24:13.0638 5140 DfsC - ok
12:24:13.0669 5140 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:24:13.0669 5140 Dhcp - ok
12:24:13.0684 5140 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:24:13.0684 5140 discache - ok
12:24:13.0716 5140 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:24:13.0716 5140 Disk - ok
12:24:13.0747 5140 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:24:13.0762 5140 Dnscache - ok
12:24:13.0809 5140 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:24:13.0809 5140 dot3svc - ok
12:24:13.0856 5140 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
12:24:13.0856 5140 Dot4 - ok
12:24:13.0903 5140 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
12:24:13.0903 5140 Dot4Print - ok
12:24:13.0918 5140 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
12:24:13.0918 5140 dot4usb - ok
12:24:13.0950 5140 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:24:13.0950 5140 DPS - ok
12:24:13.0965 5140 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:24:13.0981 5140 drmkaud - ok
12:24:14.0043 5140 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:24:14.0043 5140 DXGKrnl - ok
12:24:14.0090 5140 e1kexpress (52a482dc61f24b498c8268866b90bb44) C:\Windows\system32\DRIVERS\e1k62x64.sys
12:24:14.0090 5140 e1kexpress - ok
12:24:14.0121 5140 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:24:14.0121 5140 EapHost - ok
12:24:14.0277 5140 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:24:14.0293 5140 ebdrv - ok
12:24:14.0386 5140 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:24:14.0386 5140 EFS - ok
12:24:14.0464 5140 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:24:14.0464 5140 ehRecvr - ok
12:24:14.0480 5140 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:24:14.0496 5140 ehSched - ok
12:24:14.0527 5140 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:24:14.0542 5140 elxstor - ok
12:24:14.0574 5140 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:24:14.0574 5140 ErrDev - ok
12:24:14.0605 5140 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:24:14.0620 5140 EventSystem - ok
12:24:14.0652 5140 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:24:14.0667 5140 exfat - ok
12:24:14.0683 5140 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:24:14.0698 5140 fastfat - ok
12:24:14.0761 5140 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:24:14.0761 5140 Fax - ok
12:24:14.0792 5140 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:24:14.0792 5140 fdc - ok
12:24:14.0808 5140 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:24:14.0808 5140 fdPHost - ok
12:24:14.0823 5140 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:24:14.0823 5140 FDResPub - ok
12:24:14.0839 5140 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:24:14.0839 5140 FileInfo - ok
12:24:14.0854 5140 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:24:14.0854 5140 Filetrace - ok
12:24:14.0870 5140 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:24:14.0870 5140 flpydisk - ok
12:24:14.0901 5140 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:24:14.0917 5140 FltMgr - ok
12:24:14.0979 5140 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:24:14.0995 5140 FontCache - ok
12:24:15.0057 5140 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:24:15.0057 5140 FontCache3.0.0.0 - ok
12:24:15.0088 5140 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:24:15.0088 5140 FsDepends - ok
12:24:15.0120 5140 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:24:15.0120 5140 Fs_Rec - ok
12:24:15.0166 5140 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:24:15.0166 5140 fvevol - ok
12:24:15.0198 5140 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:24:15.0198 5140 gagp30kx - ok
12:24:15.0291 5140 GameConsoleService (81c1eb203dd3f0c111fe2086bada2d67) C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
12:24:15.0291 5140 GameConsoleService - ok
12:24:15.0338 5140 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:24:15.0338 5140 GEARAspiWDM - ok
12:24:15.0400 5140 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:24:15.0416 5140 gpsvc - ok
12:24:15.0494 5140 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
12:24:15.0510 5140 Greg_Service - ok
12:24:15.0556 5140 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:24:15.0556 5140 gupdate - ok
12:24:15.0588 5140 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:24:15.0588 5140 gupdatem - ok
12:24:15.0603 5140 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:24:15.0603 5140 gusvc - ok
12:24:15.0681 5140 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:24:15.0681 5140 hcw85cir - ok
12:24:15.0744 5140 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:24:15.0744 5140 HdAudAddService - ok
12:24:15.0775 5140 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:24:15.0775 5140 HDAudBus - ok
12:24:15.0806 5140 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
12:24:15.0806 5140 HECIx64 - ok
12:24:15.0822 5140 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:24:15.0822 5140 HidBatt - ok
12:24:15.0822 5140 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:24:15.0822 5140 HidBth - ok
12:24:15.0837 5140 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:24:15.0837 5140 HidIr - ok
12:24:15.0853 5140 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:24:15.0868 5140 hidserv - ok
12:24:15.0868 5140 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:24:15.0868 5140 HidUsb - ok
12:24:15.0900 5140 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:24:15.0900 5140 hkmsvc - ok
12:24:15.0946 5140 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:24:15.0946 5140 HomeGroupListener - ok
12:24:15.0993 5140 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:24:15.0993 5140 HomeGroupProvider - ok
12:24:16.0118 5140 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
12:24:16.0118 5140 hpqcxs08 - ok
12:24:16.0134 5140 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
12:24:16.0134 5140 hpqddsvc - ok
12:24:16.0196 5140 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:24:16.0196 5140 HpSAMD - ok
12:24:16.0274 5140 HPSLPSVC (d4f91cf4de215d6f14a06087d46725e4) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
12:24:16.0290 5140 HPSLPSVC - ok
12:24:16.0352 5140 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:24:16.0352 5140 HTTP - ok
12:24:16.0383 5140 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:24:16.0383 5140 hwpolicy - ok
12:24:16.0430 5140 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:24:16.0430 5140 i8042prt - ok
12:24:16.0508 5140 IAANTMON (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:24:16.0508 5140 IAANTMON - ok
12:24:16.0524 5140 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
12:24:16.0539 5140 iaStor - ok
12:24:16.0586 5140 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:24:16.0586 5140 iaStorV - ok
12:24:16.0695 5140 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:24:16.0695 5140 idsvc - ok
12:24:16.0726 5140 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:24:16.0726 5140 iirsp - ok
12:24:16.0789 5140 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:24:16.0804 5140 IKEEXT - ok
12:24:16.0929 5140 IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys
12:24:16.0945 5140 IntcAzAudAddService - ok
12:24:17.0038 5140 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:24:17.0038 5140 intelide - ok
12:24:17.0070 5140 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:24:17.0070 5140 intelppm - ok
12:24:17.0085 5140 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:24:17.0085 5140 IPBusEnum - ok
12:24:17.0132 5140 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:24:17.0132 5140 IpFilterDriver - ok
12:24:17.0179 5140 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:24:17.0194 5140 iphlpsvc - ok
12:24:17.0210 5140 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:24:17.0210 5140 IPMIDRV - ok
12:24:17.0226 5140 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:24:17.0226 5140 IPNAT - ok
12:24:17.0350 5140 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
12:24:17.0366 5140 iPod Service - ok
12:24:17.0366 5140 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:24:17.0366 5140 IRENUM - ok
12:24:17.0397 5140 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:24:17.0397 5140 isapnp - ok
12:24:17.0413 5140 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:24:17.0413 5140 iScsiPrt - ok
12:24:17.0444 5140 JRAID (75ddb94a2a24f9f7037d10a2dda06d36) C:\Windows\system32\DRIVERS\jraid.sys
12:24:17.0444 5140 JRAID - ok
12:24:17.0460 5140 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:24:17.0460 5140 kbdclass - ok
12:24:17.0506 5140 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:24:17.0506 5140 kbdhid - ok
12:24:17.0522 5140 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:24:17.0522 5140 KeyIso - ok
12:24:17.0584 5140 kl1 (524503240d2ba280d97e2297102151ce) C:\Windows\system32\DRIVERS\kl1.sys
12:24:17.0584 5140 kl1 - ok
12:24:17.0616 5140 KLIF (6ab7b4b65c5e201cb968dec20af10dcb) C:\Windows\system32\DRIVERS\klif.sys
12:24:17.0616 5140 KLIF - ok
12:24:17.0647 5140 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:24:17.0647 5140 KSecDD - ok
12:24:17.0678 5140 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:24:17.0694 5140 KSecPkg - ok
12:24:17.0709 5140 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:24:17.0709 5140 ksthunk - ok
12:24:17.0740 5140 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:24:17.0756 5140 KtmRm - ok
12:24:17.0787 5140 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:24:17.0803 5140 LanmanServer - ok
12:24:17.0834 5140 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:24:17.0834 5140 LanmanWorkstation - ok
12:24:17.0865 5140 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:24:17.0865 5140 lltdio - ok
12:24:17.0896 5140 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:24:17.0896 5140 lltdsvc - ok
12:24:17.0912 5140 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:24:17.0912 5140 lmhosts - ok
12:24:17.0928 5140 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:24:17.0943 5140 LSI_FC - ok
12:24:17.0959 5140 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:24:17.0959 5140 LSI_SAS - ok
12:24:17.0974 5140 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:24:17.0974 5140 LSI_SAS2 - ok
12:24:17.0990 5140 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:24:17.0990 5140 LSI_SCSI - ok
12:24:18.0021 5140 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:24:18.0021 5140 luafv - ok
12:24:18.0052 5140 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
12:24:18.0052 5140 MBAMProtector - ok
12:24:18.0130 5140 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:24:18.0130 5140 MBAMService - ok
12:24:18.0162 5140 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:24:18.0162 5140 Mcx2Svc - ok
12:24:18.0193 5140 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:24:18.0193 5140 megasas - ok
12:24:18.0224 5140 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:24:18.0224 5140 MegaSR - ok
12:24:18.0240 5140 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:24:18.0255 5140 MMCSS - ok
12:24:18.0255 5140 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:24:18.0255 5140 Modem - ok
12:24:18.0271 5140 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:24:18.0271 5140 monitor - ok
12:24:18.0318 5140 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:24:18.0318 5140 mouclass - ok
12:24:18.0349 5140 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:24:18.0349 5140 mouhid - ok
12:24:18.0380 5140 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:24:18.0380 5140 mountmgr - ok
12:24:18.0411 5140 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:24:18.0427 5140 mpio - ok
12:24:18.0442 5140 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:24:18.0442 5140 mpsdrv - ok
12:24:18.0489 5140 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:24:18.0505 5140 MpsSvc - ok
12:24:18.0552 5140 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:24:18.0552 5140 MRxDAV - ok
12:24:18.0583 5140 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:24:18.0583 5140 mrxsmb - ok
12:24:18.0630 5140 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:24:18.0630 5140 mrxsmb10 - ok
12:24:18.0645 5140 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:24:18.0645 5140 mrxsmb20 - ok
12:24:18.0676 5140 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:24:18.0676 5140 msahci - ok
12:24:18.0708 5140 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:24:18.0723 5140 msdsm - ok
12:24:18.0739 5140 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:24:18.0739 5140 MSDTC - ok
12:24:18.0770 5140 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:24:18.0770 5140 Msfs - ok
12:24:18.0786 5140 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:24:18.0786 5140 mshidkmdf - ok
12:24:18.0801 5140 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:24:18.0801 5140 msisadrv - ok
12:24:18.0817 5140 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:24:18.0817 5140 MSiSCSI - ok
12:24:18.0832 5140 msiserver - ok
12:24:18.0848 5140 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:24:18.0848 5140 MSKSSRV - ok
12:24:18.0848 5140 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:24:18.0848 5140 MSPCLOCK - ok
12:24:18.0864 5140 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:24:18.0864 5140 MSPQM - ok
12:24:18.0910 5140 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:24:18.0910 5140 MsRPC - ok
12:24:18.0942 5140 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:24:18.0942 5140 mssmbios - ok
12:24:18.0973 5140 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:24:18.0973 5140 MSTEE - ok
12:24:18.0988 5140 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:24:18.0988 5140 MTConfig - ok
12:24:18.0988 5140 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:24:18.0988 5140 Mup - ok
12:24:19.0020 5140 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:24:19.0035 5140 napagent - ok
12:24:19.0051 5140 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:24:19.0066 5140 NativeWifiP - ok
12:24:19.0129 5140 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:24:19.0144 5140 NDIS - ok
12:24:19.0160 5140 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:24:19.0176 5140 NdisCap - ok
12:24:19.0191 5140 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:24:19.0191 5140 NdisTapi - ok
12:24:19.0222 5140 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:24:19.0222 5140 Ndisuio - ok
12:24:19.0269 5140 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:24:19.0269 5140 NdisWan - ok
12:24:19.0269 5140 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:24:19.0269 5140 NDProxy - ok
12:24:19.0378 5140 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
12:24:19.0394 5140 Nero BackItUp Scheduler 4.0 - ok
12:24:19.0441 5140 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
12:24:19.0456 5140 Net Driver HPZ12 - ok
12:24:19.0472 5140 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:24:19.0472 5140 NetBIOS - ok
12:24:19.0519 5140 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:24:19.0519 5140 NetBT - ok
12:24:19.0550 5140 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:24:19.0550 5140 Netlogon - ok
12:24:19.0597 5140 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:24:19.0612 5140 Netman - ok
12:24:19.0644 5140 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:24:19.0644 5140 netprofm - ok
12:24:19.0706 5140 netr28x (d66596db0a0739a89c25b590ce36d628) C:\Windows\system32\DRIVERS\netr28x.sys
12:24:19.0722 5140 netr28x - ok
12:24:19.0768 5140 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:24:19.0768 5140 NetTcpPortSharing - ok
12:24:19.0815 5140 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:24:19.0815 5140 nfrd960 - ok
12:24:19.0862 5140 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:24:19.0862 5140 NlaSvc - ok
12:24:19.0878 5140 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:24:19.0878 5140 Npfs - ok
12:24:19.0893 5140 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:24:19.0893 5140 nsi - ok
12:24:19.0909 5140 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:24:19.0909 5140 nsiproxy - ok
12:24:20.0002 5140 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:24:20.0018 5140 Ntfs - ok
12:24:20.0080 5140 NTI IScheduleSvc (bd691091ac7d9713d8f0b07c6b099e6c) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
12:24:20.0096 5140 NTI IScheduleSvc - ok
12:24:20.0158 5140 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
12:24:20.0158 5140 NTIDrvr - ok
12:24:20.0158 5140 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:24:20.0158 5140 Null - ok
12:24:20.0205 5140 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:24:20.0221 5140 nvraid - ok
12:24:20.0236 5140 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:24:20.0236 5140 nvstor - ok
12:24:20.0268 5140 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:24:20.0283 5140 nv_agp - ok
12:24:20.0299 5140 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:24:20.0299 5140 ohci1394 - ok
12:24:20.0361 5140 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:24:20.0361 5140 ose - ok
12:24:20.0611 5140 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:24:20.0626 5140 osppsvc - ok
12:24:20.0720 5140 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:24:20.0720 5140 p2pimsvc - ok
12:24:20.0751 5140 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:24:20.0751 5140 p2psvc - ok
12:24:20.0782 5140 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:24:20.0782 5140 Parport - ok
12:24:20.0814 5140 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:24:20.0814 5140 partmgr - ok
12:24:20.0829 5140 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:24:20.0845 5140 PcaSvc - ok
12:24:20.0876 5140 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:24:20.0876 5140 pci - ok
12:24:20.0876 5140 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:24:20.0892 5140 pciide - ok
12:24:20.0907 5140 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:24:20.0907 5140 pcmcia - ok
12:24:20.0923 5140 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:24:20.0923 5140 pcw - ok
12:24:20.0954 5140 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:24:20.0954 5140 PEAUTH - ok
12:24:21.0001 5140 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:24:21.0016 5140 PerfHost - ok
12:24:21.0126 5140 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:24:21.0141 5140 pla - ok
12:24:21.0188 5140 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:24:21.0188 5140 PlugPlay - ok
12:24:21.0235 5140 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
12:24:21.0235 5140 Pml Driver HPZ12 - ok
12:24:21.0250 5140 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:24:21.0250 5140 PNRPAutoReg - ok
12:24:21.0266 5140 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:24:21.0266 5140 PNRPsvc - ok
12:24:21.0328 5140 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:24:21.0328 5140 PolicyAgent - ok
12:24:21.0344 5140 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:24:21.0360 5140 Power - ok
12:24:21.0406 5140 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:24:21.0422 5140 PptpMiniport - ok
12:24:21.0422 5140 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:24:21.0422 5140 Processor - ok
12:24:21.0469 5140 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
12:24:21.0469 5140 ProfSvc - ok
12:24:21.0500 5140 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:24:21.0500 5140 ProtectedStorage - ok
12:24:21.0547 5140 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:24:21.0547 5140 Psched - ok
12:24:21.0625 5140 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:24:21.0640 5140 ql2300 - ok
12:24:21.0718 5140 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:24:21.0718 5140 ql40xx - ok
12:24:21.0750 5140 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:24:21.0765 5140 QWAVE - ok
12:24:21.0781 5140 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:24:21.0781 5140 QWAVEdrv - ok
12:24:21.0781 5140 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:24:21.0781 5140 RasAcd - ok
12:24:21.0796 5140 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:24:21.0796 5140 RasAgileVpn - ok
12:24:21.0812 5140 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:24:21.0812 5140 RasAuto - ok
12:24:21.0859 5140 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:24:21.0859 5140 Rasl2tp - ok
12:24:21.0906 5140 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:24:21.0906 5140 RasMan - ok
12:24:21.0937 5140 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:24:21.0937 5140 RasPppoe - ok
12:24:21.0937 5140 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:24:21.0952 5140 RasSstp - ok
12:24:21.0968 5140 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:24:21.0968 5140 rdbss - ok
12:24:21.0999 5140 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:24:21.0999 5140 rdpbus - ok
12:24:22.0015 5140 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:24:22.0015 5140 RDPCDD - ok
12:24:22.0030 5140 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:24:22.0030 5140 RDPENCDD - ok
12:24:22.0046 5140 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:24:22.0046 5140 RDPREFMP - ok
12:24:22.0093 5140 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
12:24:22.0093 5140 RDPWD - ok
12:24:22.0140 5140 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:24:22.0140 5140 rdyboost - ok
12:24:22.0171 5140 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:24:22.0171 5140 RemoteAccess - ok
12:24:22.0202 5140 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:24:22.0218 5140 RemoteRegistry - ok
12:24:22.0218 5140 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:24:22.0218 5140 RpcEptMapper - ok
12:24:22.0233 5140 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:24:22.0233 5140 RpcLocator - ok
12:24:22.0280 5140 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:24:22.0296 5140 RpcSs - ok
12:24:22.0311 5140 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:24:22.0327 5140 rspndr - ok
12:24:22.0358 5140 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:24:22.0358 5140 SamSs - ok
12:24:22.0389 5140 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:24:22.0389 5140 sbp2port - ok
12:24:22.0420 5140 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:24:22.0420 5140 SCardSvr - ok
12:24:22.0452 5140 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:24:22.0452 5140 scfilter - ok
12:24:22.0530 5140 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:24:22.0545 5140 Schedule - ok
12:24:22.0561 5140 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:24:22.0576 5140 SCPolicySvc - ok
12:24:22.0623 5140 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:24:22.0623 5140 SDRSVC - ok
12:24:22.0701 5140 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:24:22.0701 5140 secdrv - ok
12:24:22.0717 5140 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:24:22.0732 5140 seclogon - ok
12:24:22.0748 5140 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:24:22.0748 5140 SENS - ok
12:24:22.0764 5140 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:24:22.0764 5140 SensrSvc - ok
12:24:22.0779 5140 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:24:22.0779 5140 Serenum - ok
12:24:22.0795 5140 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:24:22.0795 5140 Serial - ok
12:24:22.0826 5140 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:24:22.0826 5140 sermouse - ok
12:24:22.0857 5140 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:24:22.0873 5140 SessionEnv - ok
12:24:22.0904 5140 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:24:22.0904 5140 sffdisk - ok
12:24:22.0904 5140 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:24:22.0904 5140 sffp_mmc - ok
12:24:22.0920 5140 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:24:22.0920 5140 sffp_sd - ok
12:24:22.0935 5140 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:24:22.0935 5140 sfloppy - ok
12:24:22.0998 5140 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
12:24:23.0013 5140 Sftfs - ok
12:24:23.0091 5140 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:24:23.0107 5140 sftlist - ok
12:24:23.0138 5140 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:24:23.0138 5140 Sftplay - ok
12:24:23.0169 5140 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:24:23.0169 5140 Sftredir - ok
12:24:23.0185 5140 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
12:24:23.0185 5140 Sftvol - ok
12:24:23.0200 5140 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:24:23.0200 5140 sftvsa - ok
12:24:23.0232 5140 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:24:23.0247 5140 SharedAccess - ok
12:24:23.0294 5140 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:24:23.0294 5140 ShellHWDetection - ok
12:24:23.0325 5140 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:24:23.0325 5140 SiSRaid2 - ok
12:24:23.0325 5140 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:24:23.0341 5140 SiSRaid4 - ok
12:24:23.0388 5140 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
12:24:23.0403 5140 SkypeUpdate - ok
12:24:23.0419 5140 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:24:23.0419 5140 Smb - ok
12:24:23.0450 5140 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:24:23.0450 5140 SNMPTRAP - ok
12:24:23.0466 5140 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:24:23.0466 5140 spldr - ok
12:24:23.0512 5140 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:24:23.0528 5140 Spooler - ok
12:24:23.0700 5140 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:24:23.0746 5140 sppsvc - ok
12:24:23.0824 5140 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:24:23.0824 5140 sppuinotify - ok
12:24:23.0871 5140 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:24:23.0887 5140 srv - ok
12:24:23.0902 5140 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:24:23.0918 5140 srv2 - ok
12:24:23.0934 5140 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:24:23.0934 5140 srvnet - ok
12:24:23.0949 5140 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:24:23.0965 5140 SSDPSRV - ok
12:24:23.0965 5140 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:24:23.0980 5140 SstpSvc - ok
12:24:23.0996 5140 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:24:23.0996 5140 stexstor - ok
12:24:24.0058 5140 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:24:24.0074 5140 stisvc - ok
12:24:24.0105 5140 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:24:24.0105 5140 swenum - ok
12:24:24.0136 5140 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:24:24.0152 5140 swprv - ok
12:24:24.0246 5140 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:24:24.0277 5140 SysMain - ok
12:24:24.0370 5140 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:24:24.0370 5140 TabletInputService - ok
12:24:24.0386 5140 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:24:24.0402 5140 TapiSrv - ok
12:24:24.0417 5140 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:24:24.0417 5140 TBS - ok
12:24:24.0542 5140 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:24:24.0573 5140 Tcpip - ok
12:24:24.0682 5140 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:24:24.0698 5140 TCPIP6 - ok
12:24:24.0745 5140 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:24:24.0745 5140 tcpipreg - ok
12:24:24.0776 5140 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:24:24.0776 5140 TDPIPE - ok
12:24:24.0807 5140 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:24:24.0807 5140 TDTCP - ok
12:24:24.0838 5140 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:24:24.0838 5140 tdx - ok
12:24:24.0885 5140 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:24:24.0885 5140 TermDD - ok
12:24:24.0916 5140 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:24:24.0932 5140 TermService - ok
12:24:24.0948 5140 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:24:24.0948 5140 Themes - ok
12:24:24.0963 5140 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:24:24.0963 5140 THREADORDER - ok
12:24:24.0994 5140 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:24:24.0994 5140 TrkWks - ok
12:24:25.0041 5140 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:24:25.0041 5140 TrustedInstaller - ok
12:24:25.0072 5140 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:24:25.0072 5140 tssecsrv - ok
12:24:25.0119 5140 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:24:25.0119 5140 TsUsbFlt - ok
12:24:25.0166 5140 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:24:25.0166 5140 tunnel - ok
12:24:25.0182 5140 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:24:25.0182 5140 uagp35 - ok
12:24:25.0213 5140 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
12:24:25.0213 5140 UBHelper - ok
12:24:25.0244 5140 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:24:25.0260 5140 udfs - ok
12:24:25.0291 5140 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:24:25.0291 5140 UI0Detect - ok
12:24:25.0322 5140 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:24:25.0322 5140 uliagpkx - ok
12:24:25.0338 5140 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:24:25.0338 5140 umbus - ok
12:24:25.0353 5140 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:24:25.0353 5140 UmPass - ok
12:24:25.0416 5140 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
12:24:25.0416 5140 Updater Service - ok
12:24:25.0447 5140 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:24:25.0462 5140 upnphost - ok
12:24:25.0478 5140 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
12:24:25.0494 5140 USBAAPL64 - ok
12:24:25.0525 5140 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:24:25.0525 5140 usbccgp - ok
12:24:25.0556 5140 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:24:25.0556 5140 usbcir - ok
12:24:25.0572 5140 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
12:24:25.0572 5140 usbehci - ok
12:24:25.0587 5140 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:24:25.0587 5140 usbhub - ok
12:24:25.0603 5140 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:24:25.0603 5140 usbohci - ok
12:24:25.0618 5140 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:24:25.0634 5140 usbprint - ok
12:24:25.0665 5140 USBS3S4Detection (b5e6c4f280ebf0b16f74a5b415f2e0df) C:\OEM\USBDECTION\USBS3S4Detection.exe
12:24:25.0665 5140 USBS3S4Detection - ok
12:24:25.0696 5140 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:24:25.0696 5140 usbscan - ok
12:24:25.0743 5140 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:24:25.0743 5140 USBSTOR - ok
12:24:25.0759 5140 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:24:25.0759 5140 usbuhci - ok
12:24:25.0790 5140 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:24:25.0790 5140 UxSms - ok
12:24:25.0821 5140 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:24:25.0821 5140 VaultSvc - ok
12:24:25.0868 5140 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:24:25.0868 5140 vdrvroot - ok
12:24:25.0915 5140 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:24:25.0930 5140 vds - ok
12:24:25.0946 5140 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:24:25.0946 5140 vga - ok
12:24:25.0962 5140 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:24:25.0962 5140 VgaSave - ok
12:24:25.0993 5140 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:24:25.0993 5140 vhdmp - ok
12:24:26.0008 5140 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:24:26.0008 5140 viaide - ok
12:24:26.0024 5140 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:24:26.0024 5140 volmgr - ok
12:24:26.0071 5140 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:24:26.0086 5140 volmgrx - ok
12:24:26.0102 5140 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:24:26.0118 5140 volsnap - ok
12:24:26.0149 5140 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:24:26.0149 5140 vsmraid - ok
12:24:26.0242 5140 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:24:26.0258 5140 VSS - ok
12:24:26.0336 5140 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:24:26.0336 5140 vwifibus - ok
12:24:26.0383 5140 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:24:26.0383 5140 vwififlt - ok
12:24:26.0414 5140 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:24:26.0430 5140 W32Time - ok
12:24:26.0445 5140 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:24:26.0445 5140 WacomPen - ok
12:24:26.0492 5140 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:24:26.0492 5140 WANARP - ok
12:24:26.0492 5140 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:24:26.0492 5140 Wanarpv6 - ok
12:24:26.0570 5140 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:24:26.0586 5140 WatAdminSvc - ok
12:24:26.0679 5140 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:24:26.0710 5140 wbengine - ok
12:24:26.0773 5140 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:24:26.0788 5140 WbioSrvc - ok
12:24:26.0835 5140 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:24:26.0851 5140 wcncsvc - ok
12:24:26.0851 5140 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:24:26.0851 5140 WcsPlugInService - ok
12:24:26.0882 5140 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:24:26.0882 5140 Wd - ok
12:24:26.0913 5140 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:24:26.0913 5140 Wdf01000 - ok
12:24:26.0929 5140 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:24:26.0944 5140 WdiServiceHost - ok
12:24:26.0944 5140 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:24:26.0944 5140 WdiSystemHost - ok
12:24:26.0960 5140 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:24:26.0976 5140 WebClient - ok
12:24:27.0007 5140 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:24:27.0007 5140 Wecsvc - ok
12:24:27.0022 5140 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:24:27.0022 5140 wercplsupport - ok
12:24:27.0038 5140 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:24:27.0038 5140 WerSvc - ok
12:24:27.0085 5140 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:24:27.0085 5140 WfpLwf - ok
12:24:27.0100 5140 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:24:27.0100 5140 WIMMount - ok
12:24:27.0132 5140 WinDefend - ok
12:24:27.0147 5140 WinHttpAutoProxySvc - ok
12:24:27.0194 5140 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:24:27.0194 5140 Winmgmt - ok
12:24:27.0319 5140 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:24:27.0334 5140 WinRM - ok
12:24:27.0444 5140 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:24:27.0444 5140 WinUsb - ok
12:24:27.0506 5140 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:24:27.0522 5140 Wlansvc - ok
12:24:27.0709 5140 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:24:27.0724 5140 wlidsvc - ok
12:24:27.0818 5140 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:24:27.0818 5140 WmiAcpi - ok
12:24:27.0865 5140 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:24:27.0880 5140 wmiApSrv - ok
12:24:27.0912 5140 WMPNetworkSvc - ok
12:24:27.0927 5140 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:24:27.0927 5140 WPCSvc - ok
12:24:27.0974 5140 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:24:27.0974 5140 WPDBusEnum - ok
12:24:28.0005 5140 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:24:28.0005 5140 ws2ifsl - ok
12:24:28.0005 5140 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:24:28.0021 5140 wscsvc - ok
12:24:28.0021 5140 WSearch - ok
12:24:28.0146 5140 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:24:28.0177 5140 wuauserv - ok
12:24:28.0270 5140 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:24:28.0270 5140 WudfPf - ok
12:24:28.0302 5140 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:24:28.0302 5140 WUDFRd - ok
12:24:28.0333 5140 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:24:28.0348 5140 wudfsvc - ok
12:24:28.0380 5140 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:24:28.0380 5140 WwanSvc - ok
12:24:28.0411 5140 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:24:28.0598 5140 \Device\Harddisk0\DR0 - ok
12:24:28.0598 5140 Boot (0x1200) (f48fe5e54eef36d0caa4fe543d2d2877) \Device\Harddisk0\DR0\Partition0
12:24:28.0598 5140 \Device\Harddisk0\DR0\Partition0 - ok
12:24:28.0614 5140 Boot (0x1200) (850031bd94980a1f6578b1d71178137f) \Device\Harddisk0\DR0\Partition1
12:24:28.0614 5140 \Device\Harddisk0\DR0\Partition1 - ok
12:24:28.0614 5140 ============================================================
12:24:28.0614 5140 Scan finished
12:24:28.0614 5140 ============================================================
12:24:28.0614 3316 Detected object count: 0
12:24:28.0614 3316 Actual detected object count: 0
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-17 12:27:23
-----------------------------
12:27:23.731 OS Version: Windows x64 6.1.7601 Service Pack 1
12:27:23.731 Number of processors: 4 586 0x1E05
12:27:23.731 ComputerName: SCOTT-PC UserName: Scott
12:27:25.119 Initialize success
12:28:00.259 AVAST engine defs: 12061700
12:28:12.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:28:12.218 Disk 0 Vendor: Hitachi_ ST6O Size: 953869MB BusType: 3
12:28:12.234 Disk 0 MBR read successfully
12:28:12.234 Disk 0 MBR scan
12:28:12.249 Disk 0 Windows 7 default MBR code
12:28:12.249 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 17408 MB offset 2048
12:28:12.265 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 35653632
12:28:12.280 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 936359 MB offset 35858432
12:28:12.280 Disk 0 scanning C:\Windows\system32\drivers
12:28:20.829 Service scanning
12:28:40.485 Modules scanning
12:28:40.485 Disk 0 trace - called modules:
12:28:40.501 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:28:40.517 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e24060]
12:28:40.517 3 CLASSPNP.SYS[fffff88001b5343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b71050]
12:28:41.905 AVAST engine scan C:\Windows
12:28:45.181 AVAST engine scan C:\Windows\system32
12:28:48.535 File: C:\Windows\system32\autoHost64.dll **INFECTED** Win32:Trojan-gen
12:30:48.178 AVAST engine scan C:\Windows\system32\drivers
12:30:59.223 AVAST engine scan C:\Users\Scott
12:38:33.826 AVAST engine scan C:\ProgramData
12:40:40.892 Scan finished successfully
12:40:55.197 Disk 0 MBR has been saved successfully to "C:\Users\Scott\Desktop\Malwarebytes notes\MBR.dat"
12:40:55.197 The log file has been saved successfully to "C:\Users\Scott\Desktop\Malwarebytes notes\aswMBR.txt"
-
Sorry.. just reread the instructions and saw to reboot computer to get rid of that error message. Rebooted and I can access the programs.
So far I have been online for a few minutes with no pop up warnings from Malwarebytes which used to come up every few seconds. All issues seem to be OK now... no problems with opening Excel documents or Windows Live attachments.
Here is the log:
ComboFix 12-06-16.02 - Scott 17/06/2012 9:45.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8151.6459 [GMT -7:00]
Running from: c:\users\Scott\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}
c:\users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\@
c:\users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\L\00000004.@
c:\users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\L\1afb2d56
c:\users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\L\80000032.@
c:\users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\n
c:\users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\U\00000004.@
c:\users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\U\00000008.@
c:\users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\U\000000cb.@
c:\users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\U\80000000.@
c:\users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\U\80000032.@
c:\users\Scott\AppData\Local\{eefe642c-7cef-8559-b734-7bb4a7fa7b87}\U\80000064.@
c:\users\Scott\AppData\Local\Temp\ireyln.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-05-17 to 2012-06-17 )))))))))))))))))))))))))))))))
.
.
2012-06-17 16:53 . 2012-06-17 16:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-17 16:53 . 2012-06-17 16:53 -------- d-----w- c:\users\Hot Blonde Babe\AppData\Local\temp
2012-06-16 22:48 . 2012-06-16 22:48 -------- d-----w- c:\programdata\HP Photo Creations
2012-06-16 22:48 . 2012-06-16 22:48 -------- d-----w- c:\program files (x86)\HP Photo Creations
2012-06-16 22:48 . 2012-06-16 22:48 -------- d-----w- c:\users\Scott\AppData\Roaming\HpUpdate
2012-06-16 22:47 . 2012-06-16 22:47 -------- d-----w- c:\programdata\HP Product Assistant
2012-06-16 22:28 . 2012-06-16 22:28 -------- d-----w- c:\windows\Hewlett-Packard
2012-06-16 22:16 . 2012-06-16 22:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-16 17:17 . 2012-06-16 17:21 -------- d-----w- c:\programdata\PLAV
2012-06-16 17:17 . 2012-06-16 17:17 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2012-06-16 15:35 . 2012-06-16 15:35 -------- d-----w- c:\windows\system32\Macromed
2012-06-15 10:37 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01FC08EE-DB8E-43EA-A4F6-892949FB4D26}\mpengine.dll
2012-06-12 07:44 . 2012-06-12 07:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-12 07:44 . 2012-05-09 19:21 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-30 23:55 . 2012-05-30 23:55 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes
2012-05-30 23:55 . 2012-05-30 23:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-30 23:55 . 2012-05-30 23:55 -------- d-----w- c:\programdata\Malwarebytes
2012-05-30 23:55 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-30 23:37 . 2012-05-30 23:37 62464 ---ha-w- c:\windows\system32\autoHost64.dll
2012-05-30 23:36 . 2012-05-30 23:36 -------- d-----w- c:\programdata\B7E8587100017DC3000BDF33B4EB2367
2012-05-30 23:36 . 2012-05-31 00:36 -------- d-----w- c:\users\Scott\AppData\Local\CMI
2012-05-30 13:19 . 2012-06-16 15:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-30 13:19 . 2012-06-16 15:35 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-22 01:48 . 2012-05-22 01:48 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-22 01:48 . 2012-05-22 01:48 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 19:21 . 2010-07-06 15:57 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-03-30 11:35 . 2012-05-12 08:18 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-01 39408]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-12 244480]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-20 98304]
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
.
c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE [2012-1-4 3208032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257224]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-12 62208]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 15:35]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 20:36]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-15 20:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Scott\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?AF=108980&babsrc=HP_ss&mntrId=14c9424a000000000000701a04ef5b08
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4831&r=17360410p416p0435v185k44m1r575
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files (x86)\TurboTax 2011\ic2011pp.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-compeout - c:\windows\system32\autoHost64.dll
SafeBoot-44738816.sys
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-06-17 10:06:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-17 17:06
.
Pre-Run: 789,514,678,272 bytes free
Post-Run: 794,949,332,992 bytes free
.
- - End Of File - - ABCEC3191E5813606778B13DE535F1D0
-
I don't have the log as I can no longer open things on my computer... am working from another one now to send this.
I ran the combofix from my documents folder not directly on the desktop (no option to save to desktop when I download it does it automatically as soon as I click on the link, not sure if that makes any difference).
The program ran and rebooted the computer, then generated a log.
I am now unable to open most programs (Windows Live; Chrome; Internet Explorer; Excel; Word).
I get an error message "Illegal operations attempted on a registry key that has been marked for deletion" when attempting to open those programs (not sure if there are others as well).
I did not save the log to a thumbdrive or anything as I was worried that if I put it on this computer I would infect it as well. Not sure how to get you the log without being able to access those programs.
-
Problems with the computer so far: difficulty opening files in Excel (says unable to create temp environment... and short of memory, even if nothing is open); Audio Ads running even when no browser open; unable to open attachment files in Windows Live; slow internet and page loading; randomly find browser open to websites I haven't opened (and I live alone) after having left computer on and not been on it.
Here are the three logs requested:
Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java 6 Update 33
Java version out of date!
Adobe Reader X (10.1.3)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes Anti-Malware mbam.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Scott at 23:27:46 on 2012-06-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8151.5844 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\OEM\USBDECTION\USBS3S4Detection.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
Q:\140061.enu\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Scott\Downloads\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=108980&babsrc=HP_ss&mntrId=14c9424a000000000000701a04ef5b08
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4831&r=17360410p416p0435v185k44m1r575
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4831&r=17360410p416p0435v185k44m1r575
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4831&r=17360410p416p0435v185k44m1r575
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [compeout] rundll32 "C:\Windows\system32\autoHost64.dll",CreateProcessNotify
uRun: [ireyln] rundll32.exe "C:\Users\Scott\AppData\Local\Temp\ireyln.dll",StopFeedLoad
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
StartupFolder: C:\Users\Scott\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Scott\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Scott\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://64.114.238.141/activex/AxisCamControl.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9A775B56-1982-4132-A5E9-F06243D11877} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C81A1BB0-18C2-4D14-99BD-14BA195B463D} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C81A1BB0-18C2-4D14-99BD-14BA195B463D}\3534F44545D20534F5E4564777F627B6 : DhcpNameServer = 192.168.0.1
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-30 654408]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-12-1 240160]
R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-15 135664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-30 257224]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-15 135664]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-16 22:48:36 -------- d-----w- C:\ProgramData\HP Photo Creations
2012-06-16 22:48:36 -------- d-----w- C:\Program Files (x86)\HP Photo Creations
2012-06-16 22:48:30 -------- d-----w- C:\Users\Scott\AppData\Roaming\HpUpdate
2012-06-16 22:28:30 -------- d-----w- C:\Windows\Hewlett-Packard
2012-06-16 22:16:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-16 19:35:53 -------- d-----w- C:\Users\Scott\AppData\Local\{C93DCBC3-3AEA-4B9A-AB74-EA2BA1937A21}
2012-06-16 19:20:58 -------- d-----w- C:\Users\Scott\AppData\Local\{2CB05255-50F7-443F-BE68-57A2C9C04C54}
2012-06-16 17:17:36 -------- d-----w- C:\ProgramData\PLAV
2012-06-16 17:17:10 -------- d-----w- C:\ProgramData\ParetoLogic Anti-Virus PLUS
2012-06-16 06:10:15 -------- d-----w- C:\Users\Scott\AppData\Local\{0C75FC1C-4299-4ED6-A4FB-9E852EB52F3D}
2012-06-15 18:10:10 -------- d-----w- C:\Users\Scott\AppData\Local\{B18A0E0E-3AA8-4AAE-8C9D-62FEFBE087FD}
2012-06-15 10:37:14 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{01FC08EE-DB8E-43EA-A4F6-892949FB4D26}\mpengine.dll
2012-06-15 06:10:06 -------- d-----w- C:\Users\Scott\AppData\Local\{5A16661B-BF30-42D4-9B25-8CA38D75989B}
2012-06-14 18:09:54 -------- d-----w- C:\Users\Scott\AppData\Local\{535C103F-A3B1-4D54-9992-38EC8EE8E721}
2012-06-14 18:09:32 -------- d-----w- C:\Users\Scott\AppData\Local\{B06762F5-5D75-4231-A37F-07F31C3DB369}
2012-06-14 06:08:54 -------- d-----w- C:\Users\Scott\AppData\Local\{8C5FCB2D-6F22-4CB2-AEF3-CB64386F1856}
2012-06-14 06:08:26 -------- d-----w- C:\Users\Scott\AppData\Local\{C06E069C-4BD1-4D3F-9FA2-14B459AE604F}
2012-06-13 18:08:06 -------- d-----w- C:\Users\Scott\AppData\Local\{1BA35862-CC19-450F-81AF-CED1733EAEA4}
2012-06-13 18:07:35 -------- d-----w- C:\Users\Scott\AppData\Local\{EA624360-C83D-455A-8E12-B4E655E06C52}
2012-06-13 06:07:33 -------- d-----w- C:\Users\Scott\AppData\Local\{F4EF1050-723D-4066-8434-6F7588B6EC5B}
2012-06-13 06:07:18 -------- d-----w- C:\Users\Scott\AppData\Local\{88E03411-DC6F-4C90-B47E-A09B16150737}
2012-06-12 18:07:04 -------- d-----w- C:\Users\Scott\AppData\Local\{5ADA9CE7-4FEB-47AD-B436-08A6F9EEF2FF}
2012-06-12 18:07:00 -------- d-----w- C:\Users\Scott\AppData\Local\{C66B034E-FDA8-41AD-B3AA-C96AA998ACB4}
2012-06-12 07:44:35 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-06-12 06:06:46 -------- d-----w- C:\Users\Scott\AppData\Local\{A4BCAC10-ACF8-4271-9260-5E2D65149DC5}
2012-06-12 06:06:36 -------- d-----w- C:\Users\Scott\AppData\Local\{90DE1452-F67C-44C9-AB8B-C2CF9FD67BF5}
2012-06-11 18:05:21 -------- d-----w- C:\Users\Scott\AppData\Local\{0986028B-A32F-40A6-BD51-8A54BEBC4966}
2012-06-11 18:05:06 -------- d-----w- C:\Users\Scott\AppData\Local\{8C6221F6-B8C2-4EE7-B28B-A66069AD8496}
2012-06-11 06:04:42 -------- d-----w- C:\Users\Scott\AppData\Local\{4FE44F11-6235-49E8-965F-6DA86B7FDEB0}
2012-06-11 06:04:33 -------- d-----w- C:\Users\Scott\AppData\Local\{EC4CB617-8C59-4803-8EB4-2A2925FAA0D7}
2012-06-10 18:02:58 -------- d-----w- C:\Users\Scott\AppData\Local\{39557910-2BC3-4813-BCB7-6ABA39D74E8D}
2012-06-10 18:01:51 -------- d-----w- C:\Users\Scott\AppData\Local\{E83B8D09-2EB1-4C03-87A8-17BF197CC436}
2012-06-10 06:01:29 -------- d-----w- C:\Users\Scott\AppData\Local\{7542F8FA-7022-42C5-8ECA-7EE9B0AC4AF2}
2012-06-10 06:01:28 -------- d-----w- C:\Users\Scott\AppData\Local\{512DAE1F-2F21-494F-A6F9-4AD85499395E}
2012-06-09 18:01:05 -------- d-----w- C:\Users\Scott\AppData\Local\{9626F434-25EC-49E9-BA00-FA7B8CAFAA0E}
2012-06-09 18:00:10 -------- d-----w- C:\Users\Scott\AppData\Local\{EA85FAC9-7DF1-45C0-8E91-77E1016F9AED}
2012-06-09 06:00:02 -------- d-----w- C:\Users\Scott\AppData\Local\{404F45D9-CFEF-4508-B27B-7051BB5FE1E2}
2012-06-09 05:59:41 -------- d-----w- C:\Users\Scott\AppData\Local\{F7CE12E3-17C5-493E-9578-D870F412535A}
2012-06-08 17:59:20 -------- d-----w- C:\Users\Scott\AppData\Local\{E0D84AB7-692C-4C6E-B17D-13A51B030C82}
2012-06-08 17:59:10 -------- d-----w- C:\Users\Scott\AppData\Local\{751598FE-220F-4DC6-862D-AE9AD7CEEBDB}
2012-06-08 05:58:47 -------- d-----w- C:\Users\Scott\AppData\Local\{9F593E2D-8891-4B24-878F-6E0D18F5B559}
2012-06-08 05:58:46 -------- d-----w- C:\Users\Scott\AppData\Local\{7E3C549D-9830-416A-ABFF-6A574992AF10}
2012-06-07 17:58:22 -------- d-----w- C:\Users\Scott\AppData\Local\{29697314-BE75-4DF4-B1D0-1103A4203555}
2012-06-07 17:58:10 -------- d-----w- C:\Users\Scott\AppData\Local\{2813E5D2-6E9E-43ED-94FC-C79A754F58F1}
2012-06-07 05:57:55 -------- d-----w- C:\Users\Scott\AppData\Local\{1E524980-CFB4-4CD8-A9A7-04F5ED374EED}
2012-06-07 05:57:34 -------- d-----w- C:\Users\Scott\AppData\Local\{258D21E4-A0A9-482C-8D10-2C5D5B5DE3A5}
2012-06-06 17:57:29 -------- d-----w- C:\Users\Scott\AppData\Local\{5EE28E85-899E-455A-BE49-F292967C37FB}
2012-06-06 17:57:16 -------- d-----w- C:\Users\Scott\AppData\Local\{7C07E5C8-2A9C-43AD-A2F4-4777ACF84AF2}
2012-06-06 05:57:11 -------- d-----w- C:\Users\Scott\AppData\Local\{8BE43308-CE1D-46B2-AEF3-1D859BF180F8}
2012-06-06 05:56:47 -------- d-----w- C:\Users\Scott\AppData\Local\{F3C67B90-530B-4436-B7DA-7C4F49FD3996}
2012-06-05 17:56:41 -------- d-----w- C:\Users\Scott\AppData\Local\{6CB677C5-5D9E-40B8-9504-481E9076ED14}
2012-06-05 17:56:38 -------- d-----w- C:\Users\Scott\AppData\Local\{4337AE5E-3C2A-45CA-9E0B-360F8374CAA1}
2012-06-05 05:56:24 -------- d-----w- C:\Users\Scott\AppData\Local\{0AAA06B0-1C8B-418A-BA60-DBD882B3FAAB}
2012-06-05 05:56:14 -------- d-----w- C:\Users\Scott\AppData\Local\{401F392B-9589-40D8-8704-7779599EEEE3}
2012-06-04 17:56:03 -------- d-----w- C:\Users\Scott\AppData\Local\{BE205F1D-96E5-421F-A49A-4FD75695FD72}
2012-06-04 17:55:56 -------- d-----w- C:\Users\Scott\AppData\Local\{B2197C9B-A0E0-4436-845C-96A2C3DB3FD6}
2012-06-04 05:55:30 -------- d-----w- C:\Users\Scott\AppData\Local\{15DC787A-113B-46BD-9DB3-A0B12B6A001C}
2012-06-04 05:55:26 -------- d-----w- C:\Users\Scott\AppData\Local\{09847DEA-A1BC-4040-9191-7DC036951485}
2012-06-03 17:54:26 -------- d-----w- C:\Users\Scott\AppData\Local\{919C69FB-6AF9-4048-BDD6-1EA02CE954F0}
2012-06-03 17:53:50 -------- d-----w- C:\Users\Scott\AppData\Local\{E8E328CC-C131-445F-A420-F47B478D7BFA}
2012-06-03 05:53:28 -------- d-----w- C:\Users\Scott\AppData\Local\{B5753C9C-4D2E-457B-B258-9B5778098D94}
2012-06-03 05:52:45 -------- d-----w- C:\Users\Scott\AppData\Local\{D5B224FB-9683-4797-81F5-2B38DD4C8419}
2012-06-02 17:51:16 -------- d-----w- C:\Users\Scott\AppData\Local\{A0CF5F7E-F9DB-4824-9785-7250DF5332DB}
2012-06-02 17:51:13 -------- d-----w- C:\Users\Scott\AppData\Local\{D9606D23-CB20-4673-B435-71B9A3F2DFBC}
2012-06-02 05:50:34 -------- d-----w- C:\Users\Scott\AppData\Local\{396C50B9-6A7A-4E9A-A131-04AF53A74E25}
2012-06-02 05:50:10 -------- d-----w- C:\Users\Scott\AppData\Local\{16623201-41E1-4354-967E-4B0D1A29CE76}
2012-06-01 17:49:35 -------- d-----w- C:\Users\Scott\AppData\Local\{59DFAEE8-F18B-4C30-B8CA-57E118CF6380}
2012-06-01 17:49:04 -------- d-----w- C:\Users\Scott\AppData\Local\{2780F154-8ED8-4068-9B61-4AD2F12E8CAF}
2012-06-01 05:48:41 -------- d-----w- C:\Users\Scott\AppData\Local\{A0141189-1CC6-4437-9AD1-DA7BF5F24C30}
2012-06-01 05:48:35 -------- d-----w- C:\Users\Scott\AppData\Local\{D5833D70-64C1-4A6A-B0C9-0A6C7B2098D4}
2012-05-31 17:48:17 -------- d-----w- C:\Users\Scott\AppData\Local\{72C11EED-DFFE-4945-B8E5-3FBF550FBB4C}
2012-05-31 17:48:14 -------- d-----w- C:\Users\Scott\AppData\Local\{2575106B-CBE1-490F-B23E-C704359F4301}
2012-05-31 05:47:56 -------- d-----w- C:\Users\Scott\AppData\Local\{0B561BEC-0052-45AD-B6B9-5A0473441BAF}
2012-05-31 05:47:53 -------- d-----w- C:\Users\Scott\AppData\Local\{14F22FDD-5541-4EAF-A086-89EA8BDB777A}
2012-05-30 23:55:18 -------- d-----w- C:\Users\Scott\AppData\Roaming\Malwarebytes
2012-05-30 23:55:12 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-30 23:55:12 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-30 23:55:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-30 23:37:18 62464 ---ha-w- C:\Windows\System32\autoHost64.dll
2012-05-30 23:36:43 -------- d-----w- C:\ProgramData\B7E8587100017DC3000BDF33B4EB2367
2012-05-30 23:36:42 -------- d-----w- C:\Users\Scott\AppData\Local\CMI
2012-05-30 17:47:27 -------- d-----w- C:\Users\Scott\AppData\Local\{97319CC9-3CEF-4F1C-A9B8-44266A89A03E}
2012-05-30 17:46:38 -------- d-----w- C:\Users\Scott\AppData\Local\{9DB9C3C1-585D-4161-A3DF-186F4ED30382}
2012-05-30 13:19:30 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-30 13:19:30 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-30 05:46:00 -------- d-----w- C:\Users\Scott\AppData\Local\{729BCA00-5710-4801-B5F8-6BEE8E7E3052}
2012-05-30 05:45:32 -------- d-----w- C:\Users\Scott\AppData\Local\{9FDF9337-98AE-48E1-9DE3-46E6B258D7A2}
2012-05-29 17:44:54 -------- d-----w- C:\Users\Scott\AppData\Local\{4D740241-808B-47B2-A38C-DFEB90DDCBBB}
2012-05-29 17:43:41 -------- d-----w- C:\Users\Scott\AppData\Local\{A293AB6A-E624-4955-8D9D-1449998001B8}
2012-05-29 05:42:37 -------- d-----w- C:\Users\Scott\AppData\Local\{F023DE7B-E034-4AE0-88B2-CB30FCB0E4DE}
2012-05-29 05:42:27 -------- d-----w- C:\Users\Scott\AppData\Local\{0890C58C-D548-4F2F-B27D-879C54D4C17C}
2012-05-28 17:42:25 -------- d-----w- C:\Users\Scott\AppData\Local\{E4D86CFA-0C91-4F59-B1A7-AEFF1DC8E6AE}
2012-05-28 17:42:00 -------- d-----w- C:\Users\Scott\AppData\Local\{F112A2CC-8421-4C04-9E3E-AA0C332AC568}
2012-05-28 05:41:28 -------- d-----w- C:\Users\Scott\AppData\Local\{B46944E6-7901-4DE3-A19E-7C0E55171BE8}
2012-05-28 05:40:19 -------- d-----w- C:\Users\Scott\AppData\Local\{CD926C96-683F-4514-9131-B07D4C783617}
2012-05-27 17:39:04 -------- d-----w- C:\Users\Scott\AppData\Local\{BA71E710-B902-41AF-B919-E22EB2ECCB38}
2012-05-27 17:38:31 -------- d-----w- C:\Users\Scott\AppData\Local\{3CA7194B-796F-492E-890A-FB1E5C14A01D}
2012-05-27 05:38:02 -------- d-----w- C:\Users\Scott\AppData\Local\{6F240847-821A-42E8-AD4D-F41FAE6F629A}
2012-05-27 05:37:28 -------- d-----w- C:\Users\Scott\AppData\Local\{DB952665-DDF3-4378-BE0B-E097FAAF577F}
2012-05-26 17:36:32 -------- d-----w- C:\Users\Scott\AppData\Local\{B80B225D-1337-4843-AF9E-576DCA2CFF1B}
2012-05-26 17:36:04 -------- d-----w- C:\Users\Scott\AppData\Local\{20E768A2-5116-4F52-84A7-2E10F93061A4}
2012-05-26 05:35:05 -------- d-----w- C:\Users\Scott\AppData\Local\{AEBD821D-A9EB-4002-BF2D-902797CB93A7}
2012-05-26 05:34:58 -------- d-----w- C:\Users\Scott\AppData\Local\{F1A13E5C-6DA6-4AAD-8A75-69D789EA072C}
2012-05-25 17:34:32 -------- d-----w- C:\Users\Scott\AppData\Local\{D85B6C9B-C80B-4D26-AEED-D8C25139182F}
2012-05-25 17:34:29 -------- d-----w- C:\Users\Scott\AppData\Local\{B44A83E9-A784-459A-9E65-A2C413F972C5}
2012-05-25 05:33:57 -------- d-----w- C:\Users\Scott\AppData\Local\{1C8391EE-ED3A-4F38-B60D-DA4D1F81F137}
2012-05-25 05:33:05 -------- d-----w- C:\Users\Scott\AppData\Local\{CD48811E-F2A0-447F-9E55-DEC47C766A93}
2012-05-24 17:06:55 -------- d-----w- C:\Users\Scott\AppData\Local\{73F1FF57-E7F9-4AD3-9043-1632FC6C0D6A}
2012-05-24 17:05:51 -------- d-----w- C:\Users\Scott\AppData\Local\{D4AA4094-17D6-4C05-9961-78DA12D53863}
2012-05-24 05:04:42 -------- d-----w- C:\Users\Scott\AppData\Local\{50E479EE-AB33-47AD-A650-F3CF525BEB19}
2012-05-24 05:03:09 -------- d-----w- C:\Users\Scott\AppData\Local\{0B7CD0D0-8565-4F74-9E12-E2254552EC8F}
2012-05-23 14:02:00 -------- d-----w- C:\Users\Scott\AppData\Local\{E6FBDF86-5507-4551-A9CD-F2FFE76DF81D}
2012-05-23 14:01:56 -------- d-----w- C:\Users\Scott\AppData\Local\{06AEC37A-2F6E-490B-8712-C8A185026FE5}
2012-05-22 22:38:27 -------- d-----w- C:\Users\Scott\AppData\Local\{3BA6661D-3AC1-4B28-8022-F10B01D559D0}
2012-05-22 22:37:33 -------- d-----w- C:\Users\Scott\AppData\Local\{E28D6063-AF1A-4CC3-BA45-511442F61EDC}
2012-05-22 10:37:31 -------- d-----w- C:\Users\Scott\AppData\Local\{28DA9D53-2DE3-4281-A3A6-2738F8EC00B7}
2012-05-22 10:37:30 -------- d-----w- C:\Users\Scott\AppData\Local\{0E01A5B3-16F1-47F1-925D-D9FD3E313FC0}
2012-05-22 01:48:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-22 01:48:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-22 01:48:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-22 01:48:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-22 01:48:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-22 01:48:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-22 01:48:10 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-21 22:36:30 -------- d-----w- C:\Users\Scott\AppData\Local\{24BA3F2C-6E22-49B2-9143-BF3D53F3EF2C}
2012-05-21 22:36:08 -------- d-----w- C:\Users\Scott\AppData\Local\{C0674A10-8B91-4C49-AC2E-73612A5CB755}
2012-05-18 18:08:23 -------- d-----w- C:\Users\Scott\AppData\Local\{D11E18E9-5393-4638-9247-0E7648B5BED5}
2012-05-18 18:07:08 -------- d-----w- C:\Users\Scott\AppData\Local\{E8B5D218-4BE5-4BFB-AA22-8E5CD36C090C}
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-09 19:21:36 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 03:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 23:28:08.40 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 15/04/2010 10:16:32 AM
System Uptime: 16/06/2012 10:12:25 PM (1 hours ago)
.
Motherboard: Gateway | | H57M01
Processor: Intel® Core i5 CPU 750 @ 2.67GHz | CPU 1 | 2668/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 914 GiB total, 735.444 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP288: 04/06/2012 3:00:12 AM - Windows Update
RP289: 08/06/2012 4:35:10 AM - Windows Update
RP290: 12/06/2012 12:43:41 AM - Installed Java 6 Update 32
RP291: 13/06/2012 4:33:00 PM - Windows Update
RP292: 14/06/2012 3:00:12 AM - Windows Update
RP293: 16/06/2012 8:40:50 AM - Installed Java 6 Update 33
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Advertising Center
AMD DnD V1.0.19
Apple Application Support
Apple Software Update
Babylon toolbar on IE
Backup Manager Advance
BufferChm
C4700
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catan - Cities and Knights
Catan Online World
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
D3DX10
Destinations
DeviceDiscovery
Dropbox
eBay Worldwide
EPS Viewer
Gateway Games
Gateway InfoCentre
Gateway MyBackup
Gateway Photo Frame 4.2.3.10
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HP Photo Creations
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Identity Card
ImagXpress
Intel® Management Engine Components
Java Auto Updater
Java 6 Update 33
JMicron JMB36X Driver
Junk Mail filter update
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Student 2010 - English
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
PS_AIO_06_C4700_SW_Min
QuickTime
QuickTransfer
Realtek High Definition Audio Driver
RoE Power Tools
Safari
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Sid Meier's Civilization 4 Complete
Sid Meier's Civilization IV Colonization
Skype Click to Call
Skype™ 5.8
SmartWebPrinting
SolutionCenter
Star Wars: The Old Republic
StarCraft II
Status
Toolbox
TrayApp
TurboTax 2010
TurboTax 2011
TurboTax Business Incorporated 2011
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Ventrilo Client
WebReg
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Detect
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
16/06/2012 4:05:05 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
16/06/2012 11:55:39 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
16/06/2012 11:06:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
16/06/2012 11:06:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
16/06/2012 11:06:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
16/06/2012 11:06:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
16/06/2012 11:06:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
16/06/2012 11:06:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
16/06/2012 11:05:57 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache kl1 KLIF NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
15/06/2012 5:59:41 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
.
==== End Of File ===========================
-
I am getting outgoing block pop-ups from my pro version of Malwarebytes every few seconds to a few IPs.
I followed the instructions for creating a DDS log and here it is.... please form any responses in a way a 5 year old would understand as I am a relative luddite when it comes to this stuff.
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 15/04/2010 10:16:32 AM
System Uptime: 16/06/2012 12:29:29 PM (1 hours ago)
.
Motherboard: Gateway | | H57M01
Processor: Intel® Core i5 CPU 750 @ 2.67GHz | CPU 1 | 2668/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 914 GiB total, 736.867 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP288: 04/06/2012 3:00:12 AM - Windows Update
RP289: 08/06/2012 4:35:10 AM - Windows Update
RP290: 12/06/2012 12:43:41 AM - Installed Java 6 Update 32
RP291: 13/06/2012 4:33:00 PM - Windows Update
RP292: 14/06/2012 3:00:12 AM - Windows Update
RP293: 16/06/2012 8:40:50 AM - Installed Java 6 Update 33
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Advertising Center
AMD DnD V1.0.19
Apple Application Support
Apple Software Update
Babylon toolbar on IE
Backup Manager Advance
BufferChm
C4700
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catan - Cities and Knights
Catan Online World
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
D3DX10
Destinations
DeviceDiscovery
Dropbox
eBay Worldwide
EPS Viewer
Gateway Games
Gateway InfoCentre
Gateway MyBackup
Gateway Photo Frame 4.2.3.10
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Identity Card
ImagXpress
Intel® Management Engine Components
Java Auto Updater
Java 6 Update 33
JMicron JMB36X Driver
Junk Mail filter update
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Student 2010 - English
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
PS_AIO_06_C4700_SW_Min
QuickTime
Realtek High Definition Audio Driver
RoE Power Tools
Safari
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Sid Meier's Civilization 4 Complete
Sid Meier's Civilization IV Colonization
Skype Click to Call
Skype™ 5.8
SmartWebPrinting
SolutionCenter
Star Wars: The Old Republic
StarCraft II
Status
Toolbox
TrayApp
TurboTax 2010
TurboTax 2011
TurboTax Business Incorporated 2011
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Ventrilo Client
WebReg
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Detect
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
16/06/2012 11:55:39 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
16/06/2012 11:06:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
16/06/2012 11:06:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
16/06/2012 11:06:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
16/06/2012 11:06:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
16/06/2012 11:06:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
16/06/2012 11:06:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
16/06/2012 11:05:57 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache kl1 KLIF NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
16/06/2012 11:05:56 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
15/06/2012 5:59:41 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
.
==== End Of File ===========================
I am infected!
in Resolved Malware Removal Logs
Posted
Read and completed, thank you so much! Aside from not having the nasty symptoms, by computer is running much faster now as well.
If anyone is reading this thread, I certainly recommend using this help... and throw a few bucks their way for the service!