Dal

Hi, I've attached the rogue killer log. Please also find attached just one example of ESET pops up initiated by Chrome. Most are random, ad-based websites. RogueKiller.txt

Hi there, I've attached the Zemana log. It didn't find anything. It's just my eset and MalwareBytes Premium pops up issues with sites trying to connect that look very dubious. Sites like cloud-iq.com and the following log that raised suspicion: Time;URL;Status;Application;User;IP address;SHA1 05/03/2017 12:31:08;https://f6fa82c4a9967c5b8d99933b1196dfed.info;Blocked by internal IP blacklist;C:\Program Files (x86)\Google\Chrome\Application\chrome.exe;THATONE\thatone;195.22.26.248;226DFCF2DDA05416CFE340C1CE62EE0B055BBF0B 2017.04.11-20.26.15-i0-t92-d0.txt

Hi there, I've attached all the relevant logs as you asked. I'm still getting these weird requests when I'm in chrome. I saw a chrome extension removed but that doesn't seem to have fixed it. Although it does seem less frequent now that extension has gone. AdwCleaner[S0].txt Fixlog.txt JRT.txt MalwareBytesLog.txt

Hi I have attached the relevant logs from farbar as instructed. I seem to be getting Chrome sending strange requests sometimes to some fairly benign sites which is when my ESET anti-virus pops up telling me whether to allow the request and then some clearly malicious sites that Premium MalwareBytes picks up. Done a scan on both and ESET nor MB has picked anything up. I have ESET, MB Anti-Malware and Anti-Exploit. Addition.txt FRST.txt

Hi, Thanks for the help. I think we're going to wipe the PC as the best course of action. Considering you can't guarantee 100% that the infection will be gone I think a reformat will be appropriate. Once again, thanks for the help

Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.29.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Zoe :: ZOE-PC [administrator] 29/09/2012 18:21:42 mbam-log-2012-09-29 (18-21-42).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 247735 Time elapsed: 11 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 2 HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\n.) Good: (fastprox.dll) -> Quarantined and repaired successfully. HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bad: (C:\$Recycle.Bin\S-1-5-21-3839117344-351227739-3664877078-1000\$ff24043d55f85ce9a20a8337d9b4b888\n.) Good: (shell32.dll) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 6 C:\ProgramData\F2AC76B3CFD122180069F2AC0D2A4430\F2AC76B3CFD122180069F2AC0D2A4430.exe (Trojan.LameShield) -> Quarantined and deleted successfully. C:\Users\Zoe\AppData\Roaming\urfpl.dll (Trojan.Medfos) -> Quarantined and deleted successfully. C:\$RECYCLE.BIN\S-1-5-18\$ff24043d55f85ce9a20a8337d9b4b888\n (Trojan.0Access) -> Delete on reboot. C:\$RECYCLE.BIN\S-1-5-21-3839117344-351227739-3664877078-1000\$ff24043d55f85ce9a20a8337d9b4b888\n (Trojan.0Access) -> Delete on reboot. C:\Users\Zoe\Downloads\installfreefileopener_553.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully. C:\Users\Zoe\AppData\Roaming\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully. (end) aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-29 18:50:13 ----------------------------- 18:50:13.110 OS Version: Windows 6.0.6002 Service Pack 2 18:50:13.110 Number of processors: 2 586 0xF0D 18:50:13.110 ComputerName: ZOE-PC UserName: Zoe 18:50:39.509 Initialize success 18:52:46.763 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1 18:52:46.773 Disk 0 Vendor: ST9250320AS HP07 Size: 238475MB BusType: 3 18:52:46.793 Disk 0 MBR read successfully 18:52:46.793 Disk 0 MBR scan 18:52:46.793 Disk 0 unknown MBR code 18:52:46.803 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 227598 MB offset 63 18:52:46.863 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10873 MB offset 466122752 18:52:46.873 Disk 0 scanning sectors +488390656 18:52:47.213 Disk 0 scanning C:\Windows\system32\drivers 18:53:01.198 Service scanning 18:53:25.675 Modules scanning 18:53:41.270 Disk 0 trace - called modules: 18:53:41.300 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS dxgkrnl.sys igdkmd32.sys 18:53:41.300 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a808e0] 18:53:41.758 3 CLASSPNP.SYS[82a068b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-1[0x862ea390] 18:53:41.758 Scan finished successfully 18:53:49.882 Disk 0 MBR has been saved successfully to "C:\Users\Zoe\Documents\MBR.dat" 18:53:49.882 The log file has been saved successfully to "C:\Users\Zoe\Documents\aswMBR.txt" # AdwCleaner v2.003 - Logfile created 09/29/2012 at 18:55:17 # Updated 23/09/2012 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : Zoe - ZOE-PC # Boot Mode : Normal # Running from : C:\Users\Zoe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UKLNZWQR\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\ProgramData\boost_interprocess Folder Found : C:\Users\Zoe\AppData\Local\bearshare ***** [Registry] ***** Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4DE90BB-150D-4B33-95FE-6BAAC97E1C21} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F2D6C718-7E52-428E-8852-365C4B1A6E36} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4DE90BB-150D-4B33-95FE-6BAAC97E1C21} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2D6C718-7E52-428E-8852-365C4B1A6E36} Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B4DE90BB-150D-4B33-95FE-6BAAC97E1C21} Key Found : HKLM\Software\Freeze.com ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1634 octets] - [29/09/2012 18:55:17] ########## EOF - C:\AdwCleaner[R1].txt - [1694 octets] ########## . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Zoe at 18:57:19 on 2012-09-29 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\20.1.1.2\coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\20.1.1.2\ips\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll" TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\20.1.1.2\coIEPlg.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [EPSON SX130 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatihje.exe /fu "c:\windows\temp\E_S8FE0.tmp" /EF "HKCU" uRun: [spotify] "c:\users\zoe\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5" mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter" mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0" mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0" mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0" mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [sMSTray] c:\program files\samsung\emodio\SMSTray.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-gb\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110926150838 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: DhcpNameServer = 192.168.43.1 TCP: Interfaces\{0F513527-CA7B-4FFA-96CA-D747C1313385} : DhcpNameServer = 192.168.43.1 TCP: Interfaces\{AAF316B0-8195-4BA3-A3D2-0C4355C33C2B} : DhcpNameServer = 10.96.0.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . 2012-09-29 17:10:42 -------- d-----w- c:\users\zoe\appdata\roaming\Malwarebytes 2012-09-29 17:10:09 -------- d-----w- c:\programdata\Malwarebytes 2012-09-29 17:10:08 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-29 17:10:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-09-28 12:51:58 -------- d-----w- c:\users\zoe\appdata\local\{937E0FFA-60B1-46CC-B108-398FD92EC9F3} 2012-09-25 17:42:23 -------- d-----w- c:\users\zoe\appdata\local\{EEC8EE67-14FE-4395-AF8F-CB67D3663745} 2012-09-24 22:58:16 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-09-24 22:55:28 -------- d-----w- c:\program files\NortonInstaller 2012-09-24 14:56:41 -------- d-----w- c:\programdata\boost_interprocess 2012-09-24 14:56:21 -------- d--h--w- c:\programdata\Common Files 2012-09-24 14:56:21 -------- d-----w- c:\users\zoe\appdata\local\MFAData 2012-09-24 14:56:21 -------- d-----w- c:\users\zoe\appdata\local\Avg2013 2012-09-24 14:56:21 -------- d-----w- c:\programdata\MFAData 2012-09-24 14:34:03 -------- d-----w- c:\programdata\F2AC76B3CFD122180069F2AC0D2A4430 2012-09-24 14:33:56 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-24 14:32:46 -------- d-----w- c:\users\zoe\appdata\roaming\Urpyug 2012-09-24 14:32:46 -------- d-----w- c:\users\zoe\appdata\roaming\Umom 2012-09-24 14:32:46 -------- d-----w- c:\users\zoe\appdata\roaming\Enday 2012-09-22 16:32:38 -------- d-----w- c:\users\zoe\appdata\local\{039F0D0C-8125-4686-A617-02D8C8E7D30C} 2012-09-16 22:27:04 -------- d-----w- c:\users\zoe\appdata\local\{D3E86AD5-1C1D-4F5F-B049-BA235766027B} 2012-09-04 21:19:31 -------- d-----w- c:\users\zoe\appdata\local\{EC5AA66B-6120-496E-84F0-04A70F9D1673} 2012-09-02 10:32:19 -------- d-----w- c:\users\zoe\appdata\local\{866C9EA2-F645-4E21-BE42-B1F964040462} 2012-09-01 18:13:42 -------- d-----w- c:\users\zoe\appdata\local\{8A1A3E5F-45D6-462D-9C51-6680656AC306} 2012-08-31 22:03:53 -------- d-----w- c:\users\zoe\appdata\local\{2C259A45-8965-47CC-972F-D2BDD965335A} 2012-08-30 22:10:07 -------- d-----w- c:\users\zoe\appdata\local\{91317E46-3F08-493B-AF98-565CD52E7E55} . ==================== Find3M ==================== . 2012-09-24 14:33:56 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-11 01:26:42 585888 ----a-r- c:\windows\system32\drivers\n360\1401010.002\srtsp.sys 2012-08-08 05:18:19 926880 ----a-r- c:\windows\system32\drivers\n360\1401010.002\SymEFA.sys 2012-08-07 18:42:43 134304 ----a-r- c:\windows\system32\drivers\n360\1401010.002\ccSetx86.sys 2012-07-28 03:25:32 368288 ----a-r- c:\windows\system32\drivers\n360\1401010.002\SymDS.sys 2012-07-28 03:05:21 175264 ----a-r- c:\windows\system32\drivers\n360\1401010.002\Ironx86.sys 2012-07-23 01:34:24 350368 ----a-r- c:\windows\system32\drivers\n360\1401010.002\symtdiv.sys 2012-07-23 01:34:24 338592 ----a-r- c:\windows\system32\drivers\n360\1401010.002\symnets.sys 2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 18:58:31.20 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . . ==== Disk Partitions ========================= . . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) ABBYY FineReader 9.0 Sprint Acrobat.com Activation Assistant for the 2007 Microsoft Office suites ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader 9.5.0 Adobe Shockwave Player AOL Toolbar 5.0 Apple Mobile Device Support Apple Software Update Atheros Driver Installation Program ÁTorrent AVS Video Converter 7 AVS4YOU Software Navigator 1.4 Bing Bar Bonjour Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Click to Call with Skype Compatibility Pack for the 2007 Office system Conexant HD Audio ContentSAFER for Wizmax CyberLink DVD Suite CyberLink YouCam D3DX10 EmoDio Epson Easy Photo Print 2 Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) Epson Event Manager EPSON Scan EPSON SX130 Series Printer Uninstall ESU for Microsoft Vista Free File Opener v2011.7.0.1 FrostWire 4.21.5 Google Chrome Google Earth Google Update Helper Google Updater HDAUDIO Soft Data Fax Modem with SmartCP Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Customer Experience Enhancements HP Doc Viewer HP DVD Play 3.7 HP Help and Support HP Quick Launch Buttons 6.40 H2 HP Total Care Advisor HP Update HP User Guides 0118 HP Wireless Assistant HPAsset component for HP Active Support Library HPNetworkAssistant HPTCSSetup Infineon USB driver 1.0.0.6 Intel® Graphics Media Accelerator Driver iTunes Java Auto Updater Java 6 Update 30 Java 6 Update 7 Junk Mail filter update LabelPrint LG USB Modem Driver LightScribe System Software 1.14.17.1 LiveUpdate (Symantec Corporation) Malwarebytes Anti-Malware version 1.65.0.1400 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee Reveal My HP Games NetWaiting Norton 360 Norton Internet Security OGA Notifier 2.0.0048.0 Power2Go PowerDirector QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek USB 2.0 Card Reader RealUpgrade 1.1 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Segoe UI SkypeÖ 5.10 Spotify Synaptics Pointing Device Driver Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) USB Flash Port Driver User's Guide EPSON SX130 Series Windows Driver Package - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources XviD MPEG-4 Video Codec . ==== End Of File ===========================

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/01/2009 04:16:05 System Uptime: 25/09/2012 09:53:14 (7 hours ago) . Motherboard: Wistron | | 3612 Processor: Genuine Intel® CPU T1600 @ 1.66GHz | CPU | 1662/667mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 222 GiB total, 131.387 GiB free. D: is FIXED (NTFS) - 11 GiB total, 1.802 GiB free. E: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) ABBYY FineReader 9.0 Sprint Acrobat.com Activation Assistant for the 2007 Microsoft Office suites ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Reader 9.5.0 Adobe Shockwave Player AOL Toolbar 5.0 Apple Mobile Device Support Apple Software Update Atheros Driver Installation Program µTorrent AVS Video Converter 7 AVS4YOU Software Navigator 1.4 Bing Bar Bonjour Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Click to Call with Skype Compatibility Pack for the 2007 Office system Conexant HD Audio ContentSAFER for Wizmax CyberLink DVD Suite CyberLink YouCam D3DX10 EmoDio Epson Easy Photo Print 2 Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) Epson Event Manager EPSON Scan EPSON SX130 Series Printer Uninstall ESU for Microsoft Vista FantastiGames Toolbar Free File Opener v2011.7.0.1 FrostWire 4.21.5 Google Chrome Google Earth Google Update Helper Google Updater HDAUDIO Soft Data Fax Modem with SmartCP Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Customer Experience Enhancements HP Doc Viewer HP DVD Play 3.7 HP Help and Support HP Quick Launch Buttons 6.40 H2 HP Total Care Advisor HP Update HP User Guides 0118 HP Wireless Assistant HPAsset component for HP Active Support Library HPNetworkAssistant HPTCSSetup Infineon USB driver 1.0.0.6 Intel® Graphics Media Accelerator Driver iTunes Java Auto Updater Java 6 Update 30 Java 6 Update 7 Junk Mail filter update LabelPrint LG USB Modem Driver LightScribe System Software 1.14.17.1 LimeWire 5.5.14 LiveUpdate (Symantec Corporation) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee Reveal My HP Games NetWaiting Norton 360 Norton Internet Security OGA Notifier 2.0.0048.0 Power2Go PowerDirector QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek USB 2.0 Card Reader RealUpgrade 1.1 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Segoe UI Skype™ 5.10 Spotify Synaptics Pointing Device Driver Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) USB Flash Port Driver User's Guide EPSON SX130 Series Windows Driver Package - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources XviD MPEG-4 Video Codec . ==== Event Viewer Messages From Past Week ======== . 25/09/2012 10:48:41, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{AAF316B0-8195-4BA3-A3D2-0C4355C33C2B} because another computer on the network has the same name. The server could not start. 24/09/2012 23:46:33, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s). 24/09/2012 23:46:33, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 24/09/2012 23:46:33, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 24/09/2012 23:46:33, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 24/09/2012 23:46:33, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 22/09/2012 19:06:27, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.96.252.71 for the Network Card with network address 001F1660FA62 has been denied by the DHCP server 10.96.0.1 (The DHCP Server sent a DHCPNACK message). 22/09/2012 17:40:16, Error: Microsoft Antimalware [2001] - 22/09/2012 17:29:20, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001F1660FA62. The following error occurred: The wait operation timed out.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. 22/09/2012 17:29:08, Error: EventLog [6008] - The previous system shutdown at 03:03:13 on 18/09/2012 was unexpected. . ==== End Of File =========================== . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Zoe at 16:24:21 on 2012-09-25 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3002.1225 [GMT 1:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\WLANExt.exe C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\SMINST\BLService.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Samsung\EmoDio\SMSTray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Epson Software\Event Manager\EEventManager.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\FantastiGames Toolbar\Datamngr\datamngrUI.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHJE.EXE C:\Windows\system32\igfxsrvc.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Norton 360\Engine\20.1.1.2\ccSvcHst.exe C:\Program Files\Norton 360\Engine\20.1.1.2\ccSvcHst.exe C:\Windows\system32\DllHost.exe C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft\BingBar\7.1.391.0\BingApp.exe c:\program files\aol\aol toolbar 5.0\AolTbServer.exe C:\Program Files\Microsoft\BingBar\7.1.391.0\BingBar.exe C:\Program Files\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe C:\Program Files\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe C:\Program Files\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe C:\Program Files\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe C:\Windows\system32\wermgr.exe C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\20.1.1.2\coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\20.1.1.2\ips\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: FantastiGames Toolbar: {b4de90bb-150d-4b33-95fe-6baac97e1c21} - c:\progra~1\fantas~1\datamngr\toolbar\fantastigamesdtx.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: DataMngr: {f2d6c718-7e52-428e-8852-365c4b1a6e36} - c:\progra~1\fantas~1\datamngr\BROWSE~1.DLL TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll" TB: FantastiGames Toolbar: {b4de90bb-150d-4b33-95fe-6baac97e1c21} - c:\progra~1\fantas~1\datamngr\toolbar\fantastigamesdtx.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\20.1.1.2\coIEPlg.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [EPSON SX130 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatihje.exe /fu "c:\windows\temp\E_S8FE0.tmp" /EF "HKCU" uRun: [spotify] "c:\users\zoe\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart uRun: [inycydxy] c:\users\zoe\appdata\roaming\umom\oxme.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5" mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter" mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0" mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0" mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0" mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [sMSTray] c:\program files\samsung\emodio\SMSTray.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [DATAMNGR] c:\progra~1\fantas~1\datamngr\DATAMN~1.EXE mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-gb\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110926150838 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: DhcpNameServer = 192.168.43.1 TCP: Interfaces\{0F513527-CA7B-4FFA-96CA-D747C1313385} : DhcpNameServer = 192.168.43.1 TCP: Interfaces\{AAF316B0-8195-4BA3-A3D2-0C4355C33C2B} : DhcpNameServer = 10.96.0.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\progra~1\fantas~1\datamngr\datamngr.dll c:\progra~1\fantas~1\datamngr\IEBHO.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1401010.002\SymDS.sys [2012-9-24 368288] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1401010.002\SymEFA.sys [2012-9-24 926880] R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\bashdefs\20120919.001\BHDrvx86.sys [2012-9-14 995488] R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1401010.002\ccSetx86.sys [2012-9-24 134304] R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.1.2\definitions\ipsdefs\20120922.001\IDSvix86.sys [2012-9-22 386720] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1401010.002\Ironx86.sys [2012-9-24 175264] R1 SYMTDIV;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1401010.002\symtdiv.sys [2012-9-24 350368] R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 N360;Norton 360;c:\program files\norton 360\engine\20.1.1.2\ccSvcHst.exe [2012-9-24 143928] R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-27 365952] R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208] R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-27 193840] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128] S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate1ca0bd33eaf20b0;Google Update Service (gupdate1ca0bd33eaf20b0);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-9-24 250288] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-09-24 22:58:16 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2012-09-24 22:55:28 -------- d-----w- c:\program files\NortonInstaller 2012-09-24 14:56:41 -------- d-----w- c:\programdata\boost_interprocess 2012-09-24 14:56:41 -------- d-----w- c:\program files\FantastiGames Toolbar 2012-09-24 14:56:38 -------- d-----w- c:\program files\FGIcon 2012-09-24 14:56:21 -------- d--h--w- c:\programdata\Common Files 2012-09-24 14:56:21 -------- d-----w- c:\users\zoe\appdata\local\MFAData 2012-09-24 14:56:21 -------- d-----w- c:\users\zoe\appdata\local\Avg2013 2012-09-24 14:56:21 -------- d-----w- c:\programdata\MFAData 2012-09-24 14:34:03 -------- d-----w- c:\programdata\F2AC76B3CFD122180069F2AC0D2A4430 2012-09-24 14:33:56 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-24 14:32:52 184320 ----a-w- c:\users\zoe\appdata\roaming\urfpl.dll 2012-09-24 14:32:46 -------- d-----w- c:\users\zoe\appdata\roaming\Urpyug 2012-09-24 14:32:46 -------- d-----w- c:\users\zoe\appdata\roaming\Umom 2012-09-24 14:32:46 -------- d-----w- c:\users\zoe\appdata\roaming\Enday 2012-09-22 16:32:38 -------- d-----w- c:\users\zoe\appdata\local\{039F0D0C-8125-4686-A617-02D8C8E7D30C} 2012-09-16 22:27:04 -------- d-----w- c:\users\zoe\appdata\local\{D3E86AD5-1C1D-4F5F-B049-BA235766027B} 2012-09-04 21:19:31 -------- d-----w- c:\users\zoe\appdata\local\{EC5AA66B-6120-496E-84F0-04A70F9D1673} 2012-09-02 10:32:19 -------- d-----w- c:\users\zoe\appdata\local\{866C9EA2-F645-4E21-BE42-B1F964040462} 2012-09-01 18:13:42 -------- d-----w- c:\users\zoe\appdata\local\{8A1A3E5F-45D6-462D-9C51-6680656AC306} 2012-08-31 22:03:53 -------- d-----w- c:\users\zoe\appdata\local\{2C259A45-8965-47CC-972F-D2BDD965335A} 2012-08-30 22:10:07 -------- d-----w- c:\users\zoe\appdata\local\{91317E46-3F08-493B-AF98-565CD52E7E55} 2012-08-30 02:04:31 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-08-27 15:55:24 623616 ----a-w- c:\windows\system32\localspl.dll . ==================== Find3M ==================== . 2012-09-24 14:33:56 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-11 01:26:42 585888 ----a-r- c:\windows\system32\drivers\n360\1401010.002\srtsp.sys 2012-08-08 05:18:19 926880 ----a-r- c:\windows\system32\drivers\n360\1401010.002\SymEFA.sys 2012-08-07 18:42:43 134304 ----a-r- c:\windows\system32\drivers\n360\1401010.002\ccSetx86.sys 2012-07-28 03:25:32 368288 ----a-r- c:\windows\system32\drivers\n360\1401010.002\SymDS.sys 2012-07-28 03:05:21 175264 ----a-r- c:\windows\system32\drivers\n360\1401010.002\Ironx86.sys 2012-07-23 01:34:24 350368 ----a-r- c:\windows\system32\drivers\n360\1401010.002\symtdiv.sys 2012-07-23 01:34:24 338592 ----a-r- c:\windows\system32\drivers\n360\1401010.002\symnets.sys 2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb . ============= FINISH: 16:25:20.02 ===============

ComboFix 12-08-22.03 - User 25/08/2012 1:05.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8044.5495 [GMT 1:00] Running from: c:\users\User\Downloads\ComboFix.exe Command switches used :: c:\users\User\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\synhtijq.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\User\AppData\Local\ksvujiaa c:\users\User\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\synhtijq.exe . . ((((((((((((((((((((((((( Files Created from 2012-07-25 to 2012-08-25 ))))))))))))))))))))))))))))))) . . 2012-08-25 00:14 . 2012-08-25 00:14 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-08-25 00:14 . 2012-08-25 00:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-21 04:13 . 2012-08-21 04:22 -------- d-----w- c:\users\User\.yawcam 2012-08-21 04:12 . 2012-08-21 04:13 -------- d-----w- c:\program files (x86)\Yawcam 2012-08-21 02:24 . 2012-08-21 02:24 -------- d-----w- c:\users\User\temp 2012-08-21 02:24 . 2012-08-21 02:24 -------- d-----w- c:\program files (x86)\TeamViewer 2012-08-18 17:00 . 2012-08-18 17:00 -------- d-----w- c:\program files\iTunes 2012-08-18 17:00 . 2012-08-18 17:00 -------- d-----w- c:\program files (x86)\iTunes 2012-08-18 17:00 . 2012-08-18 17:00 -------- d-----w- c:\program files\iPod 2012-08-18 16:52 . 2012-08-18 16:52 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-08-18 16:52 . 2012-08-18 16:52 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-08-18 16:52 . 2012-08-18 16:52 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-08-18 16:52 . 2012-08-18 16:52 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-08-18 16:52 . 2012-08-18 16:52 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-08-18 16:52 . 2012-08-18 16:52 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-08-18 16:52 . 2012-08-18 16:52 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-08-18 16:51 . 2012-08-18 16:52 -------- d-----w- c:\program files (x86)\QuickTime 2012-08-16 02:02 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys 2012-08-15 22:03 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll 2012-08-15 22:03 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2012-08-15 22:03 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll 2012-08-15 22:03 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe 2012-08-15 22:03 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe 2012-08-15 22:03 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2012-08-15 21:57 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-08-15 21:57 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll 2012-08-15 21:57 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll 2012-08-15 21:57 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2012-08-15 21:57 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-08-15 21:57 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll 2012-08-09 21:17 . 2012-08-09 21:17 -------- d-----w- c:\users\User\AppData\Local\ElevatedDiagnostics 2012-08-08 23:59 . 2012-08-08 23:59 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes 2012-08-08 23:59 . 2012-08-08 23:59 -------- d-----w- c:\programdata\Malwarebytes 2012-08-08 23:59 . 2012-08-09 00:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-08-08 23:59 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-08 23:49 . 2012-08-08 23:49 -------- d-----w- c:\users\User\AppData\Roaming\AVG2012 2012-08-08 23:48 . 2012-08-08 23:48 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-08-08 23:47 . 2012-08-24 16:48 -------- d-----w- c:\windows\system32\drivers\AVG 2012-08-08 23:47 . 2012-08-08 23:47 -------- d-----w- C:\$AVG 2012-08-08 23:47 . 2012-08-09 22:41 -------- d-----w- c:\programdata\AVG2012 2012-08-08 23:46 . 2012-08-08 23:46 -------- d-----w- c:\program files (x86)\AVG 2012-08-08 23:40 . 2012-08-24 16:49 -------- d-----w- c:\programdata\MFAData 2012-08-08 23:40 . 2012-08-08 23:40 -------- d--h--w- c:\programdata\Common Files 2012-08-07 13:04 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AB8A3F99-AFA1-4209-89D8-9921EFFE4EC7}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-15 23:02 . 2012-04-12 18:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-15 23:02 . 2011-11-20 02:36 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-09 05:43 . 2012-07-10 22:34 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 06:06 . 2012-07-10 22:34 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-10 22:34 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-10 22:34 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-10 22:34 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-10 22:34 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-10 22:34 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-06-22 12:09 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-22 12:10 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-22 12:10 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-22 12:10 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-22 12:09 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-22 12:10 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-22 12:09 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 14:19 . 2012-06-22 12:09 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 14:15 . 2012-06-22 12:09 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 05:50 . 2012-07-10 22:34 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-10 22:34 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:48 . 2012-07-10 22:34 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:45 . 2012-07-10 22:34 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-10 22:34 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-10 22:34 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-10 22:34 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-10 22:34 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-10 22:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-05-31 11:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-29 07:38 . 2012-05-23 17:49 330240 ----a-w- c:\windows\MASetupCaller.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-08-24_01.51.03 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2012-08-25 00:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-08-24 01:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-08-24 01:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-08-25 00:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-08-25 00:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-08-24 01:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-11-21 03:09 . 2012-08-24 02:02 63046 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-24 21:55 35332 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-11-16 16:59 . 2012-08-24 21:55 12242 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-203309779-402986841-2798322347-1001_UserData.bin - 2011-11-16 17:12 . 2012-08-16 02:43 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-11-16 17:12 . 2012-08-24 13:16 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-11-16 17:12 . 2012-08-24 13:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-11-16 17:12 . 2012-08-16 02:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-08-16 02:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-08-24 13:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2012-08-24 21:56 93536 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2012-01-03 03:47 . 2012-08-24 21:50 3768 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2012-01-03 03:47 . 2012-08-09 20:42 3768 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2012-08-25 00:15 . 2012-08-25 00:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-24 01:49 . 2012-08-24 01:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-25 00:15 . 2012-08-25 00:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-08-24 01:49 . 2012-08-24 01:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-11-19 23:56 . 2012-08-24 12:19 323402 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36 . 2012-08-18 20:12 730092 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-08-24 21:58 730092 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-08-24 21:58 149886 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-08-18 20:12 149886 c:\windows\system32\perfc009.dat + 2009-07-14 05:01 . 2012-08-25 00:14 401184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-08-24 01:48 401184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-11-16 17:24 . 2012-08-24 01:48 8225304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-203309779-402986841-2798322347-1001-12288.dat + 2011-11-16 17:24 . 2012-08-25 00:14 8225304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-203309779-402986841-2798322347-1001-12288.dat - 2011-11-16 17:24 . 2012-08-24 01:48 60480149 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-203309779-402986841-2798322347-1001-8192.dat + 2011-11-16 17:24 . 2012-08-25 00:14 60480149 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-203309779-402986841-2798322347-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-08 1353080] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "Facebook Update"="c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "Spotify Web Helper"="c:\users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-23 1193176] "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336] "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-11-05 407920] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-11-05 202096] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-02-15 297280] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-02-11 1070160] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "Dolby Home Theater v4"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712] "VitaKeyTSR"="c:\program files (x86)\Acer Bio Protection\EgisTSR.exe" [2011-01-11 189488] "ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-05-09 177448] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "Copperhead"="c:\program files (x86)\Razer\Copperhead\razerhid.exe" [2005-11-25 155648] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216] . c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Facebook Messenger.lnk - c:\users\User\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe [2012-7-26 244656] iSyncr.lnk - c:\users\User\AppData\Roaming\Microsoft\Installer\{D34D816C-9F8F-4CE8-84FD-680137D399BF}\_FBD8D8AEF95612444B84C4.exe [2012-7-11 66339] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2011-5-12 704104] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-12-10 1133856] HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] iSyncr.lnk - c:\windows\Installer\{EC13B388-0DDC-4D23-9DE7-DA9C6F198FA5}\_D12A7F79DE2323FA402F7F.exe [2012-6-2 66339] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560] R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-10 349224] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-10 39464] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-21 99384] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-05-21 203320] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016] R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-20 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-04-22 25960] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-05-12 22912] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-05-12 20328] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-05-12 62584] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-02-11 346704] S2 EgisTec Service;EgisTec Service;c:\program files (x86)\Acer Bio Protection\EgisService.exe [2011-01-11 318000] S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-01-11 258096] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-02-22 873064] S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2011-06-30 35888] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584] S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552] S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336] S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-02-15 257344] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-22 2009704] S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136] S2 SlingAgentService;SlingAgentService;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2010-11-03 94024] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 23:02] . 2012-08-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-203309779-402986841-2798322347-1001Core.job - c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-10 23:17] . 2012-08-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-203309779-402986841-2798322347-1001UA.job - c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-10 23:17] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-31 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-31 392216] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-31 415768] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-18 11855976] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280] "Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-22 1796200] "Media remote"="c:\program files (x86)\Media remote\Media remote.exe" [2011-05-18 1535000] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://acer.msn.com uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://acer.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 192.168.1.254 FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\08gohukq.default\ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe c:\program files (x86)\TeamViewer\Version7\tv_w32.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-08-25 01:21:15 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-25 00:21 ComboFix2.txt 2012-08-24 01:56 . Pre-Run: 313,500,712,960 bytes free Post-Run: 313,184,022,528 bytes free . - - End Of File - - E2B8DC097A569EE6772A4827A4DBE103

Hi, Sorry about the delay in replying. I haven't been able to get to my PC lately. Here is the combofix file: ComboFix 12-08-22.03 - User 24/08/2012 2:38.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8044.4840 [GMT 1:00] Running from: c:\users\User\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe c:\programdata\windows c:\programdata\windows\lmbd.dll c:\programdata\Windows\msxx.dat c:\programdata\Windows\vvve.dat c:\programdata\windows\wjdj.dat c:\users\User\AppData\Local\assembly\tmp c:\users\User\AppData\Local\fifdcdgh.log c:\users\User\AppData\Local\guxegwmx.log c:\users\User\AppData\Local\inrbsvqe.log c:\users\User\AppData\Local\kfilceon.log c:\users\User\AppData\Local\mchmmgps.log c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4B742DE1-3B83-4DF2-94AE-7155DB732029}.xps c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8ABC6DE3-D4CD-43C2-8DD2-46B453E10DE0}.xps c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B9E2DE6D-E49D-49A9-B0C7-24ADE28DE6CD}.xps c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E5DFF8F4-5EB0-44F9-82B0-9900BFA91FB2}.xps c:\users\User\AppData\Local\tfaamhbk.log c:\users\User\AppData\Local\uvenieih.log c:\users\User\AppData\Local\vstggolb.log c:\users\User\AppData\Local\youxoarf.log c:\windows\SysWow64\DEBUG.log c:\windows\SysWow64\muzapp.exe . . ((((((((((((((((((((((((( Files Created from 2012-07-24 to 2012-08-24 ))))))))))))))))))))))))))))))) . . 2012-08-21 04:13 . 2012-08-21 04:22 -------- d-----w- c:\users\User\.yawcam 2012-08-21 04:12 . 2012-08-21 04:13 -------- d-----w- c:\program files (x86)\Yawcam 2012-08-21 02:24 . 2012-08-21 02:24 -------- d-----w- c:\users\User\temp 2012-08-21 02:24 . 2012-08-21 02:24 -------- d-----w- c:\program files (x86)\TeamViewer 2012-08-18 17:00 . 2012-08-18 17:00 -------- d-----w- c:\program files\iTunes 2012-08-18 17:00 . 2012-08-18 17:00 -------- d-----w- c:\program files (x86)\iTunes 2012-08-18 17:00 . 2012-08-18 17:00 -------- d-----w- c:\program files\iPod 2012-08-18 16:52 . 2012-08-18 16:52 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-08-18 16:52 . 2012-08-18 16:52 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-08-18 16:52 . 2012-08-18 16:52 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-08-18 16:52 . 2012-08-18 16:52 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-08-18 16:52 . 2012-08-18 16:52 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-08-18 16:52 . 2012-08-18 16:52 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-08-18 16:52 . 2012-08-18 16:52 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-08-18 16:51 . 2012-08-18 16:52 -------- d-----w- c:\program files (x86)\QuickTime 2012-08-16 02:02 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys 2012-08-15 22:03 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll 2012-08-15 22:03 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2012-08-15 22:03 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll 2012-08-15 22:03 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe 2012-08-15 22:03 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe 2012-08-15 22:03 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2012-08-15 21:57 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-08-15 21:57 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll 2012-08-15 21:57 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll 2012-08-15 21:57 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2012-08-15 21:57 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-08-15 21:57 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll 2012-08-09 21:17 . 2012-08-09 21:17 -------- d-----w- c:\users\User\AppData\Local\ElevatedDiagnostics 2012-08-08 23:59 . 2012-08-08 23:59 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes 2012-08-08 23:59 . 2012-08-08 23:59 -------- d-----w- c:\programdata\Malwarebytes 2012-08-08 23:59 . 2012-08-09 00:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-08-08 23:59 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-08 23:49 . 2012-08-08 23:49 -------- d-----w- c:\users\User\AppData\Roaming\AVG2012 2012-08-08 23:48 . 2012-08-08 23:48 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-08-08 23:47 . 2012-08-23 20:23 -------- d-----w- c:\windows\system32\drivers\AVG 2012-08-08 23:47 . 2012-08-08 23:47 -------- d-----w- C:\$AVG 2012-08-08 23:47 . 2012-08-09 22:41 -------- d-----w- c:\programdata\AVG2012 2012-08-08 23:46 . 2012-08-08 23:46 -------- d-----w- c:\program files (x86)\AVG 2012-08-08 23:40 . 2012-08-23 20:24 -------- d-----w- c:\programdata\MFAData 2012-08-08 23:40 . 2012-08-08 23:40 -------- d--h--w- c:\programdata\Common Files 2012-08-08 23:27 . 2012-08-17 00:54 -------- d-----w- c:\users\User\AppData\Local\ksvujiaa 2012-08-07 13:04 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AB8A3F99-AFA1-4209-89D8-9921EFFE4EC7}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-15 23:02 . 2012-04-12 18:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-15 23:02 . 2011-11-20 02:36 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-09 05:43 . 2012-07-10 22:34 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 06:06 . 2012-07-10 22:34 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-10 22:34 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-10 22:34 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-10 22:34 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-10 22:34 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-10 22:34 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-06-22 12:09 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-22 12:10 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-22 12:10 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-22 12:10 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-22 12:09 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-22 12:10 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-22 12:09 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 14:19 . 2012-06-22 12:09 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 14:15 . 2012-06-22 12:09 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 05:50 . 2012-07-10 22:34 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-10 22:34 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:48 . 2012-07-10 22:34 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:45 . 2012-07-10 22:34 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-10 22:34 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-10 22:34 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-10 22:34 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-10 22:34 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-10 22:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-05-31 11:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-29 07:38 . 2012-05-23 17:49 330240 ----a-w- c:\windows\MASetupCaller.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-08 1353080] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "Facebook Update"="c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "Spotify Web Helper"="c:\users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-23 1193176] "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336] "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-11-05 407920] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-11-05 202096] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-02-15 297280] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-02-11 1070160] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "Dolby Home Theater v4"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712] "VitaKeyTSR"="c:\program files (x86)\Acer Bio Protection\EgisTSR.exe" [2011-01-11 189488] "ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-05-09 177448] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "Copperhead"="c:\program files (x86)\Razer\Copperhead\razerhid.exe" [2005-11-25 155648] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216] . c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Facebook Messenger.lnk - c:\users\User\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe [2012-7-26 244656] iSyncr.lnk - c:\users\User\AppData\Roaming\Microsoft\Installer\{D34D816C-9F8F-4CE8-84FD-680137D399BF}\_FBD8D8AEF95612444B84C4.exe [2012-7-11 66339] synhtijq.exe [2012-8-9 94084] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2011-5-12 704104] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-12-10 1133856] HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] iSyncr.lnk - c:\windows\Installer\{EC13B388-0DDC-4D23-9DE7-DA9C6F198FA5}\_D12A7F79DE2323FA402F7F.exe [2012-6-2 66339] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560] R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-10 349224] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-10 39464] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 51445112] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016] R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-20 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-04-22 25960] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-05-12 22912] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-05-12 20328] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-05-12 62584] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-02-11 346704] S2 EgisTec Service;EgisTec Service;c:\program files (x86)\Acer Bio Protection\EgisService.exe [2011-01-11 318000] S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-01-11 258096] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-02-22 873064] S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2011-06-30 35888] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584] S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552] S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336] S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-02-15 257344] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-22 2009704] S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136] S2 SlingAgentService;SlingAgentService;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2010-11-03 94024] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-21 99384] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-05-21 203320] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 23:02] . 2012-08-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-203309779-402986841-2798322347-1001Core.job - c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-10 23:17] . 2012-08-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-203309779-402986841-2798322347-1001UA.job - c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-10 23:17] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2012-04-02 18:47 287048 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-31 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-31 392216] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-31 415768] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-18 11855976] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280] "Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-22 1796200] "Media remote"="c:\program files (x86)\Media remote\Media remote.exe" [2011-05-18 1535000] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 112512] "combofix"="c:\combofix\CF12438.3XE" [2010-11-21 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://acer.msn.com uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://acer.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 192.168.1.254 FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\08gohukq.default\ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-KiesHelper - c:\program files (x86)\Samsung\Kies\KiesHelper.exe Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe Toolbar-Locked - (no file) AddRemove-2883552764.go.sky.com - c:\program files (x86)\Microsoft Silverlight\4.0.60831.0\Silverlight.Configuration.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe c:\program files (x86)\TeamViewer\Version7\tv_w32.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-08-24 02:56:35 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-24 01:56 . Pre-Run: 313,056,374,784 bytes free Post-Run: 315,729,743,872 bytes free . - - End Of File - - E33CBE2139F53D39BC829B1ECE28FFC9

Hi, thanks for the reply I had to launch my pc in safe mode as malware antibytes wouldn't launch up. I'm assuming it has something to do with the infection I have with windows command processor. Here is the log from malware antibytes: Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.09.11 Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 User :: USER-PC [administrator] Protection: Disabled 09/08/2012 21:46:20 mbam-log-2012-08-09 (21-46-20).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 221430 Time elapsed: 6 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Here is the aswMBR log: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-08-09 22:03:21 ----------------------------- 22:03:21.349 OS Version: Windows x64 6.1.7601 Service Pack 1 22:03:21.349 Number of processors: 4 586 0x2A07 22:03:21.349 ComputerName: USER-PC UserName: User 22:03:23.175 Initialize success 22:07:58.192 AVAST engine defs: 12080900 22:08:57.254 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 22:08:57.254 Disk 0 Vendor: ST975042 0001 Size: 715404MB BusType: 3 22:08:57.285 Disk 0 MBR read successfully 22:08:57.285 Disk 0 MBR scan 22:08:57.300 Disk 0 unknown MBR code 22:08:57.300 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048 22:08:57.316 Disk 0 Partition 2 00 12 Compaq diag NTFS 3584 MB offset 33556480 22:08:57.332 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 40896512 22:08:57.347 Disk 0 Partition - 00 0F Extended LBA 695334 MB offset 41101312 22:08:57.363 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 695333 MB offset 41103360 22:08:57.378 Disk 0 scanning C:\Windows\system32\drivers 22:09:08.189 Service scanning 22:09:38.641 Modules scanning 22:09:38.641 Disk 0 trace - called modules: 22:09:38.641 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 22:09:38.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008c4e060] 22:09:38.656 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007d56050] 22:10:01.681 AVAST engine scan C:\Windows 22:10:05.503 AVAST engine scan C:\Windows\system32 22:15:05.974 AVAST engine scan C:\Windows\system32\drivers 22:15:20.326 AVAST engine scan C:\Users\User 22:43:15.248 AVAST engine scan C:\ProgramData 22:44:51.807 Scan finished successfully 22:47:11.114 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat" 22:47:11.130 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt" And here is the new DDS log: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-08-09 22:03:21 ----------------------------- 22:03:21.349 OS Version: Windows x64 6.1.7601 Service Pack 1 22:03:21.349 Number of processors: 4 586 0x2A07 22:03:21.349 ComputerName: USER-PC UserName: User 22:03:23.175 Initialize success 22:07:58.192 AVAST engine defs: 12080900 22:08:57.254 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 22:08:57.254 Disk 0 Vendor: ST975042 0001 Size: 715404MB BusType: 3 22:08:57.285 Disk 0 MBR read successfully 22:08:57.285 Disk 0 MBR scan 22:08:57.300 Disk 0 unknown MBR code 22:08:57.300 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048 22:08:57.316 Disk 0 Partition 2 00 12 Compaq diag NTFS 3584 MB offset 33556480 22:08:57.332 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 40896512 22:08:57.347 Disk 0 Partition - 00 0F Extended LBA 695334 MB offset 41101312 22:08:57.363 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 695333 MB offset 41103360 22:08:57.378 Disk 0 scanning C:\Windows\system32\drivers 22:09:08.189 Service scanning 22:09:38.641 Modules scanning 22:09:38.641 Disk 0 trace - called modules: 22:09:38.641 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 22:09:38.656 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008c4e060] 22:09:38.656 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007d56050] 22:10:01.681 AVAST engine scan C:\Windows 22:10:05.503 AVAST engine scan C:\Windows\system32 22:15:05.974 AVAST engine scan C:\Windows\system32\drivers 22:15:20.326 AVAST engine scan C:\Users\User 22:43:15.248 AVAST engine scan C:\ProgramData 22:44:51.807 Scan finished successfully 22:47:11.114 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat" 22:47:11.130 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

Hi, I discovered this forum on google after trying to remedy a problem I'm having with windows command processor. I've tried various methods including using malware antibytes but the issue still occurs. Looking at google I must have an infection. Windows command processor keeps requesting control on my system. I'm currently running windows 7 on my system. It's stopping me from running firefox and will not go away from the taskbar no matter how many times I press no. I've pasted my logs from DDS.txt and attatch.txt below. Once again thanks for reading this, I appreciate any help anyone can give me . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by User at 9:27:43 on 2012-08-09 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8044.4650 [GMT 1:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe C:\Program Files (x86)\Acer Bio Protection\EgisService.exe C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe C:\Program Files (x86)\AVG\AVG2012\avgemca.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Acer\Registration\GREGsvc.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe C:\Program Files\Acer\Acer Updater\UpdaterService.exe c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe C:\Program Files (x86)\Media remote\Media remote.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\igfxext.exe C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Dolby PCEE4\pcee4.exe C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe C:\Program Files (x86)\Razer\Copperhead\razerhid.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Windows\system32\svchost.exe C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe C:\Windows\system32\svchost.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\SysWOW64\RunDll32.exe C:\Program Files (x86)\Razer\Copperhead\razerofa.exe C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe C:\Users\User\AppData\Local\Temp\keicvkiw.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\User\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\JRT Studio\iSyncr\iSyncr.exe C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\AVG\AVG2012\avgui.exe C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\iTunes\iTunes.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtITunesPlugIn.exe C:\Windows\system32\conhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_ActiveX.exe C:\Windows\system32\consent.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://acer.msn.com uDefault_Page_URL = hxxp://acer.msn.com mDefault_Page_URL = hxxp://acer.msn.com mStart Page = hxxp://acer.msn.com uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: EgisPBIE Class: {7b51ccbe-4af9-44a6-bdab-d7f7e4c4e6f9} - C:\Program Files (x86)\Acer Bio Protection\EgisPBIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [Facebook Update] "C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [spotify Web Helper] "C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe uRun: [synHtijq] C:\Users\User\AppData\Local\ksvujiaa\synhtijq.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart mRun: [VitaKeyTSR] "C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe" /run mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Copperhead] C:\Program Files (x86)\Razer\Copperhead\razerhid.exe mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\User\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\iSyncr.lnk - C:\Users\User\AppData\Roaming\Microsoft\Installer\{D34D816C-9F8F-4CE8-84FD-680137D399BF}\_FBD8D8AEF95612444B84C4.exe StartupFolder: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\synhtijq.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\iSyncr.lnk - C:\Windows\Installer\{EC13B388-0DDC-4D23-9DE7-DA9C6F198FA5}\_D12A7F79DE2323FA402F7F.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 192.168.1.254 TCP: Interfaces\{71AD616A-A83B-4AEB-9DE1-6ACC987D1E41} : DhcpNameServer = 192.168.1.254 192.168.1.254 TCP: Interfaces\{71AD616A-A83B-4AEB-9DE1-6ACC987D1E41}\244584F6D65684572623D26325A573 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{71AD616A-A83B-4AEB-9DE1-6ACC987D1E41}\358455D2553535 : DhcpNameServer = 10.14.72.10 10.11.73.10 143.52.2.91 TCP: Interfaces\{71AD616A-A83B-4AEB-9DE1-6ACC987D1E41}\35B4953363032313 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{71AD616A-A83B-4AEB-9DE1-6ACC987D1E41}\F616B677F6F646F54637C6 : DhcpNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL LSA: Notification Packages = scecli EgisPwdFilter EgisDSPwdFilter BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll BHO-X64: McAfee Phishing Filter - No File BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO-X64: AVG Do Not Track - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Acer Bio Protection\EgisPBIE.dll BHO-X64: EgisPBIE - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart mRun-x64: [VitaKeyTSR] "C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe" /run mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [Copperhead] C:\Program Files (x86)\Razer\Copperhead\razerhid.exe mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\08gohukq.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\User\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?] R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?] R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-5-12 346704] R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\Acer Bio Protection\EgisService.exe [2011-1-11 318000] R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-1-11 258096] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-6-30 873064] R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\Windows\system32\Drivers\FPSensor.sys --> C:\Windows\system32\Drivers\FPSensor.sys [?] R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584] R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-4-11 542552] R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-12 13336] R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-5-12 244624] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-9 655944] R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-2-15 257344] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-30 2009704] R2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2011-5-12 260640] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136] R2 SlingAgentService;SlingAgentService;C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2010-11-3 94024] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-30 2656280] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250056] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560] S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 51445112] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-6 113120] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016] S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976] S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2012-08-09 00:01:22 711240 ----a-w- C:\Windows\isRS-000.tmp 2012-08-08 23:59:36 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes 2012-08-08 23:59:31 -------- d-----w- C:\ProgramData\Malwarebytes 2012-08-08 23:59:28 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-08 23:59:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-08-08 23:49:48 -------- d-----w- C:\Users\User\AppData\Roaming\AVG2012 2012-08-08 23:48:04 -------- d-----w- C:\Windows\SysWow64\drivers\AVG 2012-08-08 23:47:31 -------- d--h--w- C:\$AVG 2012-08-08 23:47:31 -------- d-----w- C:\Windows\System32\drivers\AVG 2012-08-08 23:47:30 -------- d-----w- C:\ProgramData\AVG2012 2012-08-08 23:46:25 -------- d-----w- C:\Program Files (x86)\AVG 2012-08-08 23:40:53 -------- d--h--w- C:\ProgramData\Common Files 2012-08-08 23:40:53 -------- d-----w- C:\ProgramData\MFAData 2012-08-08 23:29:28 -------- d-----w- C:\ProgramData\Windows 2012-08-08 23:27:24 -------- d-----w- C:\Users\User\AppData\Local\ksvujiaa 2012-08-07 13:04:25 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AB8A3F99-AFA1-4209-89D8-9921EFFE4EC7}\mpengine.dll 2012-07-23 13:31:25 -------- d-----w- C:\Users\User\AppData\Local\{1B0C4371-4317-4B0B-8257-03AC4F39804D} 2012-07-23 13:31:14 -------- d-----w- C:\Users\User\AppData\Local\{0FAC65F3-B250-48F9-8B79-EE86955CFCD0} 2012-07-22 21:46:47 -------- d-----w- C:\Windows\en 2012-07-22 21:44:06 -------- d-----w- C:\Windows\pt-pt 2012-07-22 21:44:02 -------- d-----w- C:\Windows\ar 2012-07-22 21:42:57 -------- d-----w- C:\Windows\pt-br 2012-07-22 21:42:53 -------- d-----w- C:\Windows\ro 2012-07-22 21:42:48 -------- d-----w- C:\Windows\ru 2012-07-22 21:42:44 -------- d-----w- C:\Windows\sk 2012-07-22 21:42:40 -------- d-----w- C:\Windows\sl 2012-07-22 21:42:35 -------- d-----w- C:\Windows\sv 2012-07-22 21:42:31 -------- d-----w- C:\Windows\th 2012-07-22 21:42:28 -------- d-----w- C:\Windows\tr 2012-07-22 21:42:24 -------- d-----w- C:\Windows\zh-tw 2012-07-22 21:42:19 -------- d-----w- C:\Windows\ca 2012-07-22 21:42:14 -------- d-----w- C:\Windows\eu 2012-07-22 21:31:16 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5397a6c91cd685101\DSETUP.dll 2012-07-22 21:31:16 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5397a6c91cd685101\DXSETUP.exe 2012-07-22 21:31:16 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5397a6c91cd685101\dsetup32.dll 2012-07-22 21:31:16 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\53b345811cd685102\MeshBetaRemover.exe 2012-07-22 15:55:29 -------- d-----w- C:\Users\User\AppData\Local\{F77AD2AE-14A0-4B58-9963-59422F6B8FA2} 2012-07-22 15:55:16 -------- d-----w- C:\Users\User\AppData\Local\{847C1E04-D4F0-4ADB-9077-BD91A35BCD27} 2012-07-22 15:26:26 -------- d-----w- C:\Users\User\AppData\Local\{5C279BB3-7E43-4F70-A104-6968CE481A65} 2012-07-22 15:26:15 -------- d-----w- C:\Users\User\AppData\Local\{CE778326-B97C-4F4F-B7F6-6A282087C0F1} 2012-07-22 15:26:04 -------- d-----w- C:\Users\User\AppData\Local\{84038130-F28F-46BC-91FD-95F9558C8576} 2012-07-22 15:25:53 -------- d-----w- C:\Users\User\AppData\Local\{531B9045-EE39-4BDA-95E3-0846C59B1810} 2012-07-22 15:25:42 -------- d-----w- C:\Users\User\AppData\Local\{AA1E92EF-35CA-4F55-BCCB-782F90195420} 2012-07-22 15:25:31 -------- d-----w- C:\Users\User\AppData\Local\{B30DD26B-D986-4A04-94B5-9D2E4B2BB3C2} 2012-07-21 15:42:30 -------- d-----w- C:\Users\User\AppData\Local\{44080F03-32D2-41B4-8078-2C99096B312B} 2012-07-21 15:42:19 -------- d-----w- C:\Users\User\AppData\Local\{50540359-2056-401F-AF8D-2EE78BD105AA} 2012-07-20 16:31:00 -------- d-----w- C:\Users\User\AppData\Local\{9CE88204-151D-42BE-915E-677EFF4E813A} 2012-07-20 16:30:37 -------- d-----w- C:\Users\User\AppData\Local\{E1CAE5E7-2E7D-449C-8ED0-64483BC5978F} 2012-07-11 02:02:23 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-10 22:34:13 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll . ==================== Find3M ==================== . 2012-08-03 22:00:33 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-03 22:00:33 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-31 11:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-05-29 07:38:50 330240 ----a-w- C:\Windows\MASetupCaller.dll 2012-05-23 17:50:06 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll 2012-05-21 02:09:00 99384 ----a-w- C:\Windows\System32\drivers\ssudbus.sys 2012-05-21 02:09:00 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys . ============= FINISH: 9:28:23.27 =============== Here is attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 16/11/2011 16:57:19 System Uptime: 09/08/2012 03:04:05 (6 hours ago) . Motherboard: Acer | | SM51_HR Processor: Intel® Core i5-2410M CPU @ 2.30GHz | CPU1 | 2301/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 679 GiB total, 286.485 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP79: 22/07/2012 22:31:12 - Windows Live Essentials RP80: 22/07/2012 22:32:50 - Installed DirectX RP81: 22/07/2012 22:33:22 - Installed DirectX RP82: 22/07/2012 22:34:01 - WLSetup RP83: 24/07/2012 12:29:44 - Windows Update RP84: 27/07/2012 21:51:44 - Windows Update RP85: 31/07/2012 11:44:46 - Windows Update RP86: 03/08/2012 22:35:44 - Windows Update RP87: 07/08/2012 14:03:58 - Windows Update RP88: 09/08/2012 00:45:27 - Installed AVG 2012 RP89: 09/08/2012 00:46:39 - Installed AVG 2012 . ==== Installed Programs ====================== . . ??? ActiveX ?? Windows Live Mesh ???? ??????? ??????? ???? ??? Windows Live ???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ??????? ???? Windows Live ????? Messenger ????? Windows Live ?????? ??????? ?? Windows Live ??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ??????????? ??????? Windows Live Mesh ActiveX ??? ???????? ?? Messenger ???????? ?????????? Windows Live ????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???) ????????? Messenger ?????????? Windows Live ??????????? ?? Windows Live 1912 Titanic Mystery Acer Arcade Instant On Acer Backup Manager Acer Bio Protection Acer Crystal Eye Webcam Acer ePower Management Acer eRecovery Management Acer GameZone Console Acer Registration Acer ScreenSaver Acer Updater Acer USB Charge Manager Acer VCM Acrobat.com ActiveX-kontroll för fjärranslutningar för Windows Live Mesh ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ?????? Adobe AIR Adobe Digital Editions Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.2 MUI Alan Wake Apple Application Support Apple Software Update µTorrent Audacity 2.0 Audiosurf Backup Manager V3 Bejeweled 2 Deluxe Belles Beauty Boutique Bing Bar Brink BufferChm CamStudio OSS Desktop Recorder Chicken Invaders 3 clear.fi clear.fi Client Complemento Messenger Complément Messenger Contrôle ActiveX Windows Live Mesh pour connexions à distance Control ActiveX de Windows Live Mesh para conexiones remotas Control ActiveX del Windows Live Mesh per a connexions remotes Control ActiveX Windows Live Mesh pentru conexiuni la distan?a Controle ActiveX do Windows Live Mesh para Conexões Remotas Controlo ActiveX do Windows Live Mesh para Ligações Remotas Copy Counter-Strike Counter-Strike: Global Offensive Beta Counter-Strike: Source Crystal Reports for Visual Studio D3DX10 Destinations DeviceDiscovery DJ_AIO_03_F4200_Software_Min Dolby Home Theater v4 Doplnok programu Messenger Dota 2 Dotfuscator Software Services - Community Edition Dream Day First Home eBay Worldwide F4200 Facebook Messenger 2.1.4590.0 Farm Frenzy 3 Ice Age Fingerprint Solution Flip Words Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych Fotogalerija Windows Live Fraps Galapago Galeria de Fotografias do Windows Live Galeria fotografii uslugi Windows Live Galeria fotogràfica del Windows Live Galerie de photos Windows Live Galerie foto Windows Live Galería fotográfica de Windows Live GPBaseService2 Half-Life 2 Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2522890) Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2529927) Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2542054) Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2548139) Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2549864) Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB2635973) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721) Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233) Hotspot Shield 2.53 HP Update HPPhotoGadget HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply Identity Card Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology iSyncr Java Auto Updater Java 6 Update 31 JMicron Flash Media Controller Driver Junk Mail filter update Kontrola Windows Live Mesh ActiveX za daljinske veze Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave LAME v3.99.3 (for Windows) Launch Manager Left 4 Dead 2 Malwarebytes Anti-Malware version 1.62.0.1300 MarketResearch McAfee Security Scan Plus Media remote R01.10 Mesh Runtime Messenger-kumppani Messenger ???? Messenger Assistent Messenger Companion Messenger kíséro Messenger Laguna Messenger Suradnik Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft ASP.NET MVC 2 Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools Microsoft Silverlight 3 SDK Microsoft Silverlight 4 SDK Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 R2 Data-Tier Application Framework Microsoft SQL Server 2008 R2 Data-Tier Application Project Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server 2008 R2 Transact-SQL Language Service Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Database Publishing Wizard 1.4 Microsoft SQL Server System CLR Types Microsoft Sync Framework SDK v1.0 SP1 Microsoft Visual C++ Compilers 2010 Standard - enu - x86 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 Microsoft Visual F# 2.0 Runtime Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio 2010 Service Pack 1 Microsoft Visual Studio 2010 SharePoint Developer Tools Microsoft Visual Studio 2010 Ultimate - ENU Microsoft Visual Studio Macro Tools Mozilla Firefox 14.0.1 (x86 en-GB) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyFreeCodec MyWinLocker 4 MyWinLocker Suite newsXpresso Norton Online Backup NTI Media Maker 9 NVIDIA PhysX Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia Poczta uslugi Windows Live Podstawowe programy Windows Live Pomocnik Messenger Portal 2 Pošta Windows Live QuickTime Raccolta foto di Windows Live Razer Copperhead Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Renesas Electronics USB 3.0 Host Controller Driver S?????? f?t???af??? t?? Windows Live Samsung Kies Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2645410) Security Update for Microsoft Visual Studio Macro Tools (KB2669970) Shredder Sky Go Desktop Skype Click to Call Skype™ 5.10 SlingPlayer SmartWebPrinting SolutionCenter SopCast 3.4.7 Spotify Spremljevalec Messenger Sprill and Ritchie St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se?? Status Steam System Requirements Lab CYRI Team Fortress 2 Toolbox TrayApp UnloadSupport Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Urruneko konexioetarako Windows Live Mesh ActiveX kontrola Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi Veetle TV Visual Studio 2008 x64 Redistributables Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU VLC media player 1.1.11 WCF RIA Services V1.0 SP1 WebReg Welcome Center Windows Live Windows Live ??? Windows Live ???? Windows Live Argazki Galeria Windows Live Communications Platform Windows Live Essentials Windows Live Fotótár Windows Live Fotogalerie Windows Live Fotogalleri Windows Live Fotogaléria Windows Live Fotograf Galerisi Windows Live Galeria de Fotos Windows Live Galerija fotografija Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger Windows Live Mesh ActiveX-objekt til fjernforbindelser Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz Windows Live Mesh ActiveX Control for Remote Connections Windows Live Meshin etäyhteyksien ActiveX-komponentti Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Parçalar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Liven asennustyökalu Windows Liven sähköposti Windows Liven valokuvavalikoima World of Goo XSplit . ==== Event Viewer Messages From Past Week ======== . 09/08/2012 03:12:34, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 09/08/2012 03:09:48, Error: Service Control Manager [7022] - The NVIDIA Update Service Daemon service hung on starting. 09/08/2012 03:00:56, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 09/08/2012 01:05:59, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 09/08/2012 01:04:45, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 09/08/2012 01:04:44, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 09/08/2012 01:04:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 09/08/2012 01:04:39, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21 09/08/2012 01:04:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 09/08/2012 01:04:26, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk spldr Wanarpv6 09/08/2012 01:03:20, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147023781. 09/08/2012 01:03:20, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x8007045B. 08/08/2012 13:10:27, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 08/08/2012 13:10:27, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File ===========================