seisler20148
-
Posts
25 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by seisler20148
-
-
It has gotten to the point where my browser actually shuts down if I try to search anything.
-
------------------------------EXTRAS---------------------------
OTL Extras logfile created on: 1/14/2013 9:01:53 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\computer\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.75 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 69.93% Memory free
5.50 Gb Paging File | 4.33 Gb Available in Paging File | 78.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.01 Gb Total Space | 479.26 Gb Free Space | 82.06% Space Free | Partition Type: NTFS
Drive D: | 12.06 Gb Total Space | 1.44 Gb Free Space | 11.96% Space Free | Partition Type: NTFS
Computer Name: COMPUTER-HP | User Name: computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05640C11-5CFC-49E0-A2E6-6EA7CDE212C5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0A6A6855-C979-4BBD-9FB2-60A7BE8E6C1D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0E3095D4-4500-400C-B9CD-842CF7230489}" = rport=139 | protocol=6 | dir=out | app=system |
"{12EEEC25-FA4A-4885-AE1C-8183DE56836A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1BAF8F1E-6B61-466B-B09F-04A461C17E19}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1BCED6CD-8C08-4BAD-823D-93EC0A81D494}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1EA27A9B-65AC-4719-A13E-AEA97BD13D03}" = rport=10243 | protocol=6 | dir=out | app=system |
"{227186FF-14CD-4E51-AE09-ED794431C05B}" = lport=445 | protocol=6 | dir=in | app=system |
"{22906797-C334-444C-955E-4E1EA2339D16}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{23648FB7-265A-4DD3-9314-0F974EBB92B8}" = lport=138 | protocol=17 | dir=in | app=system |
"{2580387B-35D1-403C-B1C2-E8196C369B27}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3BDF6677-746A-4888-B025-7B51CE587B93}" = lport=139 | protocol=6 | dir=in | app=system |
"{3D581930-E795-4F4B-B986-F64249B04B92}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B4E16BB-8A79-440C-B42C-536C1B1B2351}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{56947310-755D-41A8-92F5-1D14ADA64AAE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8AB04FF9-BFEB-4CA1-BB20-19D992C1BE40}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8F61F727-BAD8-4BDA-B962-0CA5174E7691}" = lport=137 | protocol=17 | dir=in | app=system |
"{9419C468-56F5-4E6B-9BA6-CA2D2CF93010}" = rport=137 | protocol=17 | dir=out | app=system |
"{9BDF7767-91BB-4B4D-B5CE-F78406F3490E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A832BA1E-F864-41EF-AF43-0D481CF082EB}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{A838CFAC-0D6D-451F-844D-9D260FB02304}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{B22527D8-AF88-4ED4-93B3-5EF4341F2A41}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B22C822F-D8EF-4614-91E0-2282244CBB9D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B6E8320F-2A5F-4DAA-978B-74AA3B935EE0}" = rport=445 | protocol=6 | dir=out | app=system |
"{BF9F501B-FFA1-49E5-A44C-BBE88763115B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CB8974CD-BA4B-4C1F-ACEF-F4F68637BD88}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CBC8F6C2-000B-433C-8CF7-9EBF0B872961}" = rport=138 | protocol=17 | dir=out | app=system |
"{D26C7B00-AD4E-4F39-A053-1237E0C36E05}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D7BDBA67-5E41-4B64-9DB5-E3E4AFF9A168}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E17C61E9-1CA5-4965-B093-6EAE1A872308}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA1E386A-07E4-46EA-8DD4-BAE4CA975A5F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EBB02CCB-E332-43FA-8B49-DE69206E5D6F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EDC8FAAD-F4D7-49FB-8C48-D46A978B76A2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F3DA5D5C-B3AD-4633-BF04-CFE17667E700}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006B27A4-BFB3-4BED-B19A-0C64FF950CCC}" = protocol=6 | dir=out | app=system |
"{228B1244-139B-46B6-ACC4-2E026D73562E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2796B7FD-CA3F-41C6-82B8-DA987B11AB51}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{34C72D56-5BF1-40ED-A67F-A20BE5A0E67C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{43C9E9F1-A65D-4FD6-AA7C-BD0E4EF661C2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{45385DD1-E049-4C78-9A44-ED3C433A1F35}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5430E487-0BEE-4188-8502-C2A9951CC2D6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5725EA94-713B-4939-928D-E82CBF83EFC1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5E590828-B994-40F2-B818-F2701C137450}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5F937F30-0024-4C00-994B-D94722E6B9CA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5FD7CA65-A114-413C-89E4-F20D0C225CBE}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{6BD4C9F0-0D02-4979-9616-0F03580D78B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6DC3DCED-572A-4FE7-A56A-0F6014DB5657}" = dir=in | app=c:\users\computer\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{71AD1EFA-B9C9-46BB-992D-DFC722539DDC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{72341DE6-474B-49BA-B583-3DF2185EB3D5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7D1B9F8B-DD22-4948-9F9C-B762C52FC2A5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{80F5597B-E38D-4094-9CD1-CF305146BA48}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8A7CF287-D5A1-479F-8687-11969896CDF3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{982F51BA-35BC-4CD9-B6A4-7501C4B213D0}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{9F682A92-92B5-421D-85DA-06E5588C3C0F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A45362F0-8523-4BEE-9EA7-66ACE51DFA66}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A5F8E3FE-A059-4B82-94A4-D6138B2B5E74}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A8AC567C-D58E-4311-A958-F131224A532F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A95F4AAF-2A63-43B2-9694-B9B2086BE765}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B0E79CFD-78FB-4BB7-9145-793D1A866163}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{B505D93E-479B-4FB5-9F2D-B49F1BB3E4C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B9F3F73E-47EF-4C16-BD37-4C195BBF2A2F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C46B865E-4524-482B-A93B-9E357D9229FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA866DF7-7973-4533-834D-C6B2C7ECE2E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DADFBE9D-0D73-4672-9852-BD22C32BB82D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5EA4CA1-47B8-4924-9AC5-DF3AF1FBDF7D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F4CA2A53-97E2-460A-A975-A293AF777C6F}" = protocol=58 | dir=in | app=system |
"TCP Query User{1D2FD50D-8219-4675-9691-6D812EA4C96A}C:\users\computer\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\computer\appdata\local\akamai\netsession_win.exe |
"TCP Query User{2D7CCF88-ABCB-45B9-AF1F-A6E370A535C1}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{49116AF1-EEFE-417C-BFEC-F510EE6D81BE}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{4E67B4E3-3F1C-4B0B-987A-FCE075C1F61E}C:\program files (x86)\stepmania 5\program\stepmania.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stepmania 5\program\stepmania.exe |
"TCP Query User{5B29C78B-109D-4172-A01B-7D62C10B4131}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{8416C8C9-A515-4851-AA6D-C84E3DD09106}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{8E8A2B48-B9FC-477A-BC50-250471EE40E2}C:\program files (x86)\stepmania 5\program\stepmania-sse2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\stepmania 5\program\stepmania-sse2.exe |
"TCP Query User{C1623535-73BC-4BF8-8240-A5575FEFEB9B}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{FA1C9FDB-EB15-451F-AB32-7D0514FF9C93}C:\users\computer\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\computer\appdata\local\akamai\netsession_win.exe |
"UDP Query User{0BD766D7-C1F8-4FDF-81F4-CE95C41E0034}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{1051C14E-92CA-49A4-941D-4756C16C78D4}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{492E0023-12C0-49D9-97F5-6547AC4E434B}C:\program files (x86)\stepmania 5\program\stepmania.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stepmania 5\program\stepmania.exe |
"UDP Query User{7DFEF774-22AB-4A7E-A0A4-1C600DA13DE9}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{85F84918-4A8B-42F6-B297-215D1AF30021}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{979D3308-9DD9-408D-8992-8600550B9B28}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{D24120D9-4EF4-45B1-A399-89E36E5E3E06}C:\users\computer\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\computer\appdata\local\akamai\netsession_win.exe |
"UDP Query User{E8E606FD-7F8A-4F17-9DD8-AAFE0A5D633B}C:\users\computer\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\computer\appdata\local\akamai\netsession_win.exe |
"UDP Query User{EA704631-EF94-4EBC-AB20-0DE7D11F4C44}C:\program files (x86)\stepmania 5\program\stepmania-sse2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\stepmania 5\program\stepmania-sse2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1AB4DB8C-4123-45DC-B896-C67990F76DA4}" = HP Deskjet 1050 J410 series Product Improvement Study
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}" = SmartSound Premiere Elements 10 x64 Plugin
"{4268BF51-DFDF-4178-8B8D-5D5752FCAA58}" = HP Deskjet 1050 J410 series Basic Device Software
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}" = GEAR driver installer for AMD64 and Intel EM64T
"{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{EB773820-0871-46A8-9B96-F2B04F8B34F0}" = HP Deskjet All-In-One Driver Software 13.0 Rel. 1
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Zune" = Zune
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing
"{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.4
"{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
"{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish
"{2640314A-2D9A-4F58-B501-DB109CD9DBA2}" = DJ_AIO_ProductContext
"{26A24AE4-039D-4CA4-87B4-2F83216024F0}" = Java 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian
"{32DACAC3-6538-405D-915E-8F2D026F199C}" = DJ_AIO_Software_min
"{334713BA-B8E7-4A60-988C-4110753A191E}" = ArcSoft Magic-i Visual Effects 2
"{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D8EACA3-664E-4F83-8A84-BE3AE952DAB6}" = ArcSoft WebCam Companion 3
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian
"{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German
"{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{912CED74-88D3-4C5B-ACB0-13231864975D}" = PressReader
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese
"{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New
"{AD99B476-6FB7-4985-A3C3-E40595A7E6DE}" = DJ_AIO_Software
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BDDA1E1E-204E-4368-B0C2-737F16B76307}" = HP MediaSmart/TouchSmart Netflix
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3F0CF4C-0A8C-42F1-A585-2EF7886D6039}" = KODAK Share Button App
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{d05a1414-a955-4c5c-9716-b7777ef86e85}" = F4100
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D31612BB-C6D7-4142-96AE-16DB062354CF}" = HP Webcam User's Guide
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese
"{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish
"{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian
"{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Akamai" = Akamai NetSession Interface Service
"Axife Mouse Recorder DEMO_is1" = Axife Mouse Recorder DEMO 5.01
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"Defraggler" = Defraggler (remove only)
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"mmssetup_is1" = MixMeister Studio Demo 7.4.4
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PDF Complete" = PDF Complete Special Edition
"RealPlayer 15.0" = RealPlayer
"Speakonia_is1" = Speakonia
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.3.7
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1140067203-3630092783-3749488201-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 9/12/2012 4:20:16 AM | Computer Name = computer-HP | Source = Windows Search Service | ID = 3029
Description =
Error - 9/12/2012 4:20:16 AM | Computer Name = computer-HP | Source = Windows Search Service | ID = 3029
Description =
Error - 9/12/2012 4:20:16 AM | Computer Name = computer-HP | Source = Windows Search Service | ID = 3028
Description =
Error - 9/12/2012 4:20:16 AM | Computer Name = computer-HP | Source = Windows Search Service | ID = 3058
Description =
Error - 9/12/2012 4:20:16 AM | Computer Name = computer-HP | Source = Windows Search Service | ID = 7010
Description =
Error - 9/13/2012 1:33:33 AM | Computer Name = computer-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 9/14/2012 1:33:17 AM | Computer Name = computer-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 9/15/2012 1:33:36 AM | Computer Name = computer-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 9/18/2012 1:33:23 AM | Computer Name = computer-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 9/18/2012 7:16:58 PM | Computer Name = computer-HP | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 910 Start
Time: 01cd9593966e18e6 Termination Time: 47 Application Path: C:\Windows\Explorer.EXE
Report
Id: eed02510-01e6-11e2-94fa-d4856417550f
Error - 9/19/2012 1:33:11 AM | Computer Name = computer-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 9/20/2012 1:33:11 AM | Computer Name = computer-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
[ Hewlett-Packard Events ]
Error - 12/24/2011 9:24:12 AM | Computer Name = computer-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)
at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 2815 Ram
Utilization: TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
Error - 1/12/2012 9:30:18 AM | Computer Name = computer-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 1/12/2012 9:30:37 AM | Computer Name = computer-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 2/2/2012 12:43:26 PM | Computer Name = computer-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2815 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()
Error - 4/5/2012 6:31:58 PM | Computer Name = computer-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()
at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib
Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 2815 Ram Utilization: 40 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)
Error - 4/10/2012 4:14:36 AM | Computer Name = computer-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 4/10/2012 4:15:49 AM | Computer Name = computer-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 4/10/2012 5:09:24 AM | Computer Name = computer-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 8/23/2012 6:09:33 PM | Computer Name = computer-HP | Source = HPSF.exe | ID = 4000
Description =
Error - 8/23/2012 6:09:33 PM | Computer Name = computer-HP | Source = HPSF.exe | ID = 4000
Description =
[ System Events ]
Error - 1/13/2013 10:55:45 PM | Computer Name = computer-HP | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 1/13/2013 10:55:55 PM | Computer Name = computer-HP | Source = Service Control Manager | ID = 7000
Description = The LibUsb-Win32 - Daemon, Version 0.1.10.1 service failed to start
due to the following error: %%2
Error - 1/13/2013 10:56:00 PM | Computer Name = computer-HP | Source = Service Control Manager | ID = 7001
Description = The AVG E-mail Scanner service depends on the AVG WatchDog service
which failed to start because of the following error: %%1066
Error - 1/13/2013 10:56:00 PM | Computer Name = computer-HP | Source = Service Control Manager | ID = 7024
Description = The AVG WatchDog service terminated with service-specific error %%-536805315.
Error - 1/14/2013 9:22:01 AM | Computer Name = computer-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:21:02 AM on ?1/?14/?2013 was unexpected.
Error - 1/14/2013 9:21:57 AM | Computer Name = computer-HP | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 1/14/2013 9:21:57 AM | Computer Name = computer-HP | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 1/14/2013 9:22:04 AM | Computer Name = computer-HP | Source = Service Control Manager | ID = 7000
Description = The LibUsb-Win32 - Daemon, Version 0.1.10.1 service failed to start
due to the following error: %%2
Error - 1/14/2013 9:22:08 AM | Computer Name = computer-HP | Source = Service Control Manager | ID = 7024
Description = The AVG WatchDog service terminated with service-specific error %%-536805315.
Error - 1/14/2013 9:22:09 AM | Computer Name = computer-HP | Source = Service Control Manager | ID = 7001
Description = The AVG E-mail Scanner service depends on the AVG WatchDog service
which failed to start because of the following error: %%1066
< End of report >
-
------------------------------OTL------------------------------
OTL logfile created on: 1/14/2013 9:01:53 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\computer\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.75 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 69.93% Memory free
5.50 Gb Paging File | 4.33 Gb Available in Paging File | 78.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.01 Gb Total Space | 479.26 Gb Free Space | 82.06% Space Free | Partition Type: NTFS
Drive D: | 12.06 Gb Total Space | 1.44 Gb Free Space | 11.96% Space Free | Partition Type: NTFS
Computer Name: COMPUTER-HP | User Name: computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/01/14 09:01:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\computer\Downloads\OTL.exe
PRC - [2012/10/09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\computer\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/26 11:17:26 | 000,108,032 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/18 14:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/10/14 18:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2010/11/11 16:00:32 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/11/11 16:00:32 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/11/11 15:59:36 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/05/11 10:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/09 15:17:11 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/21 08:26:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/02/04 05:04:31 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2011/02/04 05:04:28 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/08/15 11:19:00 | 003,700,176 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 14:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/14 18:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/18 10:18:39 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/11/10 18:32:02 | 000,115,272 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/05/11 10:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 09:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 10:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/03/04 09:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/05 23:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 23:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 17:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2005/01/01 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5337E755-6784-4365-B036-FA01C6B1CE87}
IE:64bit: - HKLM\..\SearchScopes\{04109324-9744-4415-92B7-0A1C4B0AC77C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{5337E755-6784-4365-B036-FA01C6B1CE87}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{7F5D595D-A7C1-419F-B547-D5F577110BDE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{A95D0554-FDB3-4542-9D38-62CBA1B5D5B0}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {5337E755-6784-4365-B036-FA01C6B1CE87}
IE - HKLM\..\SearchScopes\{04109324-9744-4415-92B7-0A1C4B0AC77C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{5337E755-6784-4365-B036-FA01C6B1CE87}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{7F5D595D-A7C1-419F-B547-D5F577110BDE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{A95D0554-FDB3-4542-9D38-62CBA1B5D5B0}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1140067203-3630092783-3749488201-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-1140067203-3630092783-3749488201-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-1140067203-3630092783-3749488201-1000\..\SearchScopes,DefaultScope = {01C4661F-FDBE-4851-A222-428472FFF721}
IE - HKU\S-1-5-21-1140067203-3630092783-3749488201-1000\..\SearchScopes\{01C4661F-FDBE-4851-A222-428472FFF721}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-1140067203-3630092783-3749488201-1000\..\SearchScopes\{04109324-9744-4415-92B7-0A1C4B0AC77C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-1140067203-3630092783-3749488201-1000\..\SearchScopes\{5337E755-6784-4365-B036-FA01C6B1CE87}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1140067203-3630092783-3749488201-1000\..\SearchScopes\{7F5D595D-A7C1-419F-B547-D5F577110BDE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\S-1-5-21-1140067203-3630092783-3749488201-1000\..\SearchScopes\{A95D0554-FDB3-4542-9D38-62CBA1B5D5B0}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-1140067203-3630092783-3749488201-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1140067203-3630092783-3749488201-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local;<local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com?type=937811&fr=spigot-yhp-ff"
FF - prefs.js..extensions.enabledAddons: restart@restart.org:0.5
FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.3
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.18
FF - prefs.js..extensions.enabledAddons: abb@amazon.com:3.0.20120130
FF - prefs.js..extensions.enabledAddons: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:15.0.4
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\computer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\computer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\computer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/05 11:57:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/01/12 21:55:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/25 08:20:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/05 11:57:25 | 000,000,000 | ---D | M]
[2011/10/25 08:04:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\computer\AppData\Roaming\Mozilla\Extensions
[2012/11/15 18:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\computer\AppData\Roaming\Mozilla\Firefox\Profiles\fy6h84lk.default\extensions
[2012/04/10 20:30:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\computer\AppData\Roaming\Mozilla\Firefox\Profiles\fy6h84lk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/06/13 09:39:55 | 000,000,000 | ---D | M] ("Amazon Browser Bar") -- C:\Users\computer\AppData\Roaming\Mozilla\Firefox\Profiles\fy6h84lk.default\extensions\abb@amazon.com
[2012/04/10 20:30:52 | 000,118,971 | ---- | M] () (No name found) -- C:\Users\computer\AppData\Roaming\Mozilla\Firefox\Profiles\fy6h84lk.default\extensions\adblockpopups@jessehakanen.net.xpi
[2011/10/25 08:27:07 | 000,032,637 | ---- | M] () (No name found) -- C:\Users\computer\AppData\Roaming\Mozilla\Firefox\Profiles\fy6h84lk.default\extensions\restart@restart.org.xpi
[2012/04/10 20:30:52 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\computer\AppData\Roaming\Mozilla\Firefox\Profiles\fy6h84lk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/09/18 18:10:29 | 000,002,203 | ---- | M] () -- C:\Users\computer\AppData\Roaming\Mozilla\Firefox\Profiles\fy6h84lk.default\searchplugins\MyStart Search.xml
[2012/03/14 20:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/14 20:41:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2013/01/12 21:55:08 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/09/29 01:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
========== Chrome ==========
CHR - homepage: http://google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\computer\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\computer\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\computer\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\computer\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\computer\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\computer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\computer\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\computer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: FlashBlock = C:\Users\computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdngiadmnkhgemkimkhiilgffbjijcie\1.2.11.10_0\
CHR - Extension: AdBlock = C:\Users\computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0\
CHR - Extension: Tab Saver = C:\Users\computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmabnicpoccpllcbcioincnllkilhiah\0.8.2_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\
O1 HOSTS File: ([2013/01/13 15:01:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume File not found
O4 - HKLM..\Run: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" File not found
O4 - HKU\S-1-5-21-1140067203-3630092783-3749488201-1000..\Run: [Akamai NetSession Interface] C:\Users\computer\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1140067203-3630092783-3749488201-1000..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1140067203-3630092783-3749488201-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1140067203-3630092783-3749488201-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A0237BB-C646-40F1-BE80-BF7770A283DE}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/01/13 21:59:45 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\ElevatedDiagnostics
[2013/01/13 21:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/13 21:57:03 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/13 21:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/13 19:08:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\mine
[2013/01/13 18:57:11 | 000,000,000 | ---D | C] -- C:\Users\computer\Desktop\JavaRa
[2013/01/13 15:15:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/13 15:12:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/01/13 15:03:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/12 18:58:58 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Roaming\BitTorrent
[2013/01/12 18:18:54 | 000,000,000 | ---D | C] -- C:\Users\computer\Desktop\mbar
[2013/01/12 17:57:11 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\NPE
[2013/01/12 17:21:27 | 000,000,000 | ---D | C] -- C:\Users\computer\Desktop\logs
[2013/01/10 11:10:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/10 11:10:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/10 11:10:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/10 11:10:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/10 11:10:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/09 17:24:19 | 000,000,000 | ---D | C] -- C:\Users\computer\Desktop\mixmeister
[2013/01/05 10:56:28 | 000,000,000 | ---D | C] -- C:\Users\computer\Desktop\pictures
[2012/12/31 13:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Arcade Lab
[2012/12/31 13:24:34 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Roaming\Zylom
[2012/12/31 13:24:18 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\Zylom Games
[2012/12/27 12:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/27 12:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/27 12:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/12/27 12:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/27 12:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/12/18 12:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/12/18 11:58:48 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Roaming\Hoyle FaceCreator
[2012/12/18 11:58:36 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Roaming\Hoyle
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/14 08:29:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/14 08:29:22 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/14 08:29:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1140067203-3630092783-3749488201-1000UA.job
[2013/01/14 08:26:42 | 000,727,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/14 08:26:42 | 000,624,606 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/14 08:26:42 | 000,106,724 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/14 08:22:17 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_computer.job
[2013/01/14 08:22:15 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/14 08:22:04 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\vymosa.job
[2013/01/14 08:22:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/14 08:21:55 | 2214,027,264 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/14 08:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/14 08:09:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/14 06:52:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1140067203-3630092783-3749488201-1000UA.job
[2013/01/13 23:29:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1140067203-3630092783-3749488201-1000Core.job
[2013/01/13 21:57:04 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/13 21:55:55 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_computer.job
[2013/01/13 21:55:55 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_computer.job
[2013/01/13 15:52:22 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1140067203-3630092783-3749488201-1000Core.job
[2013/01/13 15:01:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/09 19:13:48 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForcomputer.job
[2013/01/09 13:40:35 | 000,118,784 | RHS- | M] () -- C:\Windows\SysWow64\atimpc32C.dll
[2013/01/09 05:27:41 | 005,110,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/04 11:13:01 | 000,065,718 | ---- | M] () -- C:\Users\computer\Documents\Scan.jpg
[2012/12/27 12:43:58 | 000,001,782 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/13 21:57:04 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/13 17:47:24 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_computer.job
[2013/01/13 17:47:19 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_computer.job
[2013/01/13 17:47:08 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_computer.job
[2013/01/10 11:10:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/10 11:10:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/10 11:10:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/10 11:10:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/10 11:10:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/09 13:40:35 | 000,118,784 | RHS- | C] () -- C:\Windows\SysWow64\atimpc32C.dll
[2013/01/09 13:40:35 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\vymosa.job
[2013/01/04 11:13:01 | 000,065,718 | ---- | C] () -- C:\Users\computer\Documents\Scan.jpg
[2012/12/27 12:43:58 | 000,001,782 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/08/21 17:28:35 | 000,000,023 | ---- | C] () -- C:\Users\computer\jagexappletviewer.preferences
[2012/04/21 18:52:41 | 000,000,047 | ---- | C] () -- C:\Users\computer\jagex_cl_runescape_LIVE.dat
[2012/04/21 18:52:41 | 000,000,024 | ---- | C] () -- C:\Users\computer\random.dat
[2012/04/09 08:23:44 | 000,007,597 | ---- | C] () -- C:\Users\computer\AppData\Local\Resmon.ResmonCfg
[2012/04/08 10:29:16 | 000,000,600 | ---- | C] () -- C:\Users\computer\AppData\Roaming\winscp.rnd
[2011/12/24 07:37:34 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/12/20 13:20:58 | 000,000,174 | ---- | C] () -- C:\Windows\game.ini
[2011/12/18 11:17:59 | 000,000,000 | -HS- | C] () -- C:\Users\computer\.pr_stat_data
[2011/11/12 15:11:17 | 000,000,132 | ---- | C] () -- C:\Users\computer\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/30 12:15:46 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2011/07/05 11:52:38 | 000,170,081 | ---- | C] () -- C:\Windows\hpoins14.dat
[2011/07/05 11:52:38 | 000,001,498 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2011/04/15 16:19:34 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/11 20:51:06 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/03/11 20:51:06 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2011/02/10 10:41:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/04 04:29:32 | 000,001,280 | ---- | C] () -- C:\Users\computer\Command Prompt.lnk
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/12/21 10:02:13 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\.minecraft
[2011/10/09 00:17:07 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Ableton
[2011/12/12 15:13:02 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Atari
[2012/09/11 07:59:14 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Audacity
[2013/01/12 18:59:04 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\BitTorrent
[2011/09/17 12:33:19 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\CheckPoint
[2012/12/18 15:56:20 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\DAEMON Tools Lite
[2011/12/18 10:53:29 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Dev-Cpp
[2012/10/30 22:58:18 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\fltk.org
[2011/07/28 13:56:14 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\GetRightToGo
[2012/12/18 12:24:26 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Hoyle
[2012/12/18 12:03:02 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Hoyle FaceCreator
[2012/10/18 09:38:00 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\LockHunter
[2011/06/12 16:32:11 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\LolClient
[2011/09/17 12:33:22 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\MailFrontier
[2011/12/18 11:17:08 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\NewspaperDirect
[2011/12/18 11:42:41 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\No Company Name
[2013/01/12 17:39:52 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\QuickScan
[2011/12/31 17:24:13 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\redsn0w
[2011/10/24 14:33:02 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\SharePod
[2013/01/08 05:04:24 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\SoftGrid Client
[2012/10/06 15:49:55 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\StepMania 5
[2012/06/06 13:02:27 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\SystemRequirementsLab
[2011/04/15 16:20:39 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\TP
[2012/05/09 22:07:21 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\TypingMaster7
[2011/02/05 05:44:19 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\WinBatch
[2012/05/13 21:01:28 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\WindSolutions
[2012/12/31 13:24:36 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Zylom
========== Purity Check ==========
< End of report >
-
-
I did reset it. And restarted the computer.
-
pages load if I go directly to the address. But most search terms fail to load when I click a link.
-
pages haven't even loaded this morning. The only reason I made it to this blog is because it is bookmarked.
-
-
-
-
-------------------------------Rkill----------------------------------
Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 01/13/2013 06:40:58 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* Windows Defender (WinDefend) is not Running.
Startup Type set to: Disabled
* Security Center (wscsvc) is not Running.
Startup Type set to: Disabled
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 01/13/2013 06:41:06 PM
Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)
---------------------------------Minitoolbox---------------------------
MiniToolBox by Farbar Version:10-01-2013
Ran by computer (administrator) on 13-01-2013 at 18:42:44
Running from "C:\Users\computer\Downloads\steps 3"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Realtek PCIe FE Family Controller = Local Area Connection (Connected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : computer-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.vt.comcast.net.
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : hsd1.vt.comcast.net.
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : D4-85-64-17-55-0F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::504:a156:b13:442a%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, January 13, 2013 5:46:05 PM
Lease Expires . . . . . . . . . . : Monday, January 14, 2013 5:46:05 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 265586020
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-99-41-AC-D4-85-64-17-55-0F
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.hsd1.vt.comcast.net.:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.vt.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1067:14ce:3f57:fe9a(Preferred)
Link-local IPv6 Address . . . . . : fe80::1067:14ce:3f57:fe9a%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter 6TO4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cdns01.comcast.net
Address: 75.75.75.75
Name: google.com
Addresses: 2607:f8b0:4006:800::1003
173.194.43.3
173.194.43.4
173.194.43.0
173.194.43.2
173.194.43.14
173.194.43.7
173.194.43.5
173.194.43.9
173.194.43.8
173.194.43.6
173.194.43.1
Pinging google.com [173.194.43.6] with 32 bytes of data:
Reply from 173.194.43.6: bytes=32 time=28ms TTL=55
Reply from 173.194.43.6: bytes=32 time=26ms TTL=55
Ping statistics for 173.194.43.6:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 26ms, Maximum = 28ms, Average = 27ms
Server: cdns01.comcast.net
Address: 75.75.75.75
Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
98.138.253.109
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=147ms TTL=51
Reply from 98.138.253.109: bytes=32 time=60ms TTL=51
Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 60ms, Maximum = 147ms, Average = 103ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...d4 85 64 17 55 0f ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
10...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.101 276
192.168.1.101 255.255.255.255 On-link 192.168.1.101 276
192.168.1.255 255.255.255.255 On-link 192.168.1.101 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.101 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.101 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 58 ::/0 On-link
1 306 ::1/128 On-link
10 58 2001::/32 On-link
10 306 2001:0:4137:9e76:1067:14ce:3f57:fe9a/128
On-link
11 276 fe80::/64 On-link
10 306 fe80::/64 On-link
11 276 fe80::504:a156:b13:442a/128
On-link
10 306 fe80::1067:14ce:3f57:fe9a/128
On-link
1 306 ff00::/8 On-link
10 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (01/13/2013 04:33:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (01/13/2013 00:32:17 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
Error: (01/12/2013 06:34:29 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/12/2013 11:03:53 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).
Error: (01/12/2013 11:03:53 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.
Operation:
Instantiating VSS server
Error: (01/12/2013 11:03:53 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]
Operation:
Instantiating VSS server
Error: (01/12/2013 11:02:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/12/2013 09:48:35 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
Error: (01/11/2013 01:29:08 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
Error: (01/11/2013 00:02:21 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved
System errors:
=============
Error: (01/13/2013 06:06:44 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR4.
Error: (01/13/2013 05:46:13 PM) (Source: Service Control Manager) (User: )
Description: The AVG WatchDog service terminated with service-specific error %%-536805315.
Error: (01/13/2013 05:46:13 PM) (Source: Service Control Manager) (User: )
Description: The AVG E-mail Scanner service depends on the AVG WatchDog service which failed to start because of the following error:
%%1066
Error: (01/13/2013 05:46:08 PM) (Source: Service Control Manager) (User: )
Description: The LibUsb-Win32 - Daemon, Version 0.1.10.1 service failed to start due to the following error:
%%2
Error: (01/13/2013 05:46:00 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (01/13/2013 05:46:00 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (01/13/2013 05:40:47 PM) (Source: Service Control Manager) (User: )
Description: The AVG E-mail Scanner service depends on the AVG WatchDog service which failed to start because of the following error:
%%1066
Error: (01/13/2013 05:40:45 PM) (Source: Service Control Manager) (User: )
Description: The AVG WatchDog service terminated with service-specific error %%-536805315.
Error: (01/13/2013 05:40:38 PM) (Source: Service Control Manager) (User: )
Description: The LibUsb-Win32 - Daemon, Version 0.1.10.1 service failed to start due to the following error:
%%2
Error: (01/13/2013 05:40:30 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Microsoft Office Sessions:
=========================
Error: (01/13/2013 04:33:28 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (01/13/2013 00:32:17 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
Error: (01/12/2013 06:34:29 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\computer\Downloads\esetsmartinstaller_enu.exe
Error: (01/12/2013 11:03:53 AM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c
Error: (01/12/2013 11:03:53 AM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode
Operation:
Instantiating VSS server
Error: (01/12/2013 11:03:53 AM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode
Operation:
Instantiating VSS server
Error: (01/12/2013 11:02:30 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\computer\Downloads\esetsmartinstaller_enu.exe
Error: (01/12/2013 09:48:35 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
Error: (01/11/2013 01:29:08 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8
Error: (01/11/2013 00:02:21 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved
CodeIntegrity Errors:
===================================
Date: 2013-01-13 15:01:10.939
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-01-13 15:01:10.798
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-01-11 12:06:51.786
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-01-11 12:06:51.647
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-01-10 11:18:10.095
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-01-10 11:18:09.955
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-12-18 11:54:33.149
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-12-18 11:54:33.102
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-12-18 11:54:33.039
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-12-18 11:54:32.993
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
=========================== Installed Programs ============================
64 Bit HP CIO Components Installer (Version: 7.2.8)
7-Zip 9.20
Adobe AIR (Version: 2.6.0.19140)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Community Help (Version: 3.5.23)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe Media Player (Version: 1.8)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11.6 (Version: 11.6.3.633)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AIO_Scan (Version: 130.0.365.000)
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Magic-i Visual Effects 2 (Version: 2.0.11.80)
ArcSoft WebCam Companion 3 (Version: 3.0.8.186)
ATI Catalyst Install Manager (Version: 3.0.774.0)
Axife Mouse Recorder DEMO 5.01
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 130.0.331.000)
CamStudio OSS Desktop Recorder (Version: 2.6 Beta r294)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0511.2153.37435)
Catalyst Control Center Graphics Full Existing (Version: 2010.0511.2153.37435)
Catalyst Control Center Graphics Full New (Version: 2010.0511.2153.37435)
Catalyst Control Center Graphics Light (Version: 2010.0511.2153.37435)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0511.2153.37435)
Catalyst Control Center InstallProxy (Version: 2010.0511.2153.37435)
Catalyst Control Center Localization All (Version: 2010.0511.2153.37435)
ccc-core-static (Version: 2010.0511.2153.37435)
ccc-utility64 (Version: 2010.0511.2153.37435)
CCC Help Chinese Standard (Version: 2010.0511.2152.37435)
CCC Help Chinese Traditional (Version: 2010.0511.2152.37435)
CCC Help Czech (Version: 2010.0511.2152.37435)
CCC Help Danish (Version: 2010.0511.2152.37435)
CCC Help Dutch (Version: 2010.0511.2152.37435)
CCC Help English (Version: 2010.0511.2152.37435)
CCC Help Finnish (Version: 2010.0511.2152.37435)
CCC Help French (Version: 2010.0511.2152.37435)
CCC Help German (Version: 2010.0511.2152.37435)
CCC Help Greek (Version: 2010.0511.2152.37435)
CCC Help Hungarian (Version: 2010.0511.2152.37435)
CCC Help Italian (Version: 2010.0511.2152.37435)
CCC Help Japanese (Version: 2010.0511.2152.37435)
CCC Help Korean (Version: 2010.0511.2152.37435)
CCC Help Norwegian (Version: 2010.0511.2152.37435)
CCC Help Polish (Version: 2010.0511.2152.37435)
CCC Help Portuguese (Version: 2010.0511.2152.37435)
CCC Help Russian (Version: 2010.0511.2152.37435)
CCC Help Spanish (Version: 2010.0511.2152.37435)
CCC Help Swedish (Version: 2010.0511.2152.37435)
CCC Help Thai (Version: 2010.0511.2152.37435)
CCC Help Turkish (Version: 2010.0511.2152.37435)
CCleaner (Version: 3.25)
Copy (Version: 130.0.428.000)
DAEMON Tools Lite (Version: 4.45.1.0236)
Defraggler (remove only)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.465.000)
DJ_AIO_ProductContext (Version: 130.0.365.000)
DJ_AIO_Software (Version: 130.0.365.000)
DJ_AIO_Software_min (Version: 130.0.365.000)
ESET Online Scanner v3
F4100 (Version: 130.0.365.000)
F4100_Help (Version: 90.0.222.000)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
GEAR driver installer for AMD64 and Intel EM64T (Version: 2.003.1)
Google Chrome (Version: 23.0.1271.97)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.123)
GPBaseService2 (Version: 130.0.371.000)
HP Customer Experience Enhancements (Version: 6.0.1.7)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Deskjet 1050 J410 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 1050 J410 series Help (Version: 140.0.66.66)
HP Deskjet 1050 J410 series Product Improvement Study (Version: 22.50.231.0)
HP Deskjet All-In-One Driver Software 13.0 Rel. 1 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP MediaSmart SmartMenu (Version: 3.1.1.12)
HP MediaSmart/TouchSmart Netflix (Version: 1.0.3.0)
HP Odometer (Version: 2.10.0000)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Product Detection (Version: 11.14.0001)
HP Setup (Version: 8.1.4186.3400)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Support Information (Version: 10.1.0002)
HP Update (Version: 5.002.006.003)
HP Vision Hardware Diagnostics (Version: 2.1.2.27173)
HP Webcam User's Guide
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
iTunes (Version: 11.0.1.12)
Java 7 Update 10 (64-bit) (Version: 7.0.100)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java 6 Update 24 (Version: 6.0.240)
Java 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 14.0.8089.726)
KODAK Share Button App (Version: 4.03.0000.0000)
Lernout & Hauspie TruVoice American English TTS Engine
LibUSB-Win32-0.1.10.1 (Version: 0.1.10.1)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft PowerPoint Viewer (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
MixMeister BPM Analyzer 1.0
MixMeister Studio Demo 7.4.4
Mozilla Firefox 7.0.1 (x86 en-US) (Version: 7.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
NVIDIA PhysX (Version: 9.11.1107)
PDF Complete Special Edition (Version: 3.5.111)
PDF Settings (Version: 1.0)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PressReader (Version: 5.10.621.0)
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.4)
Realtek High Definition Audio Driver (Version: 6.0.1.6196)
RealUpgrade 1.1 (Version: 1.1.0)
Recovery Manager (Version: 5.5.2926)
Scan (Version: 13.0.0.0)
Skype Toolbars (Version: 5.0.4137)
Skype™ 6.0 (Version: 6.0.126)
SmartSound Common Data (Version: 1.1.0)
SmartSound Premiere Elements 10 x64 Plugin (Version: 5.70.0001)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
Speakonia (Version: 1.0.3.5)
Spybot - Search & Destroy (Version: 1.6.2)
Status (Version: 130.0.469.000)
swMSM (Version: 12.0.0.1)
System Requirements Lab CYRI (Version: 4.5.1.0)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
TypingMaster Pro (Version: 7.00)
UnloadSupport (Version: 11.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VLC media player 1.0.1 (Version: 1.0.1)
WebReg (Version: 130.0.132.017)
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (Version: 01/29/2010 1.4.1.0)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Mobile Device Updater Component (Version: 04.07.1407.00)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
WinRAR archiver
WinSCP 4.3.7 (Version: 4.3.7)
YTD Video Downloader 3.9.4
Zune (Version: 04.07.1404.01)
Zune Language Pack (DEU) (Version: 04.07.1404.01)
Zune Language Pack (ESP) (Version: 04.07.1404.01)
Zune Language Pack (FRA) (Version: 04.07.1404.01)
Zune Language Pack (ITA) (Version: 04.07.1404.01)
Zune Language Pack (NLD) (Version: 04.07.1404.01)
Zune Language Pack (PTB) (Version: 04.07.1404.01)
Zune Language Pack (PTG) (Version: 04.07.1404.01)
========================= Devices: ================================
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Name: Link-Layer Topology Discovery Mapper I/O Driver
Description: Link-Layer Topology Discovery Mapper I/O Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: lltdio
Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Name: TCP/IP Registry Compatibility
Description: TCP/IP Registry Compatibility
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tcpipreg
Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Name: PEAUTH
Description: PEAUTH
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PEAUTH
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Name: ACPI x64-based PC
Description: ACPI x64-based PC
Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL
Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Name: Common Log (CLFS)
Description: Common Log (CLFS)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CLFS
Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Name: NetIO Legacy TDI Support Driver
Description: NetIO Legacy TDI Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tdx
Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Name: HP Deskjet 1050 J410 series
Description: HP Deskjet 1050 J410 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Name: File as Volume Driver
Description: File as Volume Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: blbdrive
Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Name: CNG
Description: CNG
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CNG
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
Name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Psched
Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Name: Composite Bus Enumerator
Description: Composite Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: CompositeBus
Name: Mount Point Manager
Description: Mount Point Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mountmgr
Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Name: System Attribute Cache
Description: System Attribute Cache
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: discache
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Name: Windows Firewall Authorization Driver
Description: Windows Firewall Authorization Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mpsdrv
Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Name: VgaSave
Description: VgaSave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VgaSave
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Name: Generic- Multi-Card USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Name: RDPCDD
Description: RDPCDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPCDD
Name: AMD Athlon II X2 250 Processor
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Name: HID Keyboard Device
Description: HID Keyboard Device
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: kbdhid
Name: Terminal Server Keyboard Driver
Description: Terminal Server Keyboard Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Name: LDDM Graphics Subsystem
Description: LDDM Graphics Subsystem
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: DXGKrnl
Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Name: G:\
Description: Multi-Card
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Name: Dynamic Volume Manager
Description: Dynamic Volume Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: volmgrx
Name: Terminal Server Mouse Driver
Description: Terminal Server Mouse Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD
Name: RDP Encoder Mirror Driver
Description: RDP Encoder Mirror Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPENCDD
Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Name: Microsoft Windows Management Interface for ACPI
Description: Microsoft Windows Management Interface for ACPI
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: WmiAcpi
Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: swenum
Name: Storage volumes
Description: Storage volumes
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: volsnap
Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: ACPI
Name: Reflector Display Driver used to gain access to graphics data
Description: Reflector Display Driver used to gain access to graphics data
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPREFMP
Name: DAEMON Tools Virtual Bus
Description: DAEMON Tools Virtual Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: DT Soft Ltd
Service: dtsoftbus01
Name: Ancillary Function Driver for Winsock
Description: Ancillary Function Driver for Winsock
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AFD
Name: Remote Access IPv6 ARP Driver
Description: Remote Access IPv6 ARP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wanarpv6
Name: Generic PnP Monitor
Description: Generic PnP Monitor
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard monitor types)
Service: monitor
Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp
Name: Link-Layer Topology Discovery Responder
Description: Link-Layer Topology Discovery Responder
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: rspndr
Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
Name: AMD Athlon II X2 250 Processor
Description: AMD Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Advanced Micro Devices
Service: AmdPPM
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Name: amdkmdag
Description: amdkmdag
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: amdkmdag
Name: Microsoft Virtual Drive Enumerator Driver
Description: Microsoft Virtual Drive Enumerator Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: vdrvroot
Name: Kernel Mode Driver Frameworks service
Description: Kernel Mode Driver Frameworks service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wdf01000
Name: ATI I/O Communications Processor PCI Bus Controller
Description: ATI I/O Communications Processor PCI Bus Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI
Service: pci
Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service:
Name: Standard OpenHCD USB Host Controller
Description: Standard OpenHCD USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbohci
Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Name: Sftfs
Description: Sftfs
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Sftfs
Name: HP Deskjet 1050 J410 series (USB)
Description: HP Deskjet 1050 J410 series (USB)
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Hewlett-Packard
Service: usbscan
Name: amdsata
Description: amdsata
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: amdsata
Name: msisadrv
Description: msisadrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: msisadrv
Name: Volume Manager
Description: Volume Manager
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: volmgr
Name: WFP Lightweight Filter
Description: WFP Lightweight Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WfpLwf
Name: Sftplay
Description: Sftplay
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Sftplay
Name: hp DVD A DH16ABLH SATA CdRom Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Name: SanDisk Gigaware USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Name: AMD PCI Express (3GIO) Filter
Description: AMD PCI Express (3GIO) Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AtiPcie
Name: Winsock IFS Driver
Description: Winsock IFS Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ws2ifsl
Name: USB Printing Support
Description: USB Printing Support
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Microsoft
Service: usbprint
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Name: ATI I/O Communications Processor SMBus Controller
Description: ATI I/O Communications Processor SMBus Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI
Service:
Name: PCI standard ISA bridge
Description: PCI standard ISA bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: msisadrv
Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Name: NDIS System Driver
Description: NDIS System Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDIS
Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Name: User Mode Driver Frameworks Platform Driver
Description: User Mode Driver Frameworks Platform Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WudfPf
Name: Sftvol
Description: Sftvol
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Sftvol
Name: NDProxy
Description: NDProxy
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDProxy
Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Name: Hitachi HDS721064CLA332 SATA Disk Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Name: X6va003
Description: X6va003
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: X6va003
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Name: AMD SATA Controller
Description: AMD SATA Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: AMD
Service: amdsata
Name: ATI Radeon 3000 Graphics
Description: ATI Radeon 3000 Graphics
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI Technologies Inc.
Service: amdkmdap
Name: System timer
Description: System timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Name: PCI standard PCI-to-PCI bridge
Description: PCI standard PCI-to-PCI bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Name: X6va008
Description: X6va008
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: X6va008
Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Name: NETBT
Description: NETBT
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NetBT
Name: Bitlocker Drive Encryption Filter Driver
Description: Bitlocker Drive Encryption Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: fvevol
Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Name: F:\
Description: Gigaware
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: SanDisk
Service: WUDFRd
Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: mssmbios
Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HTTP
Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn
Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Name: UMBus Enumerator
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbehci
Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Name: NSI proxy service driver.
Description: NSI proxy service driver.
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: nsiproxy
Name: Hardware Policy Driver
Description: Hardware Policy Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: hwpolicy
Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid
Name: System speaker
Description: System speaker
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
Name: DTSOFT Virtual CdRom Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Name: KSecDD
Description: KSecDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: KSecDD
Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Name: UMBus Enumerator
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
Name: AMD PCI Express (3GIO) Filter Driver
Description: AMD PCI Express (3GIO) Filter Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices Inc
Service: pci
Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep
Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Null
Name: KSecPkg
Description: KSecPkg
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: KSecPkg
Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbehci
Name: PCI standard host CPU bridge
Description: PCI standard host CPU bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Tcpip
Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap
Name: Performance Counters for Windows Driver
Description: Performance Counters for Windows Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: pcw
========================= Memory info: ===================================
Percentage of memory in use: 41%
Total physical RAM: 2815.29 MB
Available physical RAM: 1659.9 MB
Total Pagefile: 5628.76 MB
Available Pagefile: 3901.43 MB
Total Virtual: 4095.88 MB
Available Virtual: 3957.73 MB
========================= Partitions: =====================================
1 Drive c: (OS) (Fixed) (Total:584.01 GB) (Free:478.73 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:12.06 GB) (Free:1.44 GB) NTFS
4 Drive f: () (Removable) (Total:7.47 GB) (Free:1.02 GB) FAT32
========================= Users: ========================================
User accounts for \\COMPUTER-HP
Administrator computer Guest
========================= Minidump Files ==================================
No minidump file found
**** End of log ****
---------------------------------Farbar Service Scanner-------------------------------
Farbar Service Scanner Version: 05-01-2013
Ran by computer (administrator) on 13-01-2013 at 18:44:06
Running from "C:\Users\computer\Downloads\steps 3"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
-
MY windows security service center can not also be started. Registry updates such as disablecmd , disabletskmanager , no drives , load, run and changes to my homepages popped up on spybot. I had denied the changes though because they did not sound like healthy changes to my registry. And last time I accepted the changes none of my USB ports were working and I had to system restore to a few days earlier.
-
Restarted my computer. Did a Google search. Still infected.
-
I have not had any re directions since this afternoon. I'd like to keep this thread open for another day or so though because in the past the infection seemed to be good at returning.
-
No threats were detected and no log was created. This is all that is inside log.txt
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
-
Thank you for staying with me through this. I've never come across such an annoying infection. I am currently running the ESET scanner and will report the log when it's finished running.
-
ComboFix 13-01-13.01 - computer 01/13/2013 14:56:39.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1931 [GMT -5:00]
Running from: c:\users\computer\Downloads\ComboFix.exe
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\AlexaNSISPlugin.4216.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-13 to 2013-01-13 )))))))))))))))))))))))))))))))
.
.
2013-01-13 20:01 . 2013-01-13 20:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-10 15:51 . 2013-01-10 15:51 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-09 18:40 . 2013-01-09 18:40 118784 --sha-r- c:\windows\SysWow64\atimpc32C.dll
2013-01-09 09:54 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 09:54 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 09:46 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66D6AC6E-2CF1-46DF-ACF2-0E112748ADC2}\mpengine.dll
2012-12-31 18:24 . 2012-12-31 18:24 -------- d-----w- c:\programdata\Arcade Lab
2012-12-31 18:24 . 2012-12-31 18:24 -------- d-----w- c:\users\computer\AppData\Roaming\Zylom
2012-12-31 18:24 . 2012-12-31 18:26 -------- d-----w- c:\users\computer\AppData\Local\Zylom Games
2012-12-27 17:43 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-12-27 17:43 . 2012-12-27 17:43 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-27 17:43 . 2012-12-27 17:43 -------- d-----w- c:\program files\iTunes
2012-12-27 17:43 . 2012-12-27 17:43 -------- d-----w- c:\program files (x86)\iTunes
2012-12-27 17:43 . 2012-12-27 17:43 -------- d-----w- c:\program files\iPod
2012-12-21 09:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 09:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 09:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 09:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-18 17:51 . 2012-12-18 17:50 959976 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-18 17:51 . 2012-12-18 17:50 308200 ----a-w- c:\windows\system32\javaws.exe
2012-12-18 17:51 . 2012-12-18 17:50 1081320 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-18 17:51 . 2012-12-18 17:50 188392 ----a-w- c:\windows\system32\javaw.exe
2012-12-18 17:51 . 2012-12-18 17:50 188392 ----a-w- c:\windows\system32\java.exe
2012-12-18 17:51 . 2012-12-18 17:50 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-12-18 17:50 . 2012-12-18 17:50 -------- d-----w- c:\program files\Java
2012-12-18 16:58 . 2012-12-18 17:03 -------- d-----w- c:\users\computer\AppData\Roaming\Hoyle FaceCreator
2012-12-18 16:58 . 2012-12-18 17:24 -------- d-----w- c:\users\computer\AppData\Roaming\Hoyle
2012-12-18 16:58 . 2008-03-05 21:56 3786760 ----a-w- c:\windows\SysWow64\D3DX9_37.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 20:17 . 2012-10-07 19:22 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 20:17 . 2011-06-29 16:51 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 10:05 . 2011-02-20 03:04 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-11-30 04:45 . 2013-01-09 09:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-13 09:00 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 09:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 09:00 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 09:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 09:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 09:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 09:00 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 09:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 09:00 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 09:00 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 09:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 09:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 09:00 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 09:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 09:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 09:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 09:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 09:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 09:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 09:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 09:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 09:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 12:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 12:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 12:45 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 12:45 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-16 08:38 . 2012-11-28 12:36 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 12:36 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 12:36 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\computer\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"ADA2A0E7261CB6A8553FA5425D18AE06C32E1021._service_run"="c:\users\computer\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-12-05 1242728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 avg9emc;AVG E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe [2011-02-04 921952]
R2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2011-02-04 308136]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 dump_wmimmc;dump_wmimmc;c:\aeriagames\WolfTeam\GameGuard\dump_wmimmc.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-10 115272]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-04 1255736]
R3 X6va003;X6va003;c:\users\computer\AppData\Local\Temp\003BB84.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-18 279616]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 25912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 20:17]
.
2013-01-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1140067203-3630092783-3749488201-1000Core.job
- c:\users\computer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 20:47]
.
2013-01-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1140067203-3630092783-3749488201-1000UA.job
- c:\users\computer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 20:47]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-30 20:39]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-30 20:39]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1140067203-3630092783-3749488201-1000Core.job
- c:\users\computer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-04 09:38]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1140067203-3630092783-3749488201-1000UA.job
- c:\users\computer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-04 09:38]
.
2013-01-10 c:\windows\Tasks\HPCeeScheduleForcomputer.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
2013-01-13 c:\windows\Tasks\vymosa.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\computer\AppData\Roaming\Mozilla\Firefox\Profiles\fy6h84lk.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=937811&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - ExtSQL: !HIDDEN! 2011-07-05 11:57; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9} - c:\programdata\{13A9B825-42CB-4973-913D-2194B5A4CF94}\Massive Setup PC.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\computer\AppData\Local\Temp\003BB84.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-13 15:03:31
ComboFix-quarantined-files.txt 2013-01-13 20:03
ComboFix2.txt 2013-01-12 16:12
ComboFix3.txt 2013-01-11 17:09
ComboFix4.txt 2013-01-10 16:21
.
Pre-Run: 515,689,906,176 bytes free
Post-Run: 515,290,697,728 bytes free
.
- - End Of File - - A94CB41909FB0D6F8AF1C86D82B909A8
-
Here are the two logs that I discovered after the scan. No DDS log though as you didn't require a new one.
-
How do I do that? I see no attachment options.
-
- I think this to. The first was system log, and this log is titled with the date of the scan on it.
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
v2013.01.09.01
Windows 7 Service Pack 1 x64 NTFS
9.0.8112.16421
computer :: COMPUTER-HP
1/13/2013 7:58:24 AM
mbar-log-2013-01-13 (07-58-24).txt
31007
8 , 40
0
0
1
HKLM\SOFTWARE\Refog Software (Refog.Keylogger) ->
0
1
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit (Refog.Keylogger) -> (c:\windows\system32\userinit.exe,C:\Windows\SysWOW64\MPK\mpk.exe) (Userinit.exe) ->
0
0
- I think this to. The first was system log, and this log is titled with the date of the scan on it.
-
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.992000 GHz
Memory total: 2952040448, free: 1873805312
------------ Kernel report ------------
01/12/2013 18:19:51
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\SMR311.SYS
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\amdsata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie64.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amdsata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbam.sys
\??\C:\Users\computer\AppData\Local\Temp\pgddrkoc.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8004370060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000079\
Lower Device Object: 0xfffffa80042f5060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800321e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000050\
Lower Device Object: 0xfffffa8002d46780
Lower Device Driver Name: \Driver\amdsata\
Driver name found: amdsata
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0)
Load Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800321e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800321eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800321e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80031c0b80, DeviceName: Unknown, DriverName: \Driver\amdxata\
DevicePointer: 0xfffffa8002d46780, DeviceName: \Device\00000050\, DriverName: \Driver\amdsata\
------------ End ----------
Upper DeviceData: 0xfffff8a00bced6c0, 0xfffffa800321e060, 0xfffffa8005c5d590
Lower DeviceData: 0xfffff8a0055edbc0, 0xfffffa8002d46780, 0xfffffa8005c52090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1BF4EFF6
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206911 Numsec = 1224755137
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1224962048 Numsec = 25298944
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 640135028736 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8004370060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004373b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004370060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800436c840, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa80042f5060, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Infected: HKLM\SOFTWARE\Refog Software --> [Refog.Keylogger]
Done!
Scan finished
Creating System Restore point...
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.992000 GHz
Memory total: 2952040448, free: 1751617536
------------ Kernel report ------------
01/13/2013 07:48:50
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\amdsata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie64.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amdsata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbam.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80037de790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000070\
Lower Device Object: 0xfffffa800428fb60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80031dc700
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000004e\
Lower Device Object: 0xfffffa8002d04580
Lower Device Driver Name: \Driver\amdsata\
Driver name found: amdsata
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0)
Load Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80031dc700, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80031dc150, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80031dc700, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800317eaf0, DeviceName: Unknown, DriverName: \Driver\amdxata\
DevicePointer: 0xfffffa8002d04580, DeviceName: \Device\0000004e\, DriverName: \Driver\amdsata\
------------ End ----------
Upper DeviceData: 0xfffff8a0116c5840, 0xfffffa80031dc700, 0xfffffa80050fa090
Lower DeviceData: 0xfffff8a01061a070, 0xfffffa8002d04580, 0xfffffa80051664b0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1BF4EFF6
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206911 Numsec = 1224755137
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1224962048 Numsec = 25298944
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 640135028736 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa80037de790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800427e740, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80037de790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800427ebf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa800428fb60, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Infected: HKLM\SOFTWARE\Refog Software --> [Refog.Keylogger]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit --> [Refog.Keylogger]
Done!
Scan finished
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================
-
The only Malware it found was REFOG Keylogger within the registry, which I installed and previously uninstalled at least a year ago. that must have remained in there.
--------------------------MBAR LOG------------------------------
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_31
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.992000 GHz
Memory total: 2952040448, free: 1873805312
------------ Kernel report ------------
01/12/2013 18:19:51
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\SMR311.SYS
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\amdsata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie64.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amdsata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbam.sys
\??\C:\Users\computer\AppData\Local\Temp\pgddrkoc.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8004370060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000079\
Lower Device Object: 0xfffffa80042f5060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800321e060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000050\
Lower Device Object: 0xfffffa8002d46780
Lower Device Driver Name: \Driver\amdsata\
Driver name found: amdsata
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0)
Load Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800321e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800321eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800321e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80031c0b80, DeviceName: Unknown, DriverName: \Driver\amdxata\
DevicePointer: 0xfffffa8002d46780, DeviceName: \Device\00000050\, DriverName: \Driver\amdsata\
------------ End ----------
Upper DeviceData: 0xfffff8a00bced6c0, 0xfffffa800321e060, 0xfffffa8005c5d590
Lower DeviceData: 0xfffff8a0055edbc0, 0xfffffa8002d46780, 0xfffffa8005c52090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1BF4EFF6
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206911 Numsec = 1224755137
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1224962048 Numsec = 25298944
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 640135028736 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8004370060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004373b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004370060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800436c840, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa80042f5060, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Infected: HKLM\SOFTWARE\Refog Software --> [Refog.Keylogger]
Done!
Scan finished
Creating System Restore point...
-----------------------New DDS Log-------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2
Run by computer at 18:34:43 on 2013-01-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1456 [GMT -5:00]
.
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\computer\AppData\Local\Akamai\netsession_win.exe
C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\computer\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uProxyOverride = 127.0.0.1:9421;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Akamai NetSession Interface] "C:\Users\computer\AppData\Local\Akamai\netsession_win.exe"
uRun: [ADA2A0E7261CB6A8553FA5425D18AE06C32E1021._service_run] "C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRunOnce: [Z1] cmd /c "C:\Users\computer\Desktop\mbar\mbar.exe" /cleanup /s
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{3A0237BB-C646-40F1-BE80-BF7770A283DE} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\computer\AppData\Roaming\Mozilla\Firefox\Profiles\fy6h84lk.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=937811&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - ExtSQL: !HIDDEN! 2011-07-05 11:57; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 SMR311;Symantec SMR Utility Service 3.1.1;C:\Windows\System32\drivers\SMR311.SYS [2013-1-12 95392]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-12-18 279616]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-14 203264]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-18 366640]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-12-14 635416]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-2-10 104960]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2011-2-10 19968]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-11-27 25912]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-14 346144]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-12-14 38456]
S2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2011-2-4 921952]
S2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2011-2-4 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-8-21 115272]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-23 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-5 1255736]
.
=============== Created Last 30 ================
.
2013-01-12 22:57:16 95392 ----a-w- C:\Windows\System32\drivers\SMR311.SYS
2013-01-12 22:57:11 -------- d-----w- C:\Users\computer\AppData\Local\NPE
2013-01-12 18:23:33 -------- d-sh--w- C:\$RECYCLE.BIN
2013-01-12 13:04:13 388096 ----a-r- C:\Users\computer\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-12 13:04:12 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-01-10 16:10:38 98816 ----a-w- C:\Windows\sed.exe
2013-01-10 16:10:38 256000 ----a-w- C:\Windows\PEV.exe
2013-01-10 16:10:38 208896 ----a-w- C:\Windows\MBR.exe
2013-01-10 15:51:42 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-09 18:40:35 118784 --sha-r- C:\Windows\SysWow64\atimpc32C.dll
2013-01-09 09:54:10 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-09 09:54:10 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-09 09:46:32 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{66D6AC6E-2CF1-46DF-ACF2-0E112748ADC2}\mpengine.dll
2012-12-31 18:24:37 -------- d-----w- C:\ProgramData\Arcade Lab
2012-12-31 18:24:34 -------- d-----w- C:\Users\computer\AppData\Roaming\Zylom
2012-12-31 18:24:18 -------- d-----w- C:\Users\computer\AppData\Local\Zylom Games
2012-12-27 17:43:48 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-12-27 17:43:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-27 17:43:18 -------- d-----w- C:\Program Files\iTunes
2012-12-27 17:43:18 -------- d-----w- C:\Program Files\iPod
2012-12-27 17:43:18 -------- d-----w- C:\Program Files (x86)\iTunes
2012-12-21 09:00:36 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 09:00:36 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 09:00:36 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 09:00:35 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-18 17:51:46 959976 ----a-w- C:\Windows\System32\deployJava1.dll
2012-12-18 17:51:46 1081320 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-12-18 17:51:26 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-12-18 16:58:48 -------- d-----w- C:\Users\computer\AppData\Roaming\Hoyle FaceCreator
2012-12-18 16:58:36 -------- d-----w- C:\Users\computer\AppData\Roaming\Hoyle
2012-12-18 16:58:11 3786760 ----a-w- C:\Windows\SysWow64\D3DX9_37.dll
.
==================== Find3M ====================
.
2013-01-11 23:16:49 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-11 23:16:49 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
.
============= FINISH: 18:35:26.91 ===============
-
Thank you.
-------------------------------DDS Log-------------------------------
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2
Run by computer at 13:30:05 on 2013-01-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1388 [GMT -5:00]
.
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\computer\AppData\Local\Akamai\netsession_win.exe
C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\computer\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = 127.0.0.1:9421;*.local;<local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Akamai NetSession Interface] "C:\Users\computer\AppData\Local\Akamai\netsession_win.exe"
uRun: [ADA2A0E7261CB6A8553FA5425D18AE06C32E1021._service_run] "C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{3A0237BB-C646-40F1-BE80-BF7770A283DE} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\computer\AppData\Roaming\Mozilla\Firefox\Profiles\fy6h84lk.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=937811&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - ExtSQL: !HIDDEN! 2011-07-05 11:57; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-12-18 279616]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-14 203264]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-18 366640]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-12-14 635416]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-2-10 104960]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2011-2-10 19968]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-11-27 25912]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-14 346144]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-12-14 38456]
S2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2011-2-4 921952]
S2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2011-2-4 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-8-21 115272]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-23 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-5 1255736]
.
=============== Created Last 30 ================
.
2013-01-12 18:23:33 -------- d-sh--w- C:\$RECYCLE.BIN
2013-01-12 13:04:13 388096 ----a-r- C:\Users\computer\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-12 13:04:12 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-01-10 16:10:38 98816 ----a-w- C:\Windows\sed.exe
2013-01-10 16:10:38 256000 ----a-w- C:\Windows\PEV.exe
2013-01-10 16:10:38 208896 ----a-w- C:\Windows\MBR.exe
2013-01-10 15:51:42 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-09 18:40:35 118784 --sha-r- C:\Windows\SysWow64\atimpc32C.dll
2013-01-09 09:54:10 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-01-09 09:54:10 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-01-09 09:46:32 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{66D6AC6E-2CF1-46DF-ACF2-0E112748ADC2}\mpengine.dll
2012-12-31 18:24:37 -------- d-----w- C:\ProgramData\Arcade Lab
2012-12-31 18:24:34 -------- d-----w- C:\Users\computer\AppData\Roaming\Zylom
2012-12-31 18:24:18 -------- d-----w- C:\Users\computer\AppData\Local\Zylom Games
2012-12-27 17:43:48 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-12-27 17:43:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-27 17:43:18 -------- d-----w- C:\Program Files\iTunes
2012-12-27 17:43:18 -------- d-----w- C:\Program Files\iPod
2012-12-27 17:43:18 -------- d-----w- C:\Program Files (x86)\iTunes
2012-12-21 09:00:36 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 09:00:36 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 09:00:36 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 09:00:35 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-18 17:51:46 959976 ----a-w- C:\Windows\System32\deployJava1.dll
2012-12-18 17:51:46 1081320 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-12-18 17:51:26 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-12-18 16:58:48 -------- d-----w- C:\Users\computer\AppData\Roaming\Hoyle FaceCreator
2012-12-18 16:58:36 -------- d-----w- C:\Users\computer\AppData\Roaming\Hoyle
2012-12-18 16:58:11 3786760 ----a-w- C:\Windows\SysWow64\D3DX9_37.dll
.
==================== Find3M ====================
.
2013-01-11 23:16:49 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-11 23:16:49 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
.
============= FINISH: 13:31:21.42 ===============
---------------------------------Attach log----------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/4/2011 4:29:29 AM
System Uptime: 1/12/2013 1:22:49 PM (0 hours ago)
.
Motherboard: FOXCONN | | 2AB7
Processor: AMD Athlon II X2 250 Processor | CPU 1 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 584 GiB total, 481.433 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.443 GiB free.
E: is CDROM ()
G: is Removable
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP363: 1/10/2013 11:10:41 AM - ComboFix created restore point
RP364: 1/11/2013 11:47:28 AM - Restore Operation
RP365: 1/12/2013 8:03:15 AM - Installed HiJackThis
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.20
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Community Help
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.1.4)
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIO_Scan
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 3
ATI Catalyst Install Manager
Axife Mouse Recorder DEMO 5.01
BitTorrent
Bonjour
BufferChm
CamStudio OSS Desktop Recorder
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Copy
DAEMON Tools Lite
Defraggler (remove only)
Destinations
DeviceDiscovery
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
F4100
F4100_Help
Facebook Video Calling 1.2.0.287
GEAR driver installer for AMD64 and Intel EM64T
Google Chrome
Google Earth
Google Update Helper
GPBaseService2
HiJackThis
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Deskjet 1050 J410 series Product Improvement Study
HP Deskjet All-In-One Driver Software 13.0 Rel. 1
HP Imaging Device Functions 13.0
HP MediaSmart SmartMenu
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Photosmart Essential 3.5
HP Product Detection
HP Setup
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Support Information
HP Update
HP Vision Hardware Diagnostics
HP Webcam User's Guide
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
iTunes
Java 7 Update 10 (64-bit)
Java 7 Update 7
Java Auto Updater
Java 6 Update 24
Java 6 Update 31
Junk Mail filter update
KODAK Share Button App
Lernout & Hauspie TruVoice American English TTS Engine
LibUSB-Win32-0.1.10.1
Malwarebytes' Anti-Malware version 1.51.1.1800
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
MixMeister BPM Analyzer 1.0
MixMeister Studio Demo 7.4.4
Mozilla Firefox 7.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
NVIDIA PhysX
PDF Complete Special Edition
PDF Settings
PeerBlock 1.1 (r518)
PlayReady PC Runtime amd64
PressReader
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Recovery Manager
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Skype Toolbars
Skype™ 6.0
SmartSound Common Data
SmartSound Premiere Elements 10 x64 Plugin
SmartWebPrinting
SolutionCenter
Speakonia
Spybot - Search & Destroy
Status
swMSM
System Requirements Lab CYRI
Toolbox
TrayApp
TypingMaster Pro
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 1.0.1
WebReg
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
Windows Mobile Device Updater Component
Windows Movie Maker 2.6
WinRAR archiver
WinSCP 4.3.7
YTD Video Downloader 3.9.4
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
.
==== Event Viewer Messages From Past Week ========
.
1/9/2013 10:25:54 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
1/9/2013 10:25:54 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/9/2013 10:25:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/9/2013 10:25:37 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/9/2013 10:25:37 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
1/12/2013 11:10:46 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/12/2013 11:03:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
1/12/2013 11:02:29 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/12/2013 11:02:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
1/12/2013 11:02:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/12/2013 11:02:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/12/2013 11:02:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/12/2013 11:02:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/12/2013 11:02:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/12/2013 11:02:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/12/2013 11:02:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/12/2013 11:02:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl
1/12/2013 11:02:00 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/12/2013 11:02:00 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/12/2013 11:02:00 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/12/2013 11:02:00 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/12/2013 11:02:00 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/12/2013 11:02:00 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/12/2013 11:02:00 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/12/2013 11:02:00 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/12/2013 11:02:00 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/12/2013 11:02:00 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/12/2013 11:02:00 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/12/2013 11:02:00 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
1/12/2013 1:23:15 PM, Error: Service Control Manager [7001] - The AVG E-mail Scanner service depends on the AVG WatchDog service which failed to start because of the following error: The service has returned a service-specific error code.
1/12/2013 1:23:14 PM, Error: Service Control Manager [7024] - The AVG WatchDog service terminated with service-specific error %%-536805315.
1/12/2013 1:23:09 PM, Error: Service Control Manager [7000] - The LibUsb-Win32 - Daemon, Version 0.1.10.1 service failed to start due to the following error: The system cannot find the file specified.
1/12/2013 1:23:00 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/11/2013 12:06:51 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/11/2013 11:59:07 AM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
1/11/2013 11:59:07 AM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
-
- I have removed this infection twice I think with combofix, but I must be wrong because it keeps reappearing.
- It does nothing to my desktop, and Spybot notifies me each time I start the computer up that it's trying to delete my CMD, taskMGR, drivers, and a few other components. I simply click deny and remember that decision.
- It is a redirect infection. I have conquered it and been without redirection for the rest of the day, but every time I restart the computer it seems to reinfect my machine.
- I have scanned multiple times with TDSSkiller, Malewarebytes, and Rougekiller, as well as Combofix only to come up empty handed.
- There is some pretty important data (pictures etc..) and I don't want to factory reset or have the computer enter a state of nonoperational meltdown during my attempted fixings so I am asking for help.
---------------------------------------------------------------Here is my Hijackthis log and hope someone will be available on the forums to assist me. Thank you.---------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:14:06 AM, on 1/12/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\computer\AppData\Local\Akamai\netsession_win.exe
C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\computer\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\computer\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [ADA2A0E7261CB6A8553FA5425D18AE06C32E1021._service_run] "C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10201 bytes</local>
I will be back around 11 to continue this forum* Thank you for the help and patience.
- I have removed this infection twice I think with combofix, but I must be wrong because it keeps reappearing.
Click.livesearch -redirect infection- -undetectable- -removed twice- -keeps returning-
in Resolved Malware Removal Logs
Posted
I have restored my computer to factory settings. Thanks for your help for the time being.