Jump to content

arkhaan

Members
  • Posts

    67
  • Joined

  • Last visited

Everything posted by arkhaan

  1. MiniToolBox by Farbar Version: 16-06-2013 Ran by matt (administrator) on 20-06-2013 at 23:57:49 Running from "C:\Users\matt\Desktop" Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= ========================= IP Configuration: ================================ Realtek PCIe GBE Family Controller = Local Area Connection (Connected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : matt-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : gateway.2wire.net Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : gateway.2wire.net Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller Physical Address. . . . . . . . . : 50-E5-49-31-1C-16 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::8dee:7624:35b8:2a4a%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.69(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Thursday, June 20, 2013 11:54:04 PM Lease Expires . . . . . . . . . . : Friday, June 21, 2013 11:54:04 PM Default Gateway . . . . . . . . . : 192.168.1.254 DHCP Server . . . . . . . . . . . : 192.168.1.254 DHCPv6 IAID . . . . . . . . . . . : 240182601 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-45-CF-9A-50-E5-49-31-1C-16 DNS Servers . . . . . . . . . . . : 192.168.1.254 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.gateway.2wire.net: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : gateway.2wire.net Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:287d:1619:9c9b:bba(Preferred) Link-local IPv6 Address . . . . . : fe80::287d:1619:9c9b:bba%13(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Server: home Address: 192.168.1.254 Name: google.com Addresses: 2001:4860:4002:802::1008 74.125.227.4 74.125.227.5 74.125.227.6 74.125.227.7 74.125.227.8 74.125.227.9 74.125.227.14 74.125.227.0 74.125.227.1 74.125.227.2 74.125.227.3 Pinging google.com [74.125.227.131] with 32 bytes of data: Reply from 74.125.227.131: bytes=32 time=33ms TTL=54 Reply from 74.125.227.131: bytes=32 time=32ms TTL=54 Ping statistics for 74.125.227.131: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 32ms, Maximum = 33ms, Average = 32ms Server: home Address: 192.168.1.254 Name: yahoo.com Addresses: 206.190.36.45 98.138.253.109 98.139.183.24 Pinging yahoo.com [98.139.183.24] with 32 bytes of data: Reply from 98.139.183.24: bytes=32 time=106ms TTL=43 Reply from 98.139.183.24: bytes=32 time=105ms TTL=43 Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 105ms, Maximum = 106ms, Average = 105ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 11...50 e5 49 31 1c 16 ......Realtek PCIe GBE Family Controller 1...........................Software Loopback Interface 1 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.69 20 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.69 276 192.168.1.69 255.255.255.255 On-link 192.168.1.69 276 192.168.1.255 255.255.255.255 On-link 192.168.1.69 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.69 276 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.69 276 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 13 58 ::/0 On-link 1 306 ::1/128 On-link 13 58 2001::/32 On-link 13 306 2001:0:9d38:6ab8:287d:1619:9c9b:bba/128 On-link 11 276 fe80::/64 On-link 13 306 fe80::/64 On-link 13 306 fe80::287d:1619:9c9b:bba/128 On-link 11 276 fe80::8dee:7624:35b8:2a4a/128 On-link 1 306 ff00::/8 On-link 13 306 ff00::/8 On-link 11 276 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (06/20/2013 11:55:10 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 11:41:22 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 11:12:51 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 11:08:20 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 05:41:17 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 04:09:23 PM) (Source: Application Error) (User: ) Description: Faulting application name: avp.exe, version: 13.0.1.4210, time stamp: 0x509157b4 Faulting module name: ushata.dll, version: 13.0.1.4313, time stamp: 0x51ac5a4e Exception code: 0xc0000005 Fault offset: 0x000010cc Faulting process id: 0x5e4 Faulting application start time: 0xavp.exe0 Faulting application path: avp.exe1 Faulting module path: avp.exe2 Report Id: avp.exe3 Error: (06/19/2013 11:09:25 AM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (06/19/2013 05:11:20 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/18/2013 06:55:11 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (06/16/2013 11:47:15 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 System errors: ============= Error: (06/20/2013 11:51:36 PM) (Source: DCOM) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (06/20/2013 11:37:49 PM) (Source: DCOM) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (06/20/2013 11:09:21 PM) (Source: DCOM) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (06/20/2013 11:04:43 PM) (Source: DCOM) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (06/20/2013 05:37:47 PM) (Source: DCOM) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (06/20/2013 04:09:37 PM) (Source: Service Control Manager) (User: ) Description: The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (06/19/2013 02:29:47 AM) (Source: DCOM) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (06/14/2013 10:44:47 PM) (Source: DCOM) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (06/14/2013 03:13:14 AM) (Source: DCOM) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (06/14/2013 02:00:06 AM) (Source: Service Control Manager) (User: ) Description: The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Microsoft Office Sessions: ========================= Error: (06/20/2013 11:55:10 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 11:41:22 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 11:12:51 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 11:08:20 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 05:41:17 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 04:09:23 PM) (Source: Application Error)(User: ) Description: avp.exe13.0.1.4210509157b4ushata.dll13.0.1.431351ac5a4ec0000005000010cc5e401ce6cd51d0ace39C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ushata.dllade12db2-d9ed-11e2-8f3f-50e549311c16 Error: (06/19/2013 11:09:25 AM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (06/19/2013 05:11:20 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/18/2013 06:55:11 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (06/16/2013 11:47:15 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 CodeIntegrity Errors: =================================== Date: 2013-06-20 20:55:08.965 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-20 20:55:08.965 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-20 20:55:08.965 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-20 19:38:16.653 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-20 19:38:16.651 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-20 19:38:16.650 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-20 19:37:14.023 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-20 19:37:14.022 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-20 19:37:14.020 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-06-20 18:20:30.012 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. =========================== Installed Programs ============================ Adobe Flash Player 11 Plugin (Version: 11.7.700.224) ATI Catalyst Install Manager (Version: 3.0.741.0) ATI Problem Report Wizard (Version: 3.0.741.0) HydraVision (Version: 4.2.114.0) Intel® Control Center (Version: 1.2.1.1007) Intel® Management Engine Components (Version: 7.0.0.1118) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0) Mozilla Maintenance Service (Version: 21.0) ON_OFF Charge B11.0110.1 (Version: 1.00.0001) Quest for Glory Collection Series (Version: ) Quest for Glory V: Dragon Fire (Version: ) Realtek Ethernet Controller Driver (Version: 7.36.1224.2010) Realtek High Definition Audio Driver (Version: 6.0.1.6282) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) ========================= Devices: ================================ Name: Deskjet 1000 J110 series Description: Deskjet 1000 J110 series Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ========================= Memory info: =================================== Percentage of memory in use: 24% Total physical RAM: 4079.43 MB Available physical RAM: 3077.53 MB Total Pagefile: 8157.04 MB Available Pagefile: 7047.05 MB Total Virtual: 4095.88 MB Available Virtual: 3975.08 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:931.41 GB) (Free:897.7 GB) NTFS ========================= Users: ======================================== User accounts for \\MATT-PC Administrator Guest matt ========================= Minidump Files ================================== No minidump file found **** End of log ****
  2. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16611 Run by matt at 23:15:17 on 2013-06-20 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4079.2830 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\TiltWheelMouse.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mStart Page = about:blank mWinlogon: Userinit = userinit.exe mRun: [search Protection] C:\ProgramData\Search Protection\SearchProtection.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:60 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 TCP: NameServer = 192.168.1.254 TCP: Interfaces\{63383C24-CC47-4520-BCF7-B67D0F9970F6} : DHCPNameServer = 192.168.1.254 SSODL: WebCheck - <orphaned> x64-mStart Page = about:blank x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [MouseDriver] TiltWheelMouse.exe x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\rjn5xfxo.default\ FF - prefs.js: browser.search.selectedEngine - SecureSearch FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll FF - ExtSQL: 2013-06-09 01:37; anti_banner@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF - ExtSQL: 2013-06-09 01:37; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF - ExtSQL: 2013-06-09 01:37; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF - ExtSQL: 2013-06-09 01:37; online_banking@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF - ExtSQL: 2013-06-09 01:37; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com . ============= SERVICES / DRIVERS =============== . R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-6-19 14456] R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-6-9 21104] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-6-9 2655768] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-6-9 412264] R3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-9 418376] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-9 701512] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-9 25928] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-9 19456] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-9 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-6-9 30208] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-9 1255736] . =============== Created Last 30 ================ . 2013-06-20 22:24:40 -------- d-----w- C:\Users\matt\AppData\Local\Diagnostics 2013-06-20 02:58:49 -------- d-----w- C:\Users\matt\AppData\Roaming\LavasoftStatistics 2013-06-20 02:57:48 -------- d-----w- C:\ProgramData\Downloaded Installations 2013-06-20 02:55:53 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys 2013-06-18 23:34:17 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{19951DBB-65DE-4A09-B864-2B0E919F3F5B}\mpengine.dll 2013-06-17 08:03:34 -------- d-----w- C:\Games 2013-06-17 07:48:50 -------- d-----w- C:\qfgcd 2013-06-15 02:52:23 -------- d-----w- C:\U2M 2013-06-13 03:47:16 -------- d-----w- C:\Program Files (x86)\DOSBox-0.74 2013-06-13 03:45:54 -------- d-----w- C:\Users\matt\AppData\Local\DOSBox 2013-06-12 04:50:44 -------- d-----w- C:\Users\matt\AppData\Local\Macromedia 2013-06-12 04:50:03 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-12 04:50:03 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-12 04:49:36 -------- d-----w- C:\Users\matt\AppData\Local\Adobe 2013-06-12 00:03:22 -------- d-----w- C:\Sierra 2013-06-11 22:17:43 279040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll 2013-06-11 22:16:36 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-06-09 23:38:18 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui 2013-06-09 23:37:36 -------- d-----w- C:\Windows\SysWow64\Wat 2013-06-09 23:37:35 -------- d-----w- C:\Windows\System32\Wat 2013-06-09 11:35:02 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2013-06-09 11:35:02 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2013-06-09 11:35:02 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2013-06-09 11:35:02 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2013-06-09 11:08:29 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-09 11:02:22 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll 2013-06-09 11:02:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2013-06-09 11:02:22 367616 ----a-w- C:\Windows\System32\atmfd.dll 2013-06-09 11:02:22 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2013-06-09 11:02:22 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2013-06-09 11:02:22 100864 ----a-w- C:\Windows\System32\fontsub.dll 2013-06-09 11:01:58 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2013-06-09 11:01:58 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2013-06-09 11:01:57 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2013-06-09 11:01:57 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2013-06-09 11:01:57 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2013-06-09 11:01:57 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2013-06-09 11:01:57 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2013-06-09 11:00:42 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2013-06-09 11:00:42 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2013-06-09 11:00:42 5120 ----a-w- C:\Windows\System32\wmi.dll 2013-06-09 11:00:42 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2013-06-09 11:00:42 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2013-06-09 08:36:20 -------- d-----w- C:\Windows\panther 2013-06-09 08:31:53 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin 2013-06-09 08:17:43 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2013-06-09 07:49:59 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-06-09 07:48:57 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2013-06-09 07:48:57 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys 2013-06-09 07:48:56 634880 ----a-w- C:\Windows\System32\msvcrt.dll 2013-06-09 07:48:55 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll 2013-06-09 07:48:54 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2013-06-09 07:48:54 478208 ----a-w- C:\Windows\System32\dpnet.dll 2013-06-09 07:48:54 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2013-06-09 07:48:53 515584 ----a-w- C:\Windows\System32\timedate.cpl 2013-06-09 07:48:53 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl 2013-06-09 07:48:52 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe 2013-06-09 07:40:34 77312 ----a-w- C:\Windows\System32\packager.dll 2013-06-09 07:40:34 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2013-06-09 06:52:40 0 ----a-w- C:\Windows\ativpsrm.bin 2013-06-09 06:30:41 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2013-06-09 06:30:41 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2013-06-09 06:30:41 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2013-06-09 06:27:18 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2013-06-09 06:27:11 99840 ----a-w- C:\Windows\System32\wudriver.dll 2013-06-09 06:27:01 36864 ----a-w- C:\Windows\System32\wuapp.exe 2013-06-09 06:27:01 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2013-06-09 06:14:41 -------- d-----w- C:\Users\matt\AppData\Roaming\Malwarebytes 2013-06-09 06:14:25 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-06-09 06:14:25 -------- d-----w- C:\ProgramData\Malwarebytes 2013-06-09 06:14:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-09 06:14:13 -------- d-----w- C:\Users\matt\AppData\Local\Programs 2013-06-09 05:55:45 -------- d-----w- C:\Program Files (x86)\ATI Technologies 2013-06-09 05:55:15 -------- d-sh--w- C:\Windows\Installer 2013-06-09 05:54:46 -------- d-----w- C:\Program Files\ATI Technologies 2013-06-09 05:54:44 -------- d-----w- C:\Program Files\ATI 2013-06-09 05:48:29 -------- d-----w- C:\Windows\SysWow64\RTCOM 2013-06-09 05:48:29 -------- d-----w- C:\Program Files\Realtek 2013-06-09 05:48:23 412264 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys 2013-06-09 05:48:22 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll 2013-06-09 05:48:22 107624 ----a-w- C:\Windows\System32\RTNUninst64.dll 2013-06-09 05:48:19 2578576 ----a-w- C:\Windows\System32\WavesGUILib.dll 2013-06-09 05:48:04 155888 ----a-w- C:\Windows\System32\SRSWOW64.dll 2013-06-09 05:48:03 518896 ----a-w- C:\Windows\System32\SRSTSX64.dll 2013-06-09 05:48:02 332392 ----a-w- C:\Windows\System32\RtlCPAPI64.dll 2013-06-09 05:48:02 211184 ----a-w- C:\Windows\System32\SRSTSH64.dll 2013-06-09 05:48:02 198896 ----a-w- C:\Windows\System32\SRSHP64.dll . ==================== Find3M ==================== . 2013-06-09 11:08:29 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-05-02 07:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-03-31 22:52:16 1887232 ----a-w- C:\Windows\System32\d3d11.dll . ============= FINISH: 23:15:22.10 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 6/9/2013 12:43:51 AM System Uptime: 6/20/2013 11:10:51 PM (0 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | H61M-D2P-B3 Processor: Intel® Core i3-2120 CPU @ 3.30GHz | Socket 1155 | 3300/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 897.696 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: Description: Deskjet 1000 J110 series Device ID: USB\VID_03F0&PID_8811&MI_01\7&1FE6B6EC&0&0001 Manufacturer: Name: Deskjet 1000 J110 series PNP Device ID: USB\VID_03F0&PID_8811&MI_01\7&1FE6B6EC&0&0001 Service: . ==== System Restore Points =================== . RP9: 6/9/2013 1:42:07 PM - Windows Update RP10: 6/9/2013 5:17:17 PM - Windows Update RP11: 6/9/2013 6:37:07 PM - Windows Update RP12: 6/11/2013 5:16:50 PM - Windows Update RP13: 6/12/2013 1:47:09 AM - Windows Update RP14: 6/18/2013 6:33:12 PM - Windows Update . ==== Installed Programs ====================== . Adobe Flash Player 11 Plugin ATI Catalyst Install Manager ATI Problem Report Wizard HydraVision Intel® Control Center Intel® Management Engine Components Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Visual C++ 2005 Redistributable (x64) Mozilla Firefox 21.0 (x86 en-US) Mozilla Maintenance Service ON_OFF Charge B11.0110.1 Quest for Glory Collection Series Quest for Glory V: Dragon Fire Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) . ==== Event Viewer Messages From Past Week ======== . 6/20/2013 4:09:37 PM, Error: Service Control Manager [7031] - The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. . ==== End Of File ===========================
  3. Kaspersky runs erratically or stops running in the middle of session. I am locked out of my adminster settings Windows Updater keeps changing settings to "notify me" then locks me out of changing it saying I need administer privalages when I -am- the administrator. I think malware or a virus or some kind of trojen maybe involved but am unsure here are my stats. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16611 Run by matt at 20:10:20 on 2013-06-20 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4079.2849 [GMT -5:00] . AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7} SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A} FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC} FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\TiltWheelMouse.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe C:\ProgramData\Search Protection\SearchProtection.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\taskhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mStart Page = about:blank mWinlogon: Userinit = userinit.exe BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" mRun: [search Protection] C:\ProgramData\Search Protection\SearchProtection.exe mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:60 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll TCP: NameServer = 192.168.1.254 TCP: Interfaces\{63383C24-CC47-4520-BCF7-B67D0F9970F6} : DHCPNameServer = 192.168.1.254 SSODL: WebCheck - <orphaned> x64-mStart Page = about:blank x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [MouseDriver] TiltWheelMouse.exe x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\rjn5xfxo.default\ FF - prefs.js: browser.search.selectedEngine - SecureSearch FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll FF - ExtSQL: 2013-06-09 01:37; anti_banner@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF - ExtSQL: 2013-06-09 01:37; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF - ExtSQL: 2013-06-09 01:37; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF - ExtSQL: 2013-06-09 01:37; online_banking@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF - ExtSQL: 2013-06-09 01:37; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF - ExtSQL: 2013-06-19 21:56; {87934c42-161d-45bc-8cef-ef18abe2a30c}; C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\rjn5xfxo.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} . ============= SERVICES / DRIVERS =============== . R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-6-19 14456] R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-6-9 21104] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504] R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54368] R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448] R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-3-18 1236336] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-6-9 2655768] R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-5-25 29016] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-7-25 29528] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-6-9 412264] R3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144] S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356376] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-9 418376] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-9 701512] S2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000] S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-9 25928] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-9 19456] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-9 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-6-9 30208] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-9 1255736] . =============== Created Last 30 ================ . 2013-06-20 22:24:40 -------- d-----w- C:\Users\matt\AppData\Local\Diagnostics 2013-06-20 02:58:49 -------- d-----w- C:\Users\matt\AppData\Roaming\LavasoftStatistics 2013-06-20 02:58:49 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus 2013-06-20 02:57:56 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus 2013-06-20 02:57:48 -------- d-----w- C:\ProgramData\Downloaded Installations 2013-06-20 02:57:23 -------- d-----w- C:\ProgramData\Search Protection 2013-06-20 02:57:22 -------- d-----w- C:\Users\matt\AppData\Local\adawarebp 2013-06-20 02:57:22 -------- d-----w- C:\ProgramData\blekko toolbars 2013-06-20 02:57:20 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection 2013-06-20 02:56:45 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner 2013-06-20 02:56:39 -------- d-----w- C:\Program Files (x86)\adawaretb 2013-06-20 02:55:53 47496 ----a-w- C:\Windows\System32\sbbd.exe 2013-06-20 02:55:53 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys 2013-06-20 02:55:52 -------- d-----w- C:\Users\matt\AppData\Roaming\Ad-Aware Antivirus 2013-06-18 23:34:17 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{19951DBB-65DE-4A09-B864-2B0E919F3F5B}\mpengine.dll 2013-06-17 08:03:34 -------- d-----w- C:\Games 2013-06-17 07:48:50 -------- d-----w- C:\qfgcd 2013-06-15 02:52:23 -------- d-----w- C:\U2M 2013-06-13 03:47:16 -------- d-----w- C:\Program Files (x86)\DOSBox-0.74 2013-06-13 03:45:54 -------- d-----w- C:\Users\matt\AppData\Local\DOSBox 2013-06-12 04:50:44 -------- d-----w- C:\Users\matt\AppData\Local\Macromedia 2013-06-12 04:50:03 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-12 04:50:03 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-12 04:49:36 -------- d-----w- C:\Users\matt\AppData\Local\Adobe 2013-06-12 00:03:22 -------- d-----w- C:\Sierra 2013-06-11 22:17:43 279040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll 2013-06-11 22:16:36 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-06-09 23:38:18 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui 2013-06-09 23:37:36 -------- d-----w- C:\Windows\SysWow64\Wat 2013-06-09 23:37:35 -------- d-----w- C:\Windows\System32\Wat 2013-06-09 11:35:02 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2013-06-09 11:35:02 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2013-06-09 11:35:02 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2013-06-09 11:35:02 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2013-06-09 11:08:29 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-09 11:02:22 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll 2013-06-09 11:02:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2013-06-09 11:02:22 367616 ----a-w- C:\Windows\System32\atmfd.dll 2013-06-09 11:02:22 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2013-06-09 11:02:22 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2013-06-09 11:02:22 100864 ----a-w- C:\Windows\System32\fontsub.dll 2013-06-09 11:01:58 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2013-06-09 11:01:58 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2013-06-09 11:01:57 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2013-06-09 11:01:57 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2013-06-09 11:01:57 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2013-06-09 11:01:57 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2013-06-09 11:01:57 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2013-06-09 11:00:42 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2013-06-09 11:00:42 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2013-06-09 11:00:42 5120 ----a-w- C:\Windows\System32\wmi.dll 2013-06-09 11:00:42 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2013-06-09 11:00:42 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2013-06-09 08:36:20 -------- d-----w- C:\Windows\panther 2013-06-09 08:31:53 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin 2013-06-09 08:17:43 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2013-06-09 07:49:59 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-06-09 07:48:57 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2013-06-09 07:48:57 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys 2013-06-09 07:48:56 634880 ----a-w- C:\Windows\System32\msvcrt.dll 2013-06-09 07:48:55 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll 2013-06-09 07:48:54 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2013-06-09 07:48:54 478208 ----a-w- C:\Windows\System32\dpnet.dll 2013-06-09 07:48:54 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2013-06-09 07:48:53 515584 ----a-w- C:\Windows\System32\timedate.cpl 2013-06-09 07:48:53 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl 2013-06-09 07:48:52 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe 2013-06-09 07:40:34 77312 ----a-w- C:\Windows\System32\packager.dll 2013-06-09 07:40:34 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2013-06-09 06:52:40 0 ----a-w- C:\Windows\ativpsrm.bin 2013-06-09 06:30:41 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2013-06-09 06:30:41 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2013-06-09 06:30:41 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2013-06-09 06:27:18 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2013-06-09 06:27:11 99840 ----a-w- C:\Windows\System32\wudriver.dll 2013-06-09 06:27:01 36864 ----a-w- C:\Windows\System32\wuapp.exe 2013-06-09 06:27:01 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2013-06-09 06:14:41 -------- d-----w- C:\Users\matt\AppData\Roaming\Malwarebytes 2013-06-09 06:14:25 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-06-09 06:14:25 -------- d-----w- C:\ProgramData\Malwarebytes 2013-06-09 06:14:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-09 06:14:13 -------- d-----w- C:\Users\matt\AppData\Local\Programs 2013-06-09 06:00:45 64856 ----a-w- C:\Windows\System32\klfphc.dll 2013-06-09 06:00:33 -------- d-----w- C:\Windows\ELAMBKUP 2013-06-09 06:00:31 -------- d-----w- C:\ProgramData\Kaspersky Lab 2013-06-09 06:00:31 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab 2013-06-09 06:00:27 90208 ----a-w- C:\Windows\System32\drivers\klflt.sys 2013-06-09 05:55:45 -------- d-----w- C:\Program Files (x86)\ATI Technologies 2013-06-09 05:55:15 -------- d-sh--w- C:\Windows\Installer 2013-06-09 05:54:46 -------- d-----w- C:\Program Files\ATI Technologies 2013-06-09 05:54:44 -------- d-----w- C:\Program Files\ATI 2013-06-09 05:48:29 -------- d-----w- C:\Windows\SysWow64\RTCOM 2013-06-09 05:48:29 -------- d-----w- C:\Program Files\Realtek 2013-06-09 05:48:23 412264 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys 2013-06-09 05:48:22 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll 2013-06-09 05:48:22 107624 ----a-w- C:\Windows\System32\RTNUninst64.dll 2013-06-09 05:48:19 2578576 ----a-w- C:\Windows\System32\WavesGUILib.dll 2013-06-09 05:48:04 155888 ----a-w- C:\Windows\System32\SRSWOW64.dll 2013-06-09 05:48:03 518896 ----a-w- C:\Windows\System32\SRSTSX64.dll 2013-06-09 05:48:02 332392 ----a-w- C:\Windows\System32\RtlCPAPI64.dll 2013-06-09 05:48:02 211184 ----a-w- C:\Windows\System32\SRSTSH64.dll 2013-06-09 05:48:02 198896 ----a-w- C:\Windows\System32\SRSHP64.dll . ==================== Find3M ==================== . 2013-06-18 23:15:28 54368 ----a-w- C:\Windows\System32\drivers\kltdi.sys 2013-06-09 11:08:29 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-09 06:37:29 178448 ----a-w- C:\Windows\System32\drivers\kneps.sys 2013-06-09 06:37:28 29528 ----a-w- C:\Windows\System32\drivers\klmouflt.sys 2013-06-09 06:37:28 29016 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys 2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-05-02 07:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-03-31 22:52:16 1887232 ----a-w- C:\Windows\System32\d3d11.dll . ============= FINISH: 20:10:32.17 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 6/9/2013 12:43:51 AM System Uptime: 6/20/2013 5:39:18 PM (3 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | H61M-D2P-B3 Processor: Intel® Core i3-2120 CPU @ 3.30GHz | Socket 1155 | 3300/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 895.899 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: Description: Deskjet 1000 J110 series Device ID: USB\VID_03F0&PID_8811&MI_01\7&1FE6B6EC&0&0001 Manufacturer: Name: Deskjet 1000 J110 series PNP Device ID: USB\VID_03F0&PID_8811&MI_01\7&1FE6B6EC&0&0001 Service: . ==== System Restore Points =================== . RP9: 6/9/2013 1:42:07 PM - Windows Update RP10: 6/9/2013 5:17:17 PM - Windows Update RP11: 6/9/2013 6:37:07 PM - Windows Update RP12: 6/11/2013 5:16:50 PM - Windows Update RP13: 6/12/2013 1:47:09 AM - Windows Update RP14: 6/18/2013 6:33:12 PM - Windows Update . ==== Installed Programs ====================== . Ad-Aware Antivirus Ad-Aware Security Add-on Adobe Flash Player 11 Plugin ATI Catalyst Install Manager ATI Problem Report Wizard HydraVision Intel® Control Center Intel® Management Engine Components Kaspersky Internet Security 2013 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Visual C++ 2005 Redistributable (x64) Mozilla Firefox 21.0 (x86 en-US) Mozilla Maintenance Service ON_OFF Charge B11.0110.1 Quest for Glory Collection Series Quest for Glory V: Dragon Fire Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) . ==== Event Viewer Messages From Past Week ======== . 6/20/2013 4:09:37 PM, Error: Service Control Manager [7031] - The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. . ==== End Of File ===========================
  4. how do I uninstall combofix's recovery console? It shows up after my POST screen during reboot. Is it necessary I keep it on?
  5. I have run combofix Uninstall and OTC however, when I rebooted I remained online and when I was back on the desktop, the mbam icon greyed out and it was inacessalble I can't even bring it up, will reboot again and hopefully mbam will be restored, this has happened to me before-something to do with icon sequencing, that is what I read in another forum. I will refer back to the forum you suggested- though I started a topic there originally and was referred here. Thank you kindly for your help in assuring I do not have any malware.
  6. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=8 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=809897f28ff30643bc58aabfa567badf # engine=13527 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2013-04-02 03:12:23 # local_time=2013-04-01 10:12:23 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1286 16777213 100 97 0 18691865 0 0 # scanned=105944 # found=0 # cleaned=0 # scan_time=2474 the computer runs normally when Kaspersky and mbam aren't running together, it seems to be running those two programs together causes much of the slowdown on my PC, especially when I have "Enable malicious website blocking" enabled at the same time Kaspersky is enabled. However, I do not know why "Enable malicious website blocking" disables on its own without my intervention. So far it hasn't done so since beginning these diagnostic tests. Here's hoping...
  7. ComboFix 13-04-01.01 - matolis 04/01/2013 17:58:22.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1582 [GMT -5:00] Running from: c:\documents and settings\matolis\Desktop\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C} FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Lavasoft Ad-Aware *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\matolis\WINDOWS c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2013-03-01 to 2013-04-01 ))))))))))))))))))))))))))))))) . . 2013-03-29 07:02 . 2013-03-29 08:50 -------- d-----w- C:\Games 2013-03-17 17:33 . 2013-03-17 17:33 -------- d-----w- C:\AMD 2013-03-17 04:47 . 2013-03-17 04:47 -------- d-----w- C:\USBVaccine 2013-03-16 03:54 . 2013-03-16 03:54 -------- d-----w- C:\70a2473e871645d7e4 2013-03-15 14:25 . 2013-03-15 14:25 -------- d-----r- C:\acroldr . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-15 16:35 . 2012-06-08 17:38 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys 2013-03-15 16:35 . 2012-07-25 20:53 24920 ----a-w- c:\windows\system32\drivers\klmouflt.sys 2013-03-15 16:35 . 2012-05-26 01:38 24408 ----a-w- c:\windows\system32\drivers\klkbdflt.sys 2013-02-12 00:32 . 2008-04-14 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-06 10:48 . 2013-02-06 10:48 81920 ------w- c:\windows\system32\ieencode.dll 2013-02-05 20:05 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2013-02-05 20:05 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2013-02-05 20:05 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-02-05 05:53 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec 2013-01-26 03:55 . 2008-04-14 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-07 01:16 . 2008-04-14 12:00 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-07 00:36 . 2008-04-14 00:01 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-01-04 01:20 . 2008-04-14 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-01-02 06:49 . 2008-04-14 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax 2013-01-02 06:49 . 2008-04-14 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2013-02-11 87464] . [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] 2013-02-11 10:47 87464 ----a-w- c:\program files\adawaretb\adawareDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2013-02-11 87464] . [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X] "CTHelper"="CTHELPER.EXE" [2006-05-24 17920] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 98304] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600] "razertra"="c:\program files\Razer\razertra.exe" [2004-02-26 208896] "Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Z1"="e:\mbar\mbar.exe" [2013-04-01 1363016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service] @="Ad-Aware Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\adawaretb\\dtUser.exe"= "c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"= "c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"= "c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"= "c:\\Games\\Reality Pump\\Two Worlds\\TwoWorlds.exe"= "c:\\Games\\Reality Pump\\Two Worlds\\TwoWorlds_RADEON.exe"= "c:\\Games\\CAPCOM\\DARK VOID\\Launcher.exe"= "c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"= "c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"= "c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"= "c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"= "c:\\Program Files\\Origin Games\\Mass Effect 3\\Binaries\\Win32\\MassEffect3.exe"= . R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [3/15/2013 3:55 AM 116264] R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [6/8/2012 12:38 PM 43608] R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [8/13/2012 5:49 PM 144344] R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [2/21/2013 5:37 AM 1236336] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [5/5/2010 9:23 PM 171096] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [5/5/2010 9:24 PM 1324120] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [5/5/2010 9:23 PM 72792] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [6/27/2012 3:09 PM 35672] R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [5/25/2012 8:38 PM 24408] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [7/25/2012 3:53 PM 24920] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [3/31/2013 6:29 AM 35144] S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [3/25/2013 2:39 AM 13560] S1 1502209drv;1502209drv;c:\windows\system32\drivers\1502209drv.sys [3/20/2013 10:43 PM 475736] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/15/2013 12:19 PM 682344] S2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [9/20/2012 5:39 AM 3677000] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [3/17/2013 12:35 PM 99856] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [3/21/2013 11:32 AM 79360] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [5/5/2010 9:23 PM 171096] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [5/5/2010 9:24 PM 1324120] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [5/5/2010 9:23 PM 72792] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [3/25/2013 12:10 PM 25832] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/15/2013 12:19 PM 21104] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASWMBR *NewlyCreated* - TRUESIGHT *Deregistered* - aswMBR *Deregistered* - TrueSight . Contents of the 'Scheduled Tasks' folder . 2013-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-21 02:05] . 2013-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57] . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = about:blank TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . SafeBoot-28238300.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-01 18:04 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTxfiHlp = CTXFIHLP.EXE? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-329068152-706699826-682003330-1003\Software\SecuROM\License information*] "datasecu"=hex:0b,aa,0d,75,9d,5e,19,42,63,87,ce,40,38,16,64,96,03,a3,65,05,b2, 51,63,05,37,37,1e,5f,94,d5,14,14,01,c4,3d,65,42,46,94,0c,86,f1,24,08,27,2a,\ "rkeysecu"=hex:b4,44,1a,37,75,ae,19,c5,64,52,18,43,bf,08,e5,51 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1040) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . Completion time: 2013-04-01 18:05:45 ComboFix-quarantined-files.txt 2013-04-01 23:05 . Pre-Run: 904,002,850,816 bytes free Post-Run: 904,048,906,240 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - F2D599EB9E0AFFB11C1E8DFB1A2C4797
  8. aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2013-04-01 16:15:23 ----------------------------- 16:15:23.093 OS Version: Windows 5.1.2600 Service Pack 3 16:15:23.093 Number of processors: 1 586 0x408 16:15:23.093 ComputerName: MDAUB588 UserName: matolis 16:15:24.171 Initialize success 16:17:15.937 AVAST engine defs: 13040101 16:17:30.265 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e 16:17:30.265 Disk 0 Vendor: WDC_WD800BB-63JKC0 05.01C05 Size: 76319MB BusType: 3 16:17:30.265 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\SI3112r1Port2Path0Target0Lun0 16:17:30.265 Disk 1 Vendor: SiI_____ 1100 Size: 953878MB BusType: 1 16:17:30.343 Disk 1 MBR read successfully 16:17:30.343 Disk 1 MBR scan 16:17:30.359 Disk 1 Windows XP default MBR code 16:17:30.359 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953875 MB offset 63 16:17:30.375 Disk 1 scanning sectors +1953536130 16:17:30.406 Disk 1 scanning C:\WINDOWS\system32\drivers 16:17:43.593 Service scanning 16:17:48.187 Service kl1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5 16:17:48.281 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5 16:17:48.296 Service klkbdflt C:\WINDOWS\system32\DRIVERS\klkbdflt.sys **LOCKED** 5 16:17:48.328 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5 16:17:48.343 Service kltdi C:\WINDOWS\system32\DRIVERS\kltdi.sys **LOCKED** 5 16:17:48.406 Service kneps C:\WINDOWS\system32\DRIVERS\kneps.sys **LOCKED** 5 16:17:53.203 Modules scanning 16:17:56.656 Disk 1 trace - called modules: 16:17:56.671 ntkrnlpa.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll SI3112r.sys 16:17:56.671 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a63c608] 16:17:56.671 3 CLASSPNP.SYS[ba0a8fd7] -> nt!IofCallDriver -> \Device\Scsi\SI3112r1Port2Path0Target0Lun0[0x8a62fa38] 16:17:57.703 AVAST engine scan C:\WINDOWS 16:18:01.906 AVAST engine scan C:\WINDOWS\system32 16:21:37.734 AVAST engine scan C:\WINDOWS\system32\drivers 16:22:02.812 AVAST engine scan C:\Documents and Settings\matolis 16:23:02.062 AVAST engine scan C:\Documents and Settings\All Users 16:23:51.640 Scan finished successfully 16:26:52.656 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\matolis\Desktop\MBR.dat" 16:26:52.656 The log file has been saved successfully to "C:\Documents and Settings\matolis\Desktop\aswMBR.txt" I had to run "Roguekiller" twice because the first time I ran it I had forgotten to close down my other programs(mbam, Kaspersky ect) sorry about that this is confusiing, but RK made 3 reports. RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : matolis [Admin rights] Mode : Scan -- Date : 04/01/2013 16:36:15 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [RUN][sUSP PATH] HKLM\[...]\Run : SearchProtection (C:\Documents and Settings\All Users\Application Data\Search Protection\_run.bat) [-] -> FOUND [HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[122] : NtOpenProcess @ 0x805C1462 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0x96192C4C) SSDT[128] : NtOpenThread @ 0x805C16EE -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0x96192D3C) ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD800BB-63JKC0 +++++ --- User --- [MBR] e830bfbade9ae6845a724b66390a44da [bSP] 873b6688299a642a951645c4e274ccac : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SiI RAID 0 Set 0 SCSI Disk Device +++++ --- User --- [MBR] fd3085d2deb2d7a3800d077ee06bcb8a [bSP] 29de1555f20f4574cd04076ba872fded : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953875 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_04012013_02d1636.txt >> RKreport[1]_S_04012013_02d1636.txt RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : matolis [Admin rights] Mode : Remove -- Date : 04/01/2013 16:37:01 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [RUN][sUSP PATH] HKLM\[...]\Run : SearchProtection (C:\Documents and Settings\All Users\Application Data\Search Protection\_run.bat) [-] -> DELETED [HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ SSDT[122] : NtOpenProcess @ 0x805C1462 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0x96192C4C) SSDT[128] : NtOpenThread @ 0x805C16EE -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0x96192D3C) ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD800BB-63JKC0 +++++ --- User --- [MBR] e830bfbade9ae6845a724b66390a44da [bSP] 873b6688299a642a951645c4e274ccac : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SiI RAID 0 Set 0 SCSI Disk Device +++++ --- User --- [MBR] fd3085d2deb2d7a3800d077ee06bcb8a [bSP] 29de1555f20f4574cd04076ba872fded : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953875 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2]_D_04012013_02d1637.txt >> RKreport[1]_S_04012013_02d1636.txt ; RKreport[2]_D_04012013_02d1637.txt RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : matolis [Admin rights] Mode : Shortcuts HJfix -- Date : 04/01/2013 16:38:14 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ File attributes restored: ¤¤¤ Desktop: Success 0 / Fail 0 Quick launch: Success 0 / Fail 0 Programs: Success 6 / Fail 0 Start menu: Success 0 / Fail 0 User folder: Success 51 / Fail 0 My documents: Success 0 / Fail 0 My favorites: Success 0 / Fail 0 My pictures: Success 0 / Fail 0 My music: Success 0 / Fail 0 My videos: Success 0 / Fail 0 Local drives: Success 64 / Fail 0 Backup: [NOT FOUND] Drives: [A:] \Device\Floppy0 -- 0x2 --> Skipped [C:] \Device\HarddiskVolume1 -- 0x3 --> Restored [D:] \Device\CdRom0 -- 0x5 --> Skipped [E:] \Device\HarddiskVolume2 -- 0x3 --> Restored Finished : << RKreport[3]_SC_04012013_02d1638.txt >> RKreport[1]_S_04012013_02d1636.txt ; RKreport[2]_D_04012013_02d1637.txt ; RKreport[3]_SC_04012013_02d1638.txt
  9. This problem happens contiunally and at random. It happens when I go online, but never does it happen offline and from what I've read of other people with this problem it could likely be a virus or malware of some kind or a backdoor trojin. I was referred here by one of the experts from General Malwarebytes Anti-malware forum" someone please help me determine if I do indeed have some kind of malicious attack on my PC or if it is merely a software glitch. here are my PC's stats. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by matolis at 14:56:48 on 2013-04-01 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1361 [GMT -5:00] . AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C} FW: Lavasoft Ad-Aware *Disabled* FW: Kaspersky Internet Security *Disabled* . ============== Running Processes ================ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Razer\razertra.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\Documents and Settings\All Users\Application Data\Search Protection\SearchProtection.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank uURLSearchHooks: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll mRun: [CTHelper] CTHELPER.EXE mRun: [updReg] c:\windows\UpdReg.EXE mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [razertra] c:\program files\razer\razertra.exe mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe" mRun: [searchProtection] c:\documents and settings\all users\application data\search protection\_run.bat mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe" mRunOnce: [Z1] cmd /c "e:\mbar\mbar.exe" /cleanup /s uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:28 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1363374798406 Notify: AtiExtEvent - Ati2evxx.dll Notify: klogon - c:\windows\system32\klogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-3-25 13560] R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2012-6-19 136024] R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2013-3-15 116264] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2013-3-15 586584] R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 43608] R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344] R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2013-2-21 1236336] R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 356376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-15 682344] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2012-6-27 35672] R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 24408] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 24920] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-3-31 35144] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-15 21104] S1 1502209drv;1502209drv;c:\windows\system32\drivers\1502209drv.sys [2013-3-20 475736] S2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2012-9-20 3677000] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2013-3-17 99856] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2013-3-21 79360] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2013-3-25 25832] . =============== Created Last 30 ================ . 2013-03-31 11:29:07 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-03-29 18:51:11 -------- d-----w- c:\documents and settings\all users\application data\EA Core 2013-03-29 18:51:06 -------- d-----w- c:\documents and settings\all users\application data\EA Logs 2013-03-29 18:02:42 -------- d--h--w- c:\program files\common files\EAInstaller 2013-03-29 18:02:22 -------- d-----w- c:\program files\NVIDIA Corporation 2013-03-29 15:37:47 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2013-03-29 09:43:44 -------- d-----w- c:\program files\Origin Games 2013-03-29 09:43:43 -------- d-----w- c:\documents and settings\matolis\local settings\application data\Origin 2013-03-29 09:43:42 -------- d-----w- c:\documents and settings\matolis\application data\Origin 2013-03-29 09:43:30 -------- d-----w- c:\documents and settings\all users\application data\Origin 2013-03-29 09:43:30 -------- d-----w- c:\documents and settings\all users\application data\Electronic Arts 2013-03-29 09:43:09 -------- d-----w- c:\program files\Origin 2013-03-29 07:52:46 -------- d-----w- c:\program files\MSXML 4.0 2013-03-29 07:38:01 -------- d-----w- c:\program files\Microsoft Games 2013-03-29 07:02:44 -------- d-----w- C:\Games 2013-03-29 06:43:03 -------- d-----w- c:\documents and settings\all users\application data\BioWare 2013-03-29 06:01:18 -------- d-----w- c:\program files\Mass Effect 2 2013-03-25 17:33:52 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP 2013-03-25 17:00:28 -------- d-----w- c:\program files\Dragon Age 2013-03-25 15:12:26 -------- d-----w- c:\program files\common files\BioWare 2013-03-25 14:54:24 -------- d-----w- c:\program files\Mass Effect 2013-03-25 07:47:23 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Antivirus 2013-03-25 07:47:22 -------- d-----w- c:\documents and settings\matolis\application data\LavasoftStatistics 2013-03-25 07:42:35 -------- d-----w- c:\program files\Ad-Aware Antivirus 2013-03-25 07:41:55 -------- d-----w- c:\documents and settings\all users\application data\Downloaded Installations 2013-03-25 07:41:46 -------- d-----w- c:\documents and settings\matolis\local settings\application data\adawarebp 2013-03-25 07:41:46 -------- d-----w- c:\documents and settings\all users\application data\Search Protection 2013-03-25 07:41:45 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars 2013-03-25 07:41:45 -------- d-----w- c:\documents and settings\all users\application data\adawaretb 2013-03-25 07:41:43 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection 2013-03-25 07:41:06 -------- d-----w- c:\program files\Toolbar Cleaner 2013-03-25 07:40:59 -------- d-----w- c:\documents and settings\matolis\application data\SecureSearch 2013-03-25 07:40:54 -------- d-----w- c:\program files\adawaretb 2013-03-25 07:40:54 -------- d-----w- c:\documents and settings\matolis\application data\adawaretb 2013-03-25 07:39:30 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys 2013-03-25 07:39:29 44424 ----a-w- c:\windows\system32\sbbd.exe 2013-03-25 07:39:19 -------- d-----w- c:\documents and settings\matolis\application data\Ad-Aware Antivirus 2013-03-21 19:31:39 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2013-03-21 17:10:20 -------- d-----w- c:\documents and settings\matolis\local settings\application data\Adobe 2013-03-21 17:03:24 -------- d-----w- c:\documents and settings\matolis\local settings\application data\WMTools Downloaded Files 2013-03-21 16:51:45 57344 ----a-w- c:\windows\system32\razer.cpl 2013-03-21 16:51:45 38904 ----a-w- c:\windows\system32\drivers\razerusb.sys 2013-03-21 16:39:11 102400 ----a-w- c:\windows\system32\cttele32.dll 2013-03-21 16:39:03 -------- d-----w- c:\program files\OpenAL 2013-03-21 16:35:39 22691984 ----a-w- c:\windows\system32\AppSetup.exe 2013-03-21 16:32:07 -------- d-----w- c:\program files\common files\Creative Labs Shared 2013-03-21 07:23:19 -------- d--h--w- c:\windows\PIF 2013-03-21 03:43:37 475736 ----a-w- c:\windows\system32\drivers\1502209drv.sys 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2013-03-21 02:16:48 -------- d-----w- c:\documents and settings\matolis\local settings\application data\Apple 2013-03-21 02:16:13 -------- d-----w- c:\documents and settings\matolis\local settings\application data\Apple Computer 2013-03-21 02:05:38 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-21 02:05:38 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-19 10:05:59 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2013-03-19 10:04:19 -------- d--h--w- c:\windows\msdownld.tmp 2013-03-19 10:04:04 -------- d-----w- c:\windows\Logs 2013-03-19 08:21:36 -------- d-----w- c:\windows\pss 2013-03-17 17:37:57 -------- d-----w- c:\documents and settings\matolis\local settings\application data\ATI 2013-03-17 17:35:23 99856 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys 2013-03-17 17:33:27 -------- d-----w- C:\AMD 2013-03-17 16:48:05 -------- d-----w- c:\program files\CCleaner 2013-03-17 04:50:42 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2013-03-17 04:47:46 -------- d-----w- C:\USBVaccine 2013-03-16 22:19:12 -------- d-----w- c:\program files\Windows Media Connect 2 2013-03-16 22:17:59 -------- d-----w- c:\windows\system32\LogFiles 2013-03-16 03:55:05 -------- d-----w- c:\windows\system32\XPSViewer 2013-03-16 03:54:39 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2013-03-16 03:54:39 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2013-03-16 03:54:39 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2013-03-16 03:54:39 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2013-03-16 03:54:39 575488 ------w- c:\windows\system32\xpsshhdr.dll 2013-03-16 03:54:39 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2013-03-16 03:54:39 1676288 ------w- c:\windows\system32\xpssvcs.dll 2013-03-16 03:54:39 117760 ------w- c:\windows\system32\prntvpt.dll 2013-03-16 03:54:38 -------- d-----w- C:\70a2473e871645d7e4 2013-03-15 21:13:51 -------- d-sh--w- c:\documents and settings\matolis\PrivacIE 2013-03-15 21:13:50 -------- d-sh--w- c:\documents and settings\matolis\IECompatCache 2013-03-15 21:05:26 -------- d-sh--w- c:\documents and settings\matolis\IETldCache 2013-03-15 19:48:31 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2013-03-15 19:48:02 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2013-03-15 19:47:43 -------- d-----w- c:\windows\ie8updates 2013-03-15 19:47:37 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2013-03-15 19:47:37 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2013-03-15 19:47:37 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2013-03-15 19:47:37 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2013-03-15 19:47:37 2004992 -c----w- c:\windows\system32\dllcache\iertutil.dll 2013-03-15 19:47:37 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2013-03-15 19:47:37 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll 2013-03-15 19:46:34 -------- dc-h--w- c:\windows\ie8 2013-03-15 19:30:52 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys 2013-03-15 19:27:34 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2013-03-15 19:27:34 3072 ------w- c:\windows\system32\iacenc.dll 2013-03-15 19:25:54 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2013-03-15 19:18:13 2193024 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2013-03-15 19:18:13 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2013-03-15 19:18:12 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2013-03-15 19:18:04 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2013-03-15 19:17:18 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2013-03-15 19:17:18 272128 ------w- c:\windows\system32\drivers\bthport.sys 2013-03-15 19:15:53 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2013-03-15 19:15:53 -------- d-----w- c:\windows\system32\PreInstall 2013-03-15 19:15:52 -------- d--h--w- c:\windows\$hf_mig$ 2013-03-15 19:13:14 -------- d-sh--w- c:\documents and settings\matolis\UserData 2013-03-15 19:04:53 -------- d-----w- c:\windows\system32\SoftwareDistribution 2013-03-15 17:20:11 -------- d-----w- c:\documents and settings\matolis\application data\Malwarebytes 2013-03-15 17:19:57 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2013-03-15 17:19:56 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-15 17:19:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-03-15 17:05:28 -------- d-----w- c:\program files\Kaspersky Lab 2013-03-15 17:05:28 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab 2013-03-15 17:05:22 74072 ----a-w- c:\windows\system32\drivers\klflt.sys 2013-03-15 16:54:46 7062 ----a-w- c:\windows\system32\audiopid.vxd 2013-03-15 16:54:35 647872 ------w- c:\windows\system32\Mscomct2.ocx 2013-03-15 16:54:35 41984 ------w- c:\windows\Ctregrun.exe 2013-03-15 16:54:22 90112 ------w- c:\windows\Updreg.EXE 2013-03-15 16:53:52 445016 ----a-w- c:\windows\system32\wrap_oal.dll 2013-03-15 16:53:52 109144 ----a-w- c:\windows\system32\OpenAL32.dll 2013-03-15 16:53:20 10240 ----a-w- c:\windows\CTDCRES.DLL 2013-03-15 16:53:20 -------- d-----w- c:\windows\system32\Data 2013-03-15 16:52:41 -------- d-----w- c:\program files\Creative 2013-03-15 14:25:00 -------- d-sh--r- C:\acroldr 2013-03-15 10:18:57 -------- d--h--w- c:\windows\system32\GroupPolicy 2013-03-15 09:19:52 0 ----a-w- c:\windows\ativpsrm.bin 2013-03-15 09:12:59 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll 2013-03-15 09:12:59 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll 2013-03-15 09:12:59 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll 2013-03-15 09:12:59 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll 2013-03-15 09:12:59 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll 2013-03-15 09:03:45 -------- d-----w- c:\documents and settings\matolis\local settings\application data\ApplicationHistory 2013-03-15 09:02:50 -------- d-----w- c:\windows\system32\URTTemp 2013-03-15 08:55:46 19240 ----a-r- c:\windows\system32\drivers\SiWinAcc.sys 2013-03-15 08:55:46 118824 ----a-r- c:\windows\system32\SilSupp.dll 2013-03-15 08:55:46 116264 ----a-r- c:\windows\system32\drivers\SI3112r.sys 2013-03-15 08:35:32 117248 ----a-r- c:\windows\system32\drivers\viamraid.sys 2013-03-15 08:18:56 27904 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS 2013-03-15 08:18:52 -------- d-----w- c:\windows\system32\ReinstallBackups 2013-03-15 08:18:29 306688 ----a-w- c:\windows\IsUninst.exe 2013-03-15 08:18:21 -------- d-----w- c:\documents and settings\matolis\WINDOWS 2013-03-15 08:15:05 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS . ==================== Find3M ==================== . 2013-03-15 16:35:09 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys 2013-03-15 16:35:08 24920 ----a-w- c:\windows\system32\drivers\klmouflt.sys 2013-03-15 16:35:08 24408 ----a-w- c:\windows\system32\drivers\klkbdflt.sys 2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-06 10:48:44 81920 ------w- c:\windows\system32\ieencode.dll 2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll 2013-02-05 20:05:46 43520 ------w- c:\windows\system32\licmgr10.dll 2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-02-05 05:53:57 385024 ------w- c:\windows\system32\html.iec 2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax 2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll . ============= FINISH: 14:57:41.96 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 3/15/2013 2:16:14 AM System Uptime: 4/1/2013 2:20:07 PM (0 hours ago) . Motherboard: ASUSTeK Computer Inc. | | K8V Processor: AMD Athlon 64 Processor 3200+ | Socket 754 | 2002/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 932 GiB total, 842.072 GiB free. D: is CDROM () E: is FIXED (NTFS) - 75 GiB total, 73.977 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318} Description: AMD High Definition Audio Device Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&2D021E0F&0&0001 Manufacturer: Advanced Micro Devices Name: AMD High Definition Audio Device PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&2D021E0F&0&0001 Service: AtiHDAudioService . Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318} Description: VIA RAID Controller - 3149 Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_80ED1043&REV_80\3&267A616A&0&78 Manufacturer: VIA Technologies, Inc. Name: VIA RAID Controller - 3149 PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_80ED1043&REV_80\3&267A616A&0&78 Service: viamraid . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Ad-Aware Antivirus Ad-Aware Security Add-on Adobe Flash Player 11 ActiveX Adobe Reader XI (11.0.02) AMD Catalyst Install Manager Apple Application Support Apple Software Update Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Creative Audio Control Panel Creative Console Launcher Creative Software AutoUpdate Creative System Information Creative WaveStudio 7 DARK VOID Dragon Age: Origins Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB954550-v5) Kaspersky Internet Security 2013 Malwarebytes Anti-Malware version 1.70.0.1100 Mass Effect Mass Effect 2 Mass Effect™ 3 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Flight Simulator X Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK NVIDIA PhysX OpenAL Origin QuickTime Razer redist Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows XP (KB923789) Sound Blaster X-Fi Two Worlds Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows Internet Explorer 8 (KB2632503) WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 . ==== Event Viewer Messages From Past Week ======== . 4/1/2013 2:20:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: gagp30kx 4/1/2013 2:17:59 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied. 3/31/2013 9:30:59 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Ad-Aware service to connect. 3/31/2013 9:30:59 AM, error: Service Control Manager [7000] - The Ad-Aware service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/31/2013 9:30:54 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service SBAMSvc with arguments "" in order to run the server: {FE7E09CE-BBF4-4698-8BC1-37C9002DAA43} 3/25/2013 8:13:41 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect. 3/25/2013 8:13:41 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/25/2013 6:35:13 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect. 3/25/2013 6:35:13 AM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/25/2013 12:56:20 PM, error: Application Popup [877] - There was error [DATABASE OPEN FAILED] processing the driver database. . ==== End Of File ===========================
  10. that entry for removal was from my Windows Security Center I disabled the alert for "Windows Updater" I am awair of this entry, it was a false positive, however, I will post this topic on the catagory you suggested, thank you.
  11. I disabled mbam's realtime protection, as well as that of Kaspersky and Adaware before making these reports, as instructed, that is why the chekcResults.txt says everything is turned off, normally I keep everything fully enabled.
  12. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by matolis at 9:25:47 on 2013-03-31 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1301 [GMT -5:00] . AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C} FW: Lavasoft Ad-Aware *Disabled* FW: Kaspersky Internet Security *Disabled* . ============== Running Processes ================ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Razer\razertra.exe C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe C:\Documents and Settings\All Users\Application Data\Search Protection\SearchProtection.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank uURLSearchHooks: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll mRun: [CTHelper] CTHELPER.EXE mRun: [updReg] c:\windows\UpdReg.EXE mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [razertra] c:\program files\razer\razertra.exe mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe" mRun: [searchProtection] c:\documents and settings\all users\application data\search protection\_run.bat mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe" mRunOnce: [Z1] cmd /c "e:\mbar-1.01.0.1021\mbar\mbar.exe" /cleanup /s uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:28 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1363374798406 Notify: AtiExtEvent - Ati2evxx.dll Notify: klogon - c:\windows\system32\klogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-3-25 13560] R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2012-6-19 136024] R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2013-3-15 116264] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2013-3-15 586584] R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 43608] R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344] R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2013-2-21 1236336] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2013-3-25 25832] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2012-6-27 35672] R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 24408] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 24920] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-3-31 35144] S1 1502209drv;1502209drv;c:\windows\system32\drivers\1502209drv.sys [2013-3-20 475736] S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 356376] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-15 682344] S2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2012-9-20 3677000] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2013-3-17 99856] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2013-3-21 79360] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-15 21104] . =============== Created Last 30 ================ . 2013-03-31 11:29:07 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2013-03-29 18:51:11 -------- d-----w- c:\documents and settings\all users\application data\EA Core 2013-03-29 18:51:06 -------- d-----w- c:\documents and settings\all users\application data\EA Logs 2013-03-29 18:02:42 -------- d--h--w- c:\program files\common files\EAInstaller 2013-03-29 18:02:22 -------- d-----w- c:\program files\NVIDIA Corporation 2013-03-29 15:37:47 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2013-03-29 09:43:44 -------- d-----w- c:\program files\Origin Games 2013-03-29 09:43:43 -------- d-----w- c:\documents and settings\matolis\local settings\application data\Origin 2013-03-29 09:43:42 -------- d-----w- c:\documents and settings\matolis\application data\Origin 2013-03-29 09:43:30 -------- d-----w- c:\documents and settings\all users\application data\Origin 2013-03-29 09:43:30 -------- d-----w- c:\documents and settings\all users\application data\Electronic Arts 2013-03-29 09:43:09 -------- d-----w- c:\program files\Origin 2013-03-29 07:52:46 -------- d-----w- c:\program files\MSXML 4.0 2013-03-29 07:38:01 -------- d-----w- c:\program files\Microsoft Games 2013-03-29 07:02:44 -------- d-----w- C:\Games 2013-03-29 06:43:03 -------- d-----w- c:\documents and settings\all users\application data\BioWare 2013-03-29 06:01:18 -------- d-----w- c:\program files\Mass Effect 2 2013-03-25 17:33:52 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP 2013-03-25 17:00:28 -------- d-----w- c:\program files\Dragon Age 2013-03-25 15:12:26 -------- d-----w- c:\program files\common files\BioWare 2013-03-25 14:54:24 -------- d-----w- c:\program files\Mass Effect 2013-03-25 07:47:23 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Antivirus 2013-03-25 07:47:22 -------- d-----w- c:\documents and settings\matolis\application data\LavasoftStatistics 2013-03-25 07:42:35 -------- d-----w- c:\program files\Ad-Aware Antivirus 2013-03-25 07:41:55 -------- d-----w- c:\documents and settings\all users\application data\Downloaded Installations 2013-03-25 07:41:46 -------- d-----w- c:\documents and settings\matolis\local settings\application data\adawarebp 2013-03-25 07:41:46 -------- d-----w- c:\documents and settings\all users\application data\Search Protection 2013-03-25 07:41:45 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars 2013-03-25 07:41:45 -------- d-----w- c:\documents and settings\all users\application data\adawaretb 2013-03-25 07:41:43 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection 2013-03-25 07:41:06 -------- d-----w- c:\program files\Toolbar Cleaner 2013-03-25 07:40:59 -------- d-----w- c:\documents and settings\matolis\application data\SecureSearch 2013-03-25 07:40:54 -------- d-----w- c:\program files\adawaretb 2013-03-25 07:40:54 -------- d-----w- c:\documents and settings\matolis\application data\adawaretb 2013-03-25 07:39:30 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys 2013-03-25 07:39:29 44424 ----a-w- c:\windows\system32\sbbd.exe 2013-03-25 07:39:19 -------- d-----w- c:\documents and settings\matolis\application data\Ad-Aware Antivirus 2013-03-21 19:31:39 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2013-03-21 17:10:20 -------- d-----w- c:\documents and settings\matolis\local settings\application data\Adobe 2013-03-21 17:03:24 -------- d-----w- c:\documents and settings\matolis\local settings\application data\WMTools Downloaded Files 2013-03-21 16:51:45 57344 ----a-w- c:\windows\system32\razer.cpl 2013-03-21 16:51:45 38904 ----a-w- c:\windows\system32\drivers\razerusb.sys 2013-03-21 16:39:11 102400 ----a-w- c:\windows\system32\cttele32.dll 2013-03-21 16:39:03 -------- d-----w- c:\program files\OpenAL 2013-03-21 16:35:39 22691984 ----a-w- c:\windows\system32\AppSetup.exe 2013-03-21 16:32:07 -------- d-----w- c:\program files\common files\Creative Labs Shared 2013-03-21 07:23:19 -------- d--h--w- c:\windows\PIF 2013-03-21 03:43:37 475736 ----a-w- c:\windows\system32\drivers\1502209drv.sys 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2013-03-21 02:16:48 -------- d-----w- c:\documents and settings\matolis\local settings\application data\Apple 2013-03-21 02:16:13 -------- d-----w- c:\documents and settings\matolis\local settings\application data\Apple Computer 2013-03-21 02:05:38 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-21 02:05:38 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-19 10:05:59 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2013-03-19 10:04:19 -------- d--h--w- c:\windows\msdownld.tmp 2013-03-19 10:04:04 -------- d-----w- c:\windows\Logs 2013-03-19 08:21:36 -------- d-----w- c:\windows\pss 2013-03-17 17:37:57 -------- d-----w- c:\documents and settings\matolis\local settings\application data\ATI 2013-03-17 17:35:23 99856 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys 2013-03-17 17:33:27 -------- d-----w- C:\AMD 2013-03-17 16:48:05 -------- d-----w- c:\program files\CCleaner 2013-03-17 04:50:42 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2013-03-17 04:47:46 -------- d-----w- C:\USBVaccine 2013-03-16 22:19:12 -------- d-----w- c:\program files\Windows Media Connect 2 2013-03-16 22:17:59 -------- d-----w- c:\windows\system32\LogFiles 2013-03-16 03:55:05 -------- d-----w- c:\windows\system32\XPSViewer 2013-03-16 03:54:39 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2013-03-16 03:54:39 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2013-03-16 03:54:39 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2013-03-16 03:54:39 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2013-03-16 03:54:39 575488 ------w- c:\windows\system32\xpsshhdr.dll 2013-03-16 03:54:39 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2013-03-16 03:54:39 1676288 ------w- c:\windows\system32\xpssvcs.dll 2013-03-16 03:54:39 117760 ------w- c:\windows\system32\prntvpt.dll 2013-03-16 03:54:38 -------- d-----w- C:\70a2473e871645d7e4 2013-03-15 21:13:51 -------- d-sh--w- c:\documents and settings\matolis\PrivacIE 2013-03-15 21:13:50 -------- d-sh--w- c:\documents and settings\matolis\IECompatCache 2013-03-15 21:05:26 -------- d-sh--w- c:\documents and settings\matolis\IETldCache 2013-03-15 19:48:31 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2013-03-15 19:48:02 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2013-03-15 19:47:43 -------- d-----w- c:\windows\ie8updates 2013-03-15 19:47:37 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2013-03-15 19:47:37 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2013-03-15 19:47:37 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2013-03-15 19:47:37 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2013-03-15 19:47:37 2004992 -c----w- c:\windows\system32\dllcache\iertutil.dll 2013-03-15 19:47:37 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2013-03-15 19:47:37 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll 2013-03-15 19:46:34 -------- dc-h--w- c:\windows\ie8 2013-03-15 19:30:52 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys 2013-03-15 19:27:34 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2013-03-15 19:27:34 3072 ------w- c:\windows\system32\iacenc.dll 2013-03-15 19:25:54 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2013-03-15 19:18:13 2193024 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2013-03-15 19:18:13 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2013-03-15 19:18:12 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2013-03-15 19:18:04 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2013-03-15 19:17:18 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2013-03-15 19:17:18 272128 ------w- c:\windows\system32\drivers\bthport.sys 2013-03-15 19:15:53 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2013-03-15 19:15:53 -------- d-----w- c:\windows\system32\PreInstall 2013-03-15 19:15:52 -------- d--h--w- c:\windows\$hf_mig$ 2013-03-15 19:13:14 -------- d-sh--w- c:\documents and settings\matolis\UserData 2013-03-15 19:04:53 -------- d-----w- c:\windows\system32\SoftwareDistribution 2013-03-15 17:20:11 -------- d-----w- c:\documents and settings\matolis\application data\Malwarebytes 2013-03-15 17:19:57 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2013-03-15 17:19:56 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-15 17:19:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-03-15 17:05:28 -------- d-----w- c:\program files\Kaspersky Lab 2013-03-15 17:05:28 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab 2013-03-15 17:05:22 74072 ----a-w- c:\windows\system32\drivers\klflt.sys 2013-03-15 16:54:46 7062 ----a-w- c:\windows\system32\audiopid.vxd 2013-03-15 16:54:35 647872 ------w- c:\windows\system32\Mscomct2.ocx 2013-03-15 16:54:35 41984 ------w- c:\windows\Ctregrun.exe 2013-03-15 16:54:22 90112 ------w- c:\windows\Updreg.EXE 2013-03-15 16:53:52 445016 ----a-w- c:\windows\system32\wrap_oal.dll 2013-03-15 16:53:52 109144 ----a-w- c:\windows\system32\OpenAL32.dll 2013-03-15 16:53:20 10240 ----a-w- c:\windows\CTDCRES.DLL 2013-03-15 16:53:20 -------- d-----w- c:\windows\system32\Data 2013-03-15 16:52:41 -------- d-----w- c:\program files\Creative 2013-03-15 14:25:00 -------- d-sh--r- C:\acroldr 2013-03-15 10:18:57 -------- d--h--w- c:\windows\system32\GroupPolicy 2013-03-15 09:19:52 0 ----a-w- c:\windows\ativpsrm.bin 2013-03-15 09:12:59 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll 2013-03-15 09:12:59 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll 2013-03-15 09:12:59 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll 2013-03-15 09:12:59 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll 2013-03-15 09:12:59 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll 2013-03-15 09:03:45 -------- d-----w- c:\documents and settings\matolis\local settings\application data\ApplicationHistory 2013-03-15 09:02:50 -------- d-----w- c:\windows\system32\URTTemp 2013-03-15 08:55:46 19240 ----a-r- c:\windows\system32\drivers\SiWinAcc.sys 2013-03-15 08:55:46 118824 ----a-r- c:\windows\system32\SilSupp.dll 2013-03-15 08:55:46 116264 ----a-r- c:\windows\system32\drivers\SI3112r.sys 2013-03-15 08:35:32 117248 ----a-r- c:\windows\system32\drivers\viamraid.sys 2013-03-15 08:18:56 27904 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS 2013-03-15 08:18:52 -------- d-----w- c:\windows\system32\ReinstallBackups 2013-03-15 08:18:29 306688 ----a-w- c:\windows\IsUninst.exe 2013-03-15 08:18:21 -------- d-----w- c:\documents and settings\matolis\WINDOWS 2013-03-15 08:15:05 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS . ==================== Find3M ==================== . 2013-03-15 16:35:09 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys 2013-03-15 16:35:08 24920 ----a-w- c:\windows\system32\drivers\klmouflt.sys 2013-03-15 16:35:08 24408 ----a-w- c:\windows\system32\drivers\klkbdflt.sys 2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-06 10:48:44 81920 ------w- c:\windows\system32\ieencode.dll 2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll 2013-02-05 20:05:46 43520 ------w- c:\windows\system32\licmgr10.dll 2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-02-05 05:53:57 385024 ------w- c:\windows\system32\html.iec 2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax 2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll . ============= FINISH: 9:26:17.46 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 3/15/2013 2:16:14 AM System Uptime: 3/31/2013 4:44:32 AM (5 hours ago) . Motherboard: ASUSTeK Computer Inc. | | K8V Processor: AMD Athlon™ 64 Processor 3200+ | Socket 754 | 2002/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 932 GiB total, 842.117 GiB free. D: is CDROM () E: is FIXED (NTFS) - 75 GiB total, 73.998 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318} Description: AMD High Definition Audio Device Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&2D021E0F&0&0001 Manufacturer: Advanced Micro Devices Name: AMD High Definition Audio Device PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&2D021E0F&0&0001 Service: AtiHDAudioService . Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318} Description: VIA RAID Controller - 3149 Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_80ED1043&REV_80\3&267A616A&0&78 Manufacturer: VIA Technologies, Inc. Name: VIA RAID Controller - 3149 PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_80ED1043&REV_80\3&267A616A&0&78 Service: viamraid . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Ad-Aware Antivirus Ad-Aware Security Add-on Adobe Flash Player 11 ActiveX Adobe Reader XI (11.0.02) AMD Catalyst Install Manager Apple Application Support Apple Software Update Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Creative Audio Control Panel Creative Console Launcher Creative Software AutoUpdate Creative System Information Creative WaveStudio 7 DARK VOID Dragon Age: Origins Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB954550-v5) Kaspersky Internet Security 2013 Malwarebytes Anti-Malware version 1.70.0.1100 Mass Effect Mass Effect 2 Mass Effect™ 3 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Flight Simulator X Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK NVIDIA PhysX OpenAL Origin QuickTime Razer redist Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB2809289) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows XP (KB923789) Sound Blaster X-Fi Two Worlds Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows Internet Explorer 8 (KB2632503) WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 . ==== Event Viewer Messages From Past Week ======== . 3/25/2013 8:13:41 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect. 3/25/2013 8:13:41 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/25/2013 6:35:13 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect. 3/25/2013 6:35:13 AM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/25/2013 12:56:20 PM, error: Application Popup [877] - There was error [DATABASE OPEN FAILED] processing the driver database. . ==== End Of File =========================== CheckResults.txt
  13. I am using Malwarebytes Anti-malware PRO with the latest defintions and my "Enable malicious website blocking" feature randomly disables itself when I am online(though never when I'm offline) Also I cannot check the "Enable malicious website blocking" box when this happens. Only when I reboot does the feature become re-enabled again. I have no way of telling if I have some kind of virus or malware or not. It happens randomly but only when I'm online. Have repartitioned, reformatted my hard drive numourous times and reinstalled windows, even put a new array of hard disks in and reinstalled Windows XP Pro SP3 but the problem persists. Have done numourous scans with Kaspersky 2013 and Malwarebytes Anti-malware software as well as Malwarebytes rootkit beta software and come up with a "clean bill of health" yet the problem persists. Please someone help me determine what the problem is and if it -is- or is -not- a virus or malware. I am sick of this happening.
  14. made the mistake of replying to my own topic, I feel I am not getting responded to, am going to try tech support directly, will begin a new topic if my problem persists, sorry and thank you. Cut me some slack, I am new to these formums, disreguard this and close this topic, thank you and sorry, my mistake.
  15. many things have happened to my computer since I did a clean install. *was unable to delete a partition(my D drive had a partition I wanted to delete because I had WD Acronis installed and had transferred my partition to my (current) c drive. *malwarebytes anti-malware would not let me enable "website blocking" and would inadvertantly turn off when I was able to enable it. *Kaspersky wouldn't update after I ran windows update(I always update it and run a virus scan before rebooting to scan new updates for viruses/imalware) *Malwarebytes anti-malware refused to load after windows update and installing internet explorer 8 *when I rebooted after installing internet explorer 8, windows hung on my desktop with no icons and and a message on the left top corner of the screen said "loading personal settings" when I haven't set up internet explorer. the only user on my PC is me and no one else! computer is slow to on start up and Kaspersky takes 2 or more minutes to load into task bar. *Malwarebytes anti-malware is slow to start when I want to open it to do a manual scan *computer generally slow, internet explorer 8 slow to open, takes nearly a minute for browser to pop up. *windows update site slow to load. Sorry! First time on this forum, I misinterpeted the instructions, only human. I'll post the dds and attach.txt here: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by matolis at 11:28:13 on 2013-03-08 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1398 [GMT -6:00] . AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *Enabled* . ============== Running Processes ================ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\WINDOWS\CTHELPER.EXE C:\WINDOWS\system32\CTXFIHLP.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\SYSTEM32\CTXFISPI.EXE d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService . ============== Pseudo HJT Report =============== . uStart Page = about:blank BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll mRun: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack mRun: [startCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [CTHelper] CTHELPER.EXE mRun: [updReg] c:\windows\UpdReg.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:28 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1362745571437 Notify: AtiExtEvent - Ati2evxx.dll Notify: klogon - c:\windows\system32\klogon.dll . ============= SERVICES / DRIVERS =============== . R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2012-6-19 136024] R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2013-3-7 116264] R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2013-3-7 77056] R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [2013-3-7 83392] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2013-3-8 586584] R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 43608] R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344] R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 356376] R2 MBAMScheduler;MBAMScheduler;d:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-3-8 398184] R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-8 682344] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2013-3-8 99856] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2012-6-27 35672] R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-10-25 24408] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-10-25 24920] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-8 21104] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2013-3-8 79360] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792] . =============== Created Last 30 ================ . 2013-03-08 16:26:20 -------- d-----w- c:\windows\system32\XPSViewer 2013-03-08 16:25:55 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2013-03-08 16:25:55 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2013-03-08 16:25:55 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2013-03-08 16:25:55 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2013-03-08 16:25:55 575488 ------w- c:\windows\system32\xpsshhdr.dll 2013-03-08 16:25:55 117760 ------w- c:\windows\system32\prntvpt.dll 2013-03-08 16:25:54 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2013-03-08 16:25:54 1676288 ------w- c:\windows\system32\xpssvcs.dll 2013-03-08 14:09:50 -------- d-sh--w- c:\documents and settings\matolis\IECompatCache 2013-03-08 13:52:48 -------- d-sh--w- c:\documents and settings\matolis\PrivacIE 2013-03-08 13:46:11 -------- d-sh--w- c:\documents and settings\matolis\IETldCache 2013-03-08 13:04:39 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll 2013-03-08 13:04:13 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2013-03-08 13:03:55 -------- d-----w- c:\windows\ie8updates 2013-03-08 13:03:49 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2013-03-08 13:03:49 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2013-03-08 13:03:49 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2013-03-08 13:03:49 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2013-03-08 13:03:49 2004992 -c----w- c:\windows\system32\dllcache\iertutil.dll 2013-03-08 13:03:49 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2013-03-08 13:03:49 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll 2013-03-08 13:03:09 -------- dc-h--w- c:\windows\ie8 2013-03-08 12:41:13 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2013-03-08 12:41:13 3072 ------w- c:\windows\system32\iacenc.dll 2013-03-08 12:39:41 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2013-03-08 12:33:11 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2013-03-08 12:33:10 2193024 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2013-03-08 12:33:10 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2013-03-08 12:33:05 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2013-03-08 12:32:32 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2013-03-08 12:32:32 272128 ------w- c:\windows\system32\drivers\bthport.sys 2013-03-08 12:31:35 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2013-03-08 12:31:35 -------- d-----w- c:\windows\system32\PreInstall 2013-03-08 12:31:33 -------- d--h--w- c:\windows\$hf_mig$ 2013-03-08 12:26:08 -------- d-sh--w- c:\documents and settings\matolis\UserData 2013-03-08 12:12:34 -------- d-----w- c:\windows\system32\SoftwareDistribution 2013-03-08 11:00:41 -------- d-----w- c:\documents and settings\matolis\application data\Malwarebytes 2013-03-08 11:00:28 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2013-03-08 11:00:27 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-08 10:32:07 -------- d-----w- c:\program files\Kaspersky Lab 2013-03-08 10:32:07 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab 2013-03-08 10:32:01 74072 ----a-w- c:\windows\system32\drivers\klflt.sys 2013-03-08 10:19:48 102400 ----a-w- c:\windows\system32\cttele32.dll 2013-03-08 10:19:43 -------- d-----w- c:\program files\OpenAL 2013-03-08 10:16:59 22691984 ----a-w- c:\windows\system32\AppSetup.exe 2013-03-08 10:16:24 -------- d-----w- c:\program files\common files\Creative Labs Shared 2013-03-08 10:06:37 7062 ----a-w- c:\windows\system32\audiopid.vxd 2013-03-08 10:06:27 647872 ------w- c:\windows\system32\Mscomct2.ocx 2013-03-08 10:06:27 41984 ------w- c:\windows\Ctregrun.exe 2013-03-08 10:06:11 90112 ------w- c:\windows\Updreg.EXE 2013-03-08 10:05:42 445016 ----a-w- c:\windows\system32\wrap_oal.dll 2013-03-08 10:05:42 109144 ----a-w- c:\windows\system32\OpenAL32.dll 2013-03-08 10:05:12 10240 ----a-w- c:\windows\CTDCRES.DLL 2013-03-08 10:05:12 -------- d-----w- c:\windows\system32\Data 2013-03-08 10:04:53 -------- d-----w- c:\program files\Creative 2013-03-08 10:03:55 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll 2013-03-08 10:03:55 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll 2013-03-08 10:03:55 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe 2013-03-08 10:03:55 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll 2013-03-08 10:03:55 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll 2013-03-08 10:03:55 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll 2013-03-08 10:03:54 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll 2013-03-08 10:03:54 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll 2013-03-08 09:53:42 -------- d-----w- c:\documents and settings\matolis\local settings\application data\ATI 2013-03-08 09:52:04 6272 -c--a-w- c:\windows\system32\dllcache\splitter.sys 2013-03-08 09:52:04 6272 ----a-w- c:\windows\system32\drivers\splitter.sys 2013-03-08 09:52:03 83072 -c--a-w- c:\windows\system32\dllcache\wdmaud.sys 2013-03-08 09:52:03 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys 2013-03-08 09:52:02 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys 2013-03-08 09:52:02 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys 2013-03-08 09:52:01 56576 -c--a-w- c:\windows\system32\dllcache\swmidi.sys 2013-03-08 09:52:01 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys 2013-03-08 09:52:00 142592 -c--a-w- c:\windows\system32\dllcache\aec.sys 2013-03-08 09:52:00 142592 ----a-w- c:\windows\system32\drivers\aec.sys 2013-03-08 09:34:46 -------- d-----w- c:\documents and settings\matolis\local settings\application data\ApplicationHistory 2013-03-08 09:34:09 -------- d-----w- c:\windows\system32\URTTemp 2013-03-08 09:19:54 -------- d-----w- c:\windows\system32\appmgmt 2013-03-08 05:04:55 83392 ----a-w- c:\windows\system32\drivers\vsflt53.sys 2013-03-08 05:04:55 601408 ----a-w- c:\windows\system32\drivers\timntr.sys 2013-03-08 05:04:55 125472 ----a-w- c:\windows\system32\drivers\vididr.sys 2013-03-08 05:01:54 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys 2013-03-08 05:00:18 77056 ----a-r- c:\windows\system32\drivers\viasraid.sys . ==================== Find3M ==================== . 2013-03-08 11:25:46 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys 2013-03-08 09:51:44 0 ----a-w- c:\windows\ativpsrm.bin 2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll 2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax 2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll 2012-12-27 10:24:19 81920 ------w- c:\windows\system32\ieencode.dll 2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll 2012-12-26 20:16:28 43520 ------w- c:\windows\system32\licmgr10.dll 2012-12-26 20:16:28 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-12-24 06:40:59 385024 ------w- c:\windows\system32\html.iec 2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: SiI_____ rev.1100 -> Harddisk1\DR1 -> \Device\Scsi\UlSata1Port2Path0Target0Lun0 . device: opened successfully user: MBR read successfully . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys vsflt53.sys hal.dll SCSIPORT.SYS SI3112r.sys c:\windows\system32\drivers\vsflt53.sys Acronis Acronis Virtual Disk c:\windows\system32\drivers\SI3112r.sys Silicon Image, Inc Medley 1 ntkrnlpa!IofCallDriver[0x804EE190] -> \Device\Harddisk1\DR1[0x8A603AB8] 3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EE190] -> [0x8A693648] 5 vsflt53[0xB9F60C2B] -> ntkrnlpa!IofCallDriver[0x804EE190] -> \Device\Scsi\SI3112r1Port3Path0Target0Lun0[0x8A637A38] kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } user != kernel MBR !!! sectors 586088446 (+255): user != kernel . ============= FINISH: 11:29:01.10 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 3/7/2013 10:46:52 PM System Uptime: 3/8/2013 11:17:26 AM (0 hours ago) . Motherboard: ASUSTeK Computer Inc. | | K8V Processor: AMD Athlon 64 Processor 3200+ | Socket 754 | 2002/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 279 GiB total, 272.893 GiB free. D: is FIXED (NTFS) - 932 GiB total, 930.62 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . AMD Catalyst Install Manager Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Creative Audio Control Panel Creative Console Launcher Creative Software AutoUpdate Creative System Information Creative WaveStudio 7 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Kaspersky Internet Security 2013 Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 OpenAL Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB2792100) Security Update for Windows Internet Explorer 8 (KB2797052) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219-v2) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135-v2) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2757638) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2778344) Security Update for Windows XP (KB2780091) Security Update for Windows XP (KB2792100) Security Update for Windows XP (KB2797052) Security Update for Windows XP (KB2799494) Security Update for Windows XP (KB2802968) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) Sound Blaster X-Fi Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB973815) WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 . ==== Event Viewer Messages From Past Week ======== . 3/8/2013 4:05:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file a3d.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 80.0.0.3, the version of the system file is 2.9.0.0. 3/7/2013 11:52:59 PM, error: Distributed Link Tracking Client [12507] - The volume ID for D: has been reset, since it was a duplicate of that on C:. This volume ID is used by Distributed Link Tracking to automatically repair file links, such as Shell Shortcuts and OLE links, when for some reason those links become broken. . ==== End Of File =========================== attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.