Jump to content

arkhaan

Members
  • Posts

    67
  • Joined

  • Last visited

Posts posted by arkhaan

  1. MiniToolBox by Farbar  Version: 16-06-2013
    Ran by matt (administrator) on 20-06-2013 at 23:57:49
    Running from "C:\Users\matt\Desktop"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ***************************************************************************

    ========================= Flush DNS: ===================================

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    "Reset IE Proxy Settings": IE Proxy Settings were reset.

    ========================= FF Proxy Settings: ==============================


    "Reset FF Proxy Settings": Firefox Proxy settings were reset.

    ========================= Hosts content: =================================



    ========================= IP Configuration: ================================

    Realtek PCIe GBE Family Controller = Local Area Connection (Connected)


    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4

    reset
    set global icmpredirects=enabled


    popd
    # End of IPv4 configuration



    Windows IP Configuration

       Host Name . . . . . . . . . . . . : matt-PC
       Primary Dns Suffix  . . . . . . . :
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : gateway.2wire.net

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . : gateway.2wire.net
       Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
       Physical Address. . . . . . . . . : 50-E5-49-31-1C-16
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::8dee:7624:35b8:2a4a%11(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.1.69(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Thursday, June 20, 2013 11:54:04 PM
       Lease Expires . . . . . . . . . . : Friday, June 21, 2013 11:54:04 PM
       Default Gateway . . . . . . . . . : 192.168.1.254
       DHCP Server . . . . . . . . . . . : 192.168.1.254
       DHCPv6 IAID . . . . . . . . . . . : 240182601
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-45-CF-9A-50-E5-49-31-1C-16
       DNS Servers . . . . . . . . . . . : 192.168.1.254
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.gateway.2wire.net:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : gateway.2wire.net
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:287d:1619:9c9b:bba(Preferred)
       Link-local IPv6 Address . . . . . : fe80::287d:1619:9c9b:bba%13(Preferred)
       Default Gateway . . . . . . . . . : ::
       NetBIOS over Tcpip. . . . . . . . : Disabled
    Server:  home
    Address:  192.168.1.254

    Name:    google.com
    Addresses:  2001:4860:4002:802::1008
          74.125.227.4
          74.125.227.5
          74.125.227.6
          74.125.227.7
          74.125.227.8
          74.125.227.9
          74.125.227.14
          74.125.227.0
          74.125.227.1
          74.125.227.2
          74.125.227.3


    Pinging google.com [74.125.227.131] with 32 bytes of data:
    Reply from 74.125.227.131: bytes=32 time=33ms TTL=54
    Reply from 74.125.227.131: bytes=32 time=32ms TTL=54

    Ping statistics for 74.125.227.131:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 32ms, Maximum = 33ms, Average = 32ms
    Server:  home
    Address:  192.168.1.254

    Name:    yahoo.com
    Addresses:  206.190.36.45
          98.138.253.109
          98.139.183.24


    Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
    Reply from 98.139.183.24: bytes=32 time=106ms TTL=43
    Reply from 98.139.183.24: bytes=32 time=105ms TTL=43

    Ping statistics for 98.139.183.24:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 105ms, Maximum = 106ms, Average = 105ms

    Pinging 127.0.0.1 with 32 bytes of data:
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Ping statistics for 127.0.0.1:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 0ms, Average = 0ms
    ===========================================================================
    Interface List
     11...50 e5 49 31 1c 16 ......Realtek PCIe GBE Family Controller
      1...........................Software Loopback Interface 1
     12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
     13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.69     20
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
          192.168.1.0    255.255.255.0         On-link      192.168.1.69    276
         192.168.1.69  255.255.255.255         On-link      192.168.1.69    276
        192.168.1.255  255.255.255.255         On-link      192.168.1.69    276
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link      192.168.1.69    276
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link      192.168.1.69    276
    ===========================================================================
    Persistent Routes:
      None

    IPv6 Route Table
    ===========================================================================
    Active Routes:
     If Metric Network Destination      Gateway
     13     58 ::/0                     On-link
      1    306 ::1/128                  On-link
     13     58 2001::/32                On-link
     13    306 2001:0:9d38:6ab8:287d:1619:9c9b:bba/128
                                        On-link
     11    276 fe80::/64                On-link
     13    306 fe80::/64                On-link
     13    306 fe80::287d:1619:9c9b:bba/128
                                        On-link
     11    276 fe80::8dee:7624:35b8:2a4a/128
                                        On-link
      1    306 ff00::/8                 On-link
     13    306 ff00::/8                 On-link
     11    276 ff00::/8                 On-link
    ===========================================================================
    Persistent Routes:
      None
    ========================= Winsock entries =====================================

    Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
    Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
    Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
    Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
    x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
    x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
    x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
    x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
    x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (06/20/2013 11:55:10 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/20/2013 11:41:22 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/20/2013 11:12:51 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/20/2013 11:08:20 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/20/2013 05:41:17 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/20/2013 04:09:23 PM) (Source: Application Error) (User: )
    Description: Faulting application name: avp.exe, version: 13.0.1.4210, time stamp: 0x509157b4
    Faulting module name: ushata.dll, version: 13.0.1.4313, time stamp: 0x51ac5a4e
    Exception code: 0xc0000005
    Fault offset: 0x000010cc
    Faulting process id: 0x5e4
    Faulting application start time: 0xavp.exe0
    Faulting application path: avp.exe1
    Faulting module path: avp.exe2
    Report Id: avp.exe3

    Error: (06/19/2013 11:09:25 AM) (Source: Customer Experience Improvement Program) (User: )
    Description: 80004005

    Error: (06/19/2013 05:11:20 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/18/2013 06:55:11 PM) (Source: Customer Experience Improvement Program) (User: )
    Description: 80004005

    Error: (06/16/2013 11:47:15 PM) (Source: Customer Experience Improvement Program) (User: )
    Description: 80004005


    System errors:
    =============
    Error: (06/20/2013 11:51:36 PM) (Source: DCOM) (User: )
    Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

    Error: (06/20/2013 11:37:49 PM) (Source: DCOM) (User: )
    Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

    Error: (06/20/2013 11:09:21 PM) (Source: DCOM) (User: )
    Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

    Error: (06/20/2013 11:04:43 PM) (Source: DCOM) (User: )
    Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

    Error: (06/20/2013 05:37:47 PM) (Source: DCOM) (User: )
    Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

    Error: (06/20/2013 04:09:37 PM) (Source: Service Control Manager) (User: )
    Description: The Kaspersky Anti-Virus Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (06/19/2013 02:29:47 AM) (Source: DCOM) (User: )
    Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

    Error: (06/14/2013 10:44:47 PM) (Source: DCOM) (User: )
    Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

    Error: (06/14/2013 03:13:14 AM) (Source: DCOM) (User: )
    Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

    Error: (06/14/2013 02:00:06 AM) (Source: Service Control Manager) (User: )
    Description: The Kaspersky Anti-Virus Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


    Microsoft Office Sessions:
    =========================
    Error: (06/20/2013 11:55:10 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/20/2013 11:41:22 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/20/2013 11:12:51 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/20/2013 11:08:20 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/20/2013 05:41:17 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/20/2013 04:09:23 PM) (Source: Application Error)(User: )
    Description: avp.exe13.0.1.4210509157b4ushata.dll13.0.1.431351ac5a4ec0000005000010cc5e401ce6cd51d0ace39C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ushata.dllade12db2-d9ed-11e2-8f3f-50e549311c16

    Error: (06/19/2013 11:09:25 AM) (Source: Customer Experience Improvement Program)(User: )
    Description: 80004005

    Error: (06/19/2013 05:11:20 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/18/2013 06:55:11 PM) (Source: Customer Experience Improvement Program)(User: )
    Description: 80004005

    Error: (06/16/2013 11:47:15 PM) (Source: Customer Experience Improvement Program)(User: )
    Description: 80004005


    CodeIntegrity Errors:
    ===================================
      Date: 2013-06-20 20:55:08.965
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

      Date: 2013-06-20 20:55:08.965
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

      Date: 2013-06-20 20:55:08.965
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

      Date: 2013-06-20 19:38:16.653
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

      Date: 2013-06-20 19:38:16.651
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

      Date: 2013-06-20 19:38:16.650
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

      Date: 2013-06-20 19:37:14.023
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

      Date: 2013-06-20 19:37:14.022
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

      Date: 2013-06-20 19:37:14.020
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

      Date: 2013-06-20 18:20:30.012
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


    =========================== Installed Programs ============================

    Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
    ATI Catalyst Install Manager (Version: 3.0.741.0)
    ATI Problem Report Wizard (Version: 3.0.741.0)
    HydraVision (Version: 4.2.114.0)
    Intel® Control Center (Version: 1.2.1.1007)
    Intel® Management Engine Components (Version: 7.0.0.1118)
    Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
    Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
    Mozilla Maintenance Service (Version: 21.0)
    ON_OFF Charge B11.0110.1 (Version: 1.00.0001)
    Quest for Glory Collection Series  (Version: )
    Quest for Glory V: Dragon Fire  (Version: )
    Realtek Ethernet Controller Driver (Version: 7.36.1224.2010)
    Realtek High Definition Audio Driver (Version: 6.0.1.6282)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)

    ========================= Devices: ================================

    Name: Deskjet 1000 J110 series
    Description: Deskjet 1000 J110 series
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ========================= Memory info: ===================================

    Percentage of memory in use: 24%
    Total physical RAM: 4079.43 MB
    Available physical RAM: 3077.53 MB
    Total Pagefile: 8157.04 MB
    Available Pagefile: 7047.05 MB
    Total Virtual: 4095.88 MB
    Available Virtual: 3975.08 MB

    ========================= Partitions: =====================================

    1 Drive c: () (Fixed) (Total:931.41 GB) (Free:897.7 GB) NTFS

    ========================= Users: ========================================

    User accounts for \\MATT-PC

    Administrator            Guest                    matt                     

    ========================= Minidump Files ==================================

    No minidump file found


    **** End of log ****
     

  2. DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16611
    Run by matt at 23:15:17 on 2013-06-20
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4079.2830 [GMT -5:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\TiltWheelMouse.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    \\?\C:\Windows\system32\wbem\WMIADAP.EXE
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .

    mStart Page = about:blank
    mWinlogon: Userinit = userinit.exe
    mRun: [search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{63383C24-CC47-4520-BCF7-B67D0F9970F6} : DHCPNameServer = 192.168.1.254
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = about:blank
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [MouseDriver] TiltWheelMouse.exe
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\rjn5xfxo.default\
    FF - prefs.js: browser.search.selectedEngine - SecureSearch


    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
    FF - ExtSQL: 2013-06-09 01:37; anti_banner@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
    FF - ExtSQL: 2013-06-09 01:37; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
    FF - ExtSQL: 2013-06-09 01:37; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
    FF - ExtSQL: 2013-06-09 01:37; online_banking@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
    FF - ExtSQL: 2013-06-09 01:37; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-6-19 14456]
    R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-6-9 21104]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
    R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-6-9 2655768]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-6-9 412264]
    R3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-9 418376]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-9 701512]
    S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-9 25928]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-9 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-9 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-6-9 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-9 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-06-20 22:24:40    --------    d-----w-    C:\Users\matt\AppData\Local\Diagnostics
    2013-06-20 02:58:49    --------    d-----w-    C:\Users\matt\AppData\Roaming\LavasoftStatistics
    2013-06-20 02:57:48    --------    d-----w-    C:\ProgramData\Downloaded Installations
    2013-06-20 02:55:53    14456    ----a-w-    C:\Windows\System32\drivers\gfibto.sys
    2013-06-18 23:34:17    9552976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{19951DBB-65DE-4A09-B864-2B0E919F3F5B}\mpengine.dll
    2013-06-17 08:03:34    --------    d-----w-    C:\Games
    2013-06-17 07:48:50    --------    d-----w-    C:\qfgcd
    2013-06-15 02:52:23    --------    d-----w-    C:\U2M
    2013-06-13 03:47:16    --------    d-----w-    C:\Program Files (x86)\DOSBox-0.74
    2013-06-13 03:45:54    --------    d-----w-    C:\Users\matt\AppData\Local\DOSBox
    2013-06-12 04:50:44    --------    d-----w-    C:\Users\matt\AppData\Local\Macromedia
    2013-06-12 04:50:03    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-12 04:50:03    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-06-12 04:49:36    --------    d-----w-    C:\Users\matt\AppData\Local\Adobe
    2013-06-12 00:03:22    --------    d-----w-    C:\Sierra
    2013-06-11 22:17:43    279040    ----a-w-    C:\Program Files\Internet Explorer\sqmapi.dll
    2013-06-11 22:16:36    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
    2013-06-09 23:38:18    3072    ----a-w-    C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
    2013-06-09 23:37:36    --------    d-----w-    C:\Windows\SysWow64\Wat
    2013-06-09 23:37:35    --------    d-----w-    C:\Windows\System32\Wat
    2013-06-09 11:35:02    9728    ----a-w-    C:\Windows\System32\Wdfres.dll
    2013-06-09 11:35:02    785512    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
    2013-06-09 11:35:02    54376    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys
    2013-06-09 11:35:02    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2013-06-09 11:08:29    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-06-09 11:02:22    70656    ----a-w-    C:\Windows\SysWow64\fontsub.dll
    2013-06-09 11:02:22    46080    ----a-w-    C:\Windows\System32\atmlib.dll
    2013-06-09 11:02:22    367616    ----a-w-    C:\Windows\System32\atmfd.dll
    2013-06-09 11:02:22    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
    2013-06-09 11:02:22    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
    2013-06-09 11:02:22    100864    ----a-w-    C:\Windows\System32\fontsub.dll
    2013-06-09 11:01:58    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
    2013-06-09 11:01:58    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
    2013-06-09 11:01:57    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
    2013-06-09 11:01:57    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
    2013-06-09 11:01:57    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
    2013-06-09 11:01:57    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
    2013-06-09 11:01:57    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
    2013-06-09 11:00:42    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
    2013-06-09 11:00:42    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
    2013-06-09 11:00:42    5120    ----a-w-    C:\Windows\System32\wmi.dll
    2013-06-09 11:00:42    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
    2013-06-09 11:00:42    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
    2013-06-09 08:36:20    --------    d-----w-    C:\Windows\panther
    2013-06-09 08:31:53    163504    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
    2013-06-09 08:17:43    9460464    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2013-06-09 07:49:59    2048    ----a-w-    C:\Windows\SysWow64\user.exe
    2013-06-09 07:48:57    950128    ----a-w-    C:\Windows\System32\drivers\ndis.sys
    2013-06-09 07:48:57    41472    ----a-w-    C:\Windows\System32\drivers\RNDISMP.sys
    2013-06-09 07:48:56    634880    ----a-w-    C:\Windows\System32\msvcrt.dll
    2013-06-09 07:48:55    690688    ----a-w-    C:\Windows\SysWow64\msvcrt.dll
    2013-06-09 07:48:54    75120    ----a-w-    C:\Windows\System32\drivers\partmgr.sys
    2013-06-09 07:48:54    478208    ----a-w-    C:\Windows\System32\dpnet.dll
    2013-06-09 07:48:54    376832    ----a-w-    C:\Windows\SysWow64\dpnet.dll
    2013-06-09 07:48:53    515584    ----a-w-    C:\Windows\System32\timedate.cpl
    2013-06-09 07:48:53    478720    ----a-w-    C:\Windows\SysWow64\timedate.cpl
    2013-06-09 07:48:52    267776    ----a-w-    C:\Windows\System32\FXSCOVER.exe
    2013-06-09 07:40:34    77312    ----a-w-    C:\Windows\System32\packager.dll
    2013-06-09 07:40:34    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
    2013-06-09 06:52:40    0    ----a-w-    C:\Windows\ativpsrm.bin
    2013-06-09 06:30:41    826880    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
    2013-06-09 06:30:41    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
    2013-06-09 06:30:41    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
    2013-06-09 06:27:18    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
    2013-06-09 06:27:11    99840    ----a-w-    C:\Windows\System32\wudriver.dll
    2013-06-09 06:27:01    36864    ----a-w-    C:\Windows\System32\wuapp.exe
    2013-06-09 06:27:01    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
    2013-06-09 06:14:41    --------    d-----w-    C:\Users\matt\AppData\Roaming\Malwarebytes
    2013-06-09 06:14:25    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
    2013-06-09 06:14:25    --------    d-----w-    C:\ProgramData\Malwarebytes
    2013-06-09 06:14:25    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-06-09 06:14:13    --------    d-----w-    C:\Users\matt\AppData\Local\Programs
    2013-06-09 05:55:45    --------    d-----w-    C:\Program Files (x86)\ATI Technologies
    2013-06-09 05:55:15    --------    d-sh--w-    C:\Windows\Installer
    2013-06-09 05:54:46    --------    d-----w-    C:\Program Files\ATI Technologies
    2013-06-09 05:54:44    --------    d-----w-    C:\Program Files\ATI
    2013-06-09 05:48:29    --------    d-----w-    C:\Windows\SysWow64\RTCOM
    2013-06-09 05:48:29    --------    d-----w-    C:\Program Files\Realtek
    2013-06-09 05:48:23    412264    ----a-w-    C:\Windows\System32\drivers\Rt64win7.sys
    2013-06-09 05:48:22    74344    ----a-w-    C:\Windows\System32\RtNicProp64.dll
    2013-06-09 05:48:22    107624    ----a-w-    C:\Windows\System32\RTNUninst64.dll
    2013-06-09 05:48:19    2578576    ----a-w-    C:\Windows\System32\WavesGUILib.dll
    2013-06-09 05:48:04    155888    ----a-w-    C:\Windows\System32\SRSWOW64.dll
    2013-06-09 05:48:03    518896    ----a-w-    C:\Windows\System32\SRSTSX64.dll
    2013-06-09 05:48:02    332392    ----a-w-    C:\Windows\System32\RtlCPAPI64.dll
    2013-06-09 05:48:02    211184    ----a-w-    C:\Windows\System32\SRSTSH64.dll
    2013-06-09 05:48:02    198896    ----a-w-    C:\Windows\System32\SRSHP64.dll
    .
    ==================== Find3M  ====================
    .
    2013-06-09 11:08:29    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-06-08 12:28:46    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
    2013-06-08 11:13:19    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
    2013-05-17 01:25:57    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
    2013-05-17 01:25:27    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
    2013-05-17 01:25:26    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
    2013-05-17 01:25:26    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
    2013-05-17 00:59:03    2241024    ----a-w-    C:\Windows\System32\wininet.dll
    2013-05-17 00:58:10    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
    2013-05-17 00:58:08    67072    ----a-w-    C:\Windows\System32\iesetup.dll
    2013-05-17 00:58:08    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
    2013-05-14 12:23:25    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
    2013-05-14 08:40:13    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
    2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
    2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
    2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
    2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
    2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
    2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
    2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
    2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
    2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
    2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
    2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
    2013-05-02 07:06:08    278800    ------w-    C:\Windows\System32\MpSigStub.exe
    2013-04-26 05:51:36    751104    ----a-w-    C:\Windows\System32\win32spl.dll
    2013-04-26 04:55:21    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
    2013-04-25 23:30:32    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
    2013-04-17 07:02:06    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
    2013-04-17 06:24:46    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
    2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
    2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
    2013-04-10 06:01:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
    2013-04-10 06:01:53    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
    2013-04-10 03:30:50    3153920    ----a-w-    C:\Windows\System32\win32k.sys
    2013-03-31 22:52:16    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
    .
    ============= FINISH: 23:15:22.10 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/9/2013 12:43:51 AM
    System Uptime: 6/20/2013 11:10:51 PM (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. |  | H61M-D2P-B3
    Processor: Intel® Core i3-2120 CPU @ 3.30GHz | Socket 1155 | 3300/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 897.696 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Deskjet 1000 J110 series
    Device ID: USB\VID_03F0&PID_8811&MI_01\7&1FE6B6EC&0&0001
    Manufacturer:
    Name: Deskjet 1000 J110 series
    PNP Device ID: USB\VID_03F0&PID_8811&MI_01\7&1FE6B6EC&0&0001
    Service:
    .
    ==== System Restore Points ===================
    .
    RP9: 6/9/2013 1:42:07 PM - Windows Update
    RP10: 6/9/2013 5:17:17 PM - Windows Update
    RP11: 6/9/2013 6:37:07 PM - Windows Update
    RP12: 6/11/2013 5:16:50 PM - Windows Update
    RP13: 6/12/2013 1:47:09 AM - Windows Update
    RP14: 6/18/2013 6:33:12 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 Plugin
    ATI Catalyst Install Manager
    ATI Problem Report Wizard
    HydraVision
    Intel® Control Center
    Intel® Management Engine Components
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 4 Client Profile
    Microsoft Visual C++ 2005 Redistributable (x64)
    Mozilla Firefox 21.0 (x86 en-US)
    Mozilla Maintenance Service
    ON_OFF Charge B11.0110.1
    Quest for Glory Collection Series
    Quest for Glory V: Dragon Fire
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/20/2013 4:09:37 PM, Error: Service Control Manager [7031]  - The Kaspersky Anti-Virus Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================

     

  3. Kaspersky runs erratically or stops running in the middle of session.  I am locked out of my adminster settings Windows Updater keeps changing settings to "notify me" then locks me out of changing it saying I need administer privalages when I -am- the administrator.  I think malware or a virus or some kind of trojen maybe involved but am unsure here are my stats.

     

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16611
    Run by matt at 20:10:20 on 2013-06-20
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4079.2849 [GMT -5:00]
    .
    AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
    SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
    FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
    FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\TiltWheelMouse.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    C:\ProgramData\Search Protection\SearchProtection.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .

    mStart Page = about:blank
    mWinlogon: Userinit = userinit.exe
    BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
    BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
    BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
    TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
    uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
    mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    mRun: [search Protection] C:\ProgramData\Search Protection\SearchProtection.exe
    mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{63383C24-CC47-4520-BCF7-B67D0F9970F6} : DHCPNameServer = 192.168.1.254
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = about:blank
    x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
    x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [MouseDriver] TiltWheelMouse.exe
    x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\rjn5xfxo.default\
    FF - prefs.js: browser.search.selectedEngine - SecureSearch


    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
    FF - ExtSQL: 2013-06-09 01:37; anti_banner@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
    FF - ExtSQL: 2013-06-09 01:37; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
    FF - ExtSQL: 2013-06-09 01:37; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
    FF - ExtSQL: 2013-06-09 01:37; online_banking@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
    FF - ExtSQL: 2013-06-09 01:37; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
    FF - ExtSQL: 2013-06-19 21:56; {87934c42-161d-45bc-8cef-ef18abe2a30c}; C:\Users\matt\AppData\Roaming\Mozilla\Firefox\Profiles\rjn5xfxo.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-6-19 14456]
    R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-6-9 21104]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
    R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54368]
    R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
    R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-3-18 1236336]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
    R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-6-9 2655768]
    R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-5-25 29016]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-7-25 29528]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-6-9 412264]
    R3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144]
    S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356376]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-9 418376]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-9 701512]
    S2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
    S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-9 25928]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-9 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-9 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-6-9 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-9 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-06-20 22:24:40    --------    d-----w-    C:\Users\matt\AppData\Local\Diagnostics
    2013-06-20 02:58:49    --------    d-----w-    C:\Users\matt\AppData\Roaming\LavasoftStatistics
    2013-06-20 02:58:49    --------    d-----w-    C:\ProgramData\Ad-Aware Antivirus
    2013-06-20 02:57:56    --------    d-----w-    C:\Program Files (x86)\Ad-Aware Antivirus
    2013-06-20 02:57:48    --------    d-----w-    C:\ProgramData\Downloaded Installations
    2013-06-20 02:57:23    --------    d-----w-    C:\ProgramData\Search Protection
    2013-06-20 02:57:22    --------    d-----w-    C:\Users\matt\AppData\Local\adawarebp
    2013-06-20 02:57:22    --------    d-----w-    C:\ProgramData\blekko toolbars
    2013-06-20 02:57:20    --------    d-----w-    C:\ProgramData\Ad-Aware Browsing Protection
    2013-06-20 02:56:45    --------    d-----w-    C:\Program Files (x86)\Toolbar Cleaner
    2013-06-20 02:56:39    --------    d-----w-    C:\Program Files (x86)\adawaretb
    2013-06-20 02:55:53    47496    ----a-w-    C:\Windows\System32\sbbd.exe
    2013-06-20 02:55:53    14456    ----a-w-    C:\Windows\System32\drivers\gfibto.sys
    2013-06-20 02:55:52    --------    d-----w-    C:\Users\matt\AppData\Roaming\Ad-Aware Antivirus
    2013-06-18 23:34:17    9552976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{19951DBB-65DE-4A09-B864-2B0E919F3F5B}\mpengine.dll
    2013-06-17 08:03:34    --------    d-----w-    C:\Games
    2013-06-17 07:48:50    --------    d-----w-    C:\qfgcd
    2013-06-15 02:52:23    --------    d-----w-    C:\U2M
    2013-06-13 03:47:16    --------    d-----w-    C:\Program Files (x86)\DOSBox-0.74
    2013-06-13 03:45:54    --------    d-----w-    C:\Users\matt\AppData\Local\DOSBox
    2013-06-12 04:50:44    --------    d-----w-    C:\Users\matt\AppData\Local\Macromedia
    2013-06-12 04:50:03    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-12 04:50:03    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-06-12 04:49:36    --------    d-----w-    C:\Users\matt\AppData\Local\Adobe
    2013-06-12 00:03:22    --------    d-----w-    C:\Sierra
    2013-06-11 22:17:43    279040    ----a-w-    C:\Program Files\Internet Explorer\sqmapi.dll
    2013-06-11 22:16:36    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
    2013-06-09 23:38:18    3072    ----a-w-    C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
    2013-06-09 23:37:36    --------    d-----w-    C:\Windows\SysWow64\Wat
    2013-06-09 23:37:35    --------    d-----w-    C:\Windows\System32\Wat
    2013-06-09 11:35:02    9728    ----a-w-    C:\Windows\System32\Wdfres.dll
    2013-06-09 11:35:02    785512    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
    2013-06-09 11:35:02    54376    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys
    2013-06-09 11:35:02    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2013-06-09 11:08:29    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-06-09 11:02:22    70656    ----a-w-    C:\Windows\SysWow64\fontsub.dll
    2013-06-09 11:02:22    46080    ----a-w-    C:\Windows\System32\atmlib.dll
    2013-06-09 11:02:22    367616    ----a-w-    C:\Windows\System32\atmfd.dll
    2013-06-09 11:02:22    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
    2013-06-09 11:02:22    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
    2013-06-09 11:02:22    100864    ----a-w-    C:\Windows\System32\fontsub.dll
    2013-06-09 11:01:58    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
    2013-06-09 11:01:58    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
    2013-06-09 11:01:57    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
    2013-06-09 11:01:57    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
    2013-06-09 11:01:57    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
    2013-06-09 11:01:57    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
    2013-06-09 11:01:57    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
    2013-06-09 11:00:42    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
    2013-06-09 11:00:42    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
    2013-06-09 11:00:42    5120    ----a-w-    C:\Windows\System32\wmi.dll
    2013-06-09 11:00:42    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
    2013-06-09 11:00:42    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
    2013-06-09 08:36:20    --------    d-----w-    C:\Windows\panther
    2013-06-09 08:31:53    163504    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
    2013-06-09 08:17:43    9460464    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2013-06-09 07:49:59    2048    ----a-w-    C:\Windows\SysWow64\user.exe
    2013-06-09 07:48:57    950128    ----a-w-    C:\Windows\System32\drivers\ndis.sys
    2013-06-09 07:48:57    41472    ----a-w-    C:\Windows\System32\drivers\RNDISMP.sys
    2013-06-09 07:48:56    634880    ----a-w-    C:\Windows\System32\msvcrt.dll
    2013-06-09 07:48:55    690688    ----a-w-    C:\Windows\SysWow64\msvcrt.dll
    2013-06-09 07:48:54    75120    ----a-w-    C:\Windows\System32\drivers\partmgr.sys
    2013-06-09 07:48:54    478208    ----a-w-    C:\Windows\System32\dpnet.dll
    2013-06-09 07:48:54    376832    ----a-w-    C:\Windows\SysWow64\dpnet.dll
    2013-06-09 07:48:53    515584    ----a-w-    C:\Windows\System32\timedate.cpl
    2013-06-09 07:48:53    478720    ----a-w-    C:\Windows\SysWow64\timedate.cpl
    2013-06-09 07:48:52    267776    ----a-w-    C:\Windows\System32\FXSCOVER.exe
    2013-06-09 07:40:34    77312    ----a-w-    C:\Windows\System32\packager.dll
    2013-06-09 07:40:34    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
    2013-06-09 06:52:40    0    ----a-w-    C:\Windows\ativpsrm.bin
    2013-06-09 06:30:41    826880    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
    2013-06-09 06:30:41    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
    2013-06-09 06:30:41    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
    2013-06-09 06:27:18    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
    2013-06-09 06:27:11    99840    ----a-w-    C:\Windows\System32\wudriver.dll
    2013-06-09 06:27:01    36864    ----a-w-    C:\Windows\System32\wuapp.exe
    2013-06-09 06:27:01    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
    2013-06-09 06:14:41    --------    d-----w-    C:\Users\matt\AppData\Roaming\Malwarebytes
    2013-06-09 06:14:25    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
    2013-06-09 06:14:25    --------    d-----w-    C:\ProgramData\Malwarebytes
    2013-06-09 06:14:25    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-06-09 06:14:13    --------    d-----w-    C:\Users\matt\AppData\Local\Programs
    2013-06-09 06:00:45    64856    ----a-w-    C:\Windows\System32\klfphc.dll
    2013-06-09 06:00:33    --------    d-----w-    C:\Windows\ELAMBKUP
    2013-06-09 06:00:31    --------    d-----w-    C:\ProgramData\Kaspersky Lab
    2013-06-09 06:00:31    --------    d-----w-    C:\Program Files (x86)\Kaspersky Lab
    2013-06-09 06:00:27    90208    ----a-w-    C:\Windows\System32\drivers\klflt.sys
    2013-06-09 05:55:45    --------    d-----w-    C:\Program Files (x86)\ATI Technologies
    2013-06-09 05:55:15    --------    d-sh--w-    C:\Windows\Installer
    2013-06-09 05:54:46    --------    d-----w-    C:\Program Files\ATI Technologies
    2013-06-09 05:54:44    --------    d-----w-    C:\Program Files\ATI
    2013-06-09 05:48:29    --------    d-----w-    C:\Windows\SysWow64\RTCOM
    2013-06-09 05:48:29    --------    d-----w-    C:\Program Files\Realtek
    2013-06-09 05:48:23    412264    ----a-w-    C:\Windows\System32\drivers\Rt64win7.sys
    2013-06-09 05:48:22    74344    ----a-w-    C:\Windows\System32\RtNicProp64.dll
    2013-06-09 05:48:22    107624    ----a-w-    C:\Windows\System32\RTNUninst64.dll
    2013-06-09 05:48:19    2578576    ----a-w-    C:\Windows\System32\WavesGUILib.dll
    2013-06-09 05:48:04    155888    ----a-w-    C:\Windows\System32\SRSWOW64.dll
    2013-06-09 05:48:03    518896    ----a-w-    C:\Windows\System32\SRSTSX64.dll
    2013-06-09 05:48:02    332392    ----a-w-    C:\Windows\System32\RtlCPAPI64.dll
    2013-06-09 05:48:02    211184    ----a-w-    C:\Windows\System32\SRSTSH64.dll
    2013-06-09 05:48:02    198896    ----a-w-    C:\Windows\System32\SRSHP64.dll
    .
    ==================== Find3M  ====================
    .
    2013-06-18 23:15:28    54368    ----a-w-    C:\Windows\System32\drivers\kltdi.sys
    2013-06-09 11:08:29    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-06-09 06:37:29    178448    ----a-w-    C:\Windows\System32\drivers\kneps.sys
    2013-06-09 06:37:28    29528    ----a-w-    C:\Windows\System32\drivers\klmouflt.sys
    2013-06-09 06:37:28    29016    ----a-w-    C:\Windows\System32\drivers\klkbdflt.sys
    2013-06-08 12:28:46    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
    2013-06-08 11:13:19    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
    2013-05-17 01:25:57    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
    2013-05-17 01:25:27    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
    2013-05-17 01:25:26    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
    2013-05-17 01:25:26    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
    2013-05-17 00:59:03    2241024    ----a-w-    C:\Windows\System32\wininet.dll
    2013-05-17 00:58:10    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
    2013-05-17 00:58:08    67072    ----a-w-    C:\Windows\System32\iesetup.dll
    2013-05-17 00:58:08    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
    2013-05-14 12:23:25    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
    2013-05-14 08:40:13    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
    2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
    2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
    2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
    2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
    2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
    2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
    2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
    2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
    2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
    2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
    2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
    2013-05-02 07:06:08    278800    ------w-    C:\Windows\System32\MpSigStub.exe
    2013-04-26 05:51:36    751104    ----a-w-    C:\Windows\System32\win32spl.dll
    2013-04-26 04:55:21    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
    2013-04-25 23:30:32    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
    2013-04-17 07:02:06    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
    2013-04-17 06:24:46    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
    2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
    2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
    2013-04-10 06:01:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
    2013-04-10 06:01:53    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
    2013-04-10 03:30:50    3153920    ----a-w-    C:\Windows\System32\win32k.sys
    2013-03-31 22:52:16    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
    .
    ============= FINISH: 20:10:32.17 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/9/2013 12:43:51 AM
    System Uptime: 6/20/2013 5:39:18 PM (3 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. |  | H61M-D2P-B3
    Processor: Intel® Core i3-2120 CPU @ 3.30GHz | Socket 1155 | 3300/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 895.899 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Deskjet 1000 J110 series
    Device ID: USB\VID_03F0&PID_8811&MI_01\7&1FE6B6EC&0&0001
    Manufacturer:
    Name: Deskjet 1000 J110 series
    PNP Device ID: USB\VID_03F0&PID_8811&MI_01\7&1FE6B6EC&0&0001
    Service:
    .
    ==== System Restore Points ===================
    .
    RP9: 6/9/2013 1:42:07 PM - Windows Update
    RP10: 6/9/2013 5:17:17 PM - Windows Update
    RP11: 6/9/2013 6:37:07 PM - Windows Update
    RP12: 6/11/2013 5:16:50 PM - Windows Update
    RP13: 6/12/2013 1:47:09 AM - Windows Update
    RP14: 6/18/2013 6:33:12 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Ad-Aware Antivirus
    Ad-Aware Security Add-on
    Adobe Flash Player 11 Plugin
    ATI Catalyst Install Manager
    ATI Problem Report Wizard
    HydraVision
    Intel® Control Center
    Intel® Management Engine Components
    Kaspersky Internet Security 2013
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 4 Client Profile
    Microsoft Visual C++ 2005 Redistributable (x64)
    Mozilla Firefox 21.0 (x86 en-US)
    Mozilla Maintenance Service
    ON_OFF Charge B11.0110.1
    Quest for Glory Collection Series
    Quest for Glory V: Dragon Fire
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/20/2013 4:09:37 PM, Error: Service Control Manager [7031]  - The Kaspersky Anti-Virus Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================

     

  4. I have run combofix Uninstall and OTC however, when I rebooted I remained online and when I was back on the desktop, the mbam icon greyed out and it was inacessalble I can't even bring it up, will reboot again and hopefully mbam will be restored, this has happened to me before-something to do with icon sequencing, that is what I read in another forum. I will refer back to the forum you suggested- though I started a topic there originally and was referred here.

    Thank you kindly for your help in assuring I do not have any malware.

  5. ESETSmartInstaller@High as CAB hook log:

    OnlineScanner.ocx - registred OK

    # version=8

    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

    # OnlineScanner.ocx=1.0.0.6920

    # api_version=3.0.2

    # EOSSerial=809897f28ff30643bc58aabfa567badf

    # engine=13527

    # end=finished

    # remove_checked=false

    # archives_checked=true

    # unwanted_checked=true

    # unsafe_checked=true

    # antistealth_checked=true

    # utc_time=2013-04-02 03:12:23

    # local_time=2013-04-01 10:12:23 (-0600, Central Daylight Time)

    # country="United States"

    # lang=1033

    # osver=5.1.2600 NT Service Pack 3

    # compatibility_mode=1286 16777213 100 97 0 18691865 0 0

    # scanned=105944

    # found=0

    # cleaned=0

    # scan_time=2474

    the computer runs normally when Kaspersky and mbam aren't running together, it seems to be running those two programs together causes much of the slowdown on my PC, especially when I have "Enable malicious website blocking" enabled at the same time Kaspersky is enabled. However, I do not know why "Enable malicious website blocking" disables on its own without my intervention. So far it hasn't done so since beginning these diagnostic tests.

    Here's hoping...

  6. ComboFix 13-04-01.01 - matolis 04/01/2013 17:58:22.1.1 - x86

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1582 [GMT -5:00]

    Running from: c:\documents and settings\matolis\Desktop\ComboFix.exe

    AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

    AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

    FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

    FW: Lavasoft Ad-Aware *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\documents and settings\matolis\WINDOWS

    c:\windows\system32\URTTemp

    c:\windows\system32\URTTemp\fusion.dll

    c:\windows\system32\URTTemp\mscoree.dll

    c:\windows\system32\URTTemp\mscoree.dll.local

    c:\windows\system32\URTTemp\mscorsn.dll

    c:\windows\system32\URTTemp\mscorwks.dll

    c:\windows\system32\URTTemp\msvcr71.dll

    c:\windows\system32\URTTemp\regtlib.exe

    .

    .

    ((((((((((((((((((((((((( Files Created from 2013-03-01 to 2013-04-01 )))))))))))))))))))))))))))))))

    .

    .

    2013-03-29 07:02 . 2013-03-29 08:50 -------- d-----w- C:\Games

    2013-03-17 17:33 . 2013-03-17 17:33 -------- d-----w- C:\AMD

    2013-03-17 04:47 . 2013-03-17 04:47 -------- d-----w- C:\USBVaccine

    2013-03-16 03:54 . 2013-03-16 03:54 -------- d-----w- C:\70a2473e871645d7e4

    2013-03-15 14:25 . 2013-03-15 14:25 -------- d-----r- C:\acroldr

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2013-03-15 16:35 . 2012-06-08 17:38 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys

    2013-03-15 16:35 . 2012-07-25 20:53 24920 ----a-w- c:\windows\system32\drivers\klmouflt.sys

    2013-03-15 16:35 . 2012-05-26 01:38 24408 ----a-w- c:\windows\system32\drivers\klkbdflt.sys

    2013-02-12 00:32 . 2008-04-14 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys

    2013-02-06 10:48 . 2013-02-06 10:48 81920 ------w- c:\windows\system32\ieencode.dll

    2013-02-05 20:05 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

    2013-02-05 20:05 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

    2013-02-05 20:05 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

    2013-02-05 05:53 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec

    2013-01-26 03:55 . 2008-04-14 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll

    2013-01-07 01:16 . 2008-04-14 12:00 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe

    2013-01-07 00:36 . 2008-04-14 00:01 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe

    2013-01-04 01:20 . 2008-04-14 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys

    2013-01-02 06:49 . 2008-04-14 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax

    2013-01-02 06:49 . 2008-04-14 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

    "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2013-02-11 87464]

    .

    [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

    2013-02-11 10:47 87464 ----a-w- c:\program files\adawaretb\adawareDx.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2013-02-11 87464]

    .

    [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]

    "CTHelper"="CTHELPER.EXE" [2006-05-24 17920]

    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 98304]

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]

    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]

    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

    "CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]

    "razertra"="c:\program files\Razer\razertra.exe" [2004-02-26 208896]

    "Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    "Z1"="e:\mbar\mbar.exe" [2013-04-01 1363016]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableLinkedConnections"= 1 (0x1)

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

    @="Ad-Aware Service"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

    @="Service"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

    @="Service"

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

    "DisableMonitoring"=dword:00000001

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

    "c:\\Program Files\\adawaretb\\dtUser.exe"=

    "c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=

    "c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=

    "c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=

    "c:\\Games\\Reality Pump\\Two Worlds\\TwoWorlds.exe"=

    "c:\\Games\\Reality Pump\\Two Worlds\\TwoWorlds_RADEON.exe"=

    "c:\\Games\\CAPCOM\\DARK VOID\\Launcher.exe"=

    "c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=

    "c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=

    "c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=

    "c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=

    "c:\\Program Files\\Origin Games\\Mass Effect 3\\Binaries\\Win32\\MassEffect3.exe"=

    .

    R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [3/15/2013 3:55 AM 116264]

    R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [6/8/2012 12:38 PM 43608]

    R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [8/13/2012 5:49 PM 144344]

    R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [2/21/2013 5:37 AM 1236336]

    R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [5/5/2010 9:23 PM 171096]

    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [5/5/2010 9:24 PM 1324120]

    R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [5/5/2010 9:23 PM 72792]

    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [6/27/2012 3:09 PM 35672]

    R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [5/25/2012 8:38 PM 24408]

    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [7/25/2012 3:53 PM 24920]

    R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [3/31/2013 6:29 AM 35144]

    S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [3/25/2013 2:39 AM 13560]

    S1 1502209drv;1502209drv;c:\windows\system32\drivers\1502209drv.sys [3/20/2013 10:43 PM 475736]

    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/15/2013 12:19 PM 682344]

    S2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [9/20/2012 5:39 AM 3677000]

    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [3/17/2013 12:35 PM 99856]

    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [3/21/2013 11:32 AM 79360]

    S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [5/5/2010 9:23 PM 171096]

    S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [5/5/2010 9:24 PM 1324120]

    S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [5/5/2010 9:23 PM 72792]

    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [3/25/2013 12:10 PM 25832]

    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/15/2013 12:19 PM 21104]

    .

    --- Other Services/Drivers In Memory ---

    .

    *NewlyCreated* - ASWMBR

    *NewlyCreated* - TRUESIGHT

    *Deregistered* - aswMBR

    *Deregistered* - TrueSight

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2013-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-21 02:05]

    .

    2013-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = about:blank

    mStart Page = about:blank

    TCP: DhcpNameServer = 192.168.1.254

    .

    - - - - ORPHANS REMOVED - - - -

    .

    SafeBoot-28238300.sys

    .

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2013-04-01 18:04

    Windows 5.1.2600 Service Pack 3 NTFS

    .

    scanning hidden processes ...

    .

    scanning hidden autostart entries ...

    .

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    CTxfiHlp = CTXFIHLP.EXE?

    .

    scanning hidden files ...

    .

    scan completed successfully

    hidden files: 0

    .

    **************************************************************************

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_USERS\S-1-5-21-329068152-706699826-682003330-1003\Software\SecuROM\License information*]

    "datasecu"=hex:0b,aa,0d,75,9d,5e,19,42,63,87,ce,40,38,16,64,96,03,a3,65,05,b2,

    51,63,05,37,37,1e,5f,94,d5,14,14,01,c4,3d,65,42,46,94,0c,86,f1,24,08,27,2a,\

    "rkeysecu"=hex:b4,44,1a,37,75,ae,19,c5,64,52,18,43,bf,08,e5,51

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    .

    - - - - - - - > 'winlogon.exe'(1040)

    c:\windows\system32\Ati2evxx.dll

    c:\windows\system32\atiadlxx.dll

    .

    Completion time: 2013-04-01 18:05:45

    ComboFix-quarantined-files.txt 2013-04-01 23:05

    .

    Pre-Run: 904,002,850,816 bytes free

    Post-Run: 904,048,906,240 bytes free

    .

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    UnsupportedDebug="do not select this" /debug

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    .

    - - End Of File - - F2D599EB9E0AFFB11C1E8DFB1A2C4797

  7. aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

    Run date: 2013-04-01 16:15:23

    -----------------------------

    16:15:23.093 OS Version: Windows 5.1.2600 Service Pack 3

    16:15:23.093 Number of processors: 1 586 0x408

    16:15:23.093 ComputerName: MDAUB588 UserName: matolis

    16:15:24.171 Initialize success

    16:17:15.937 AVAST engine defs: 13040101

    16:17:30.265 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e

    16:17:30.265 Disk 0 Vendor: WDC_WD800BB-63JKC0 05.01C05 Size: 76319MB BusType: 3

    16:17:30.265 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\SI3112r1Port2Path0Target0Lun0

    16:17:30.265 Disk 1 Vendor: SiI_____ 1100 Size: 953878MB BusType: 1

    16:17:30.343 Disk 1 MBR read successfully

    16:17:30.343 Disk 1 MBR scan

    16:17:30.359 Disk 1 Windows XP default MBR code

    16:17:30.359 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953875 MB offset 63

    16:17:30.375 Disk 1 scanning sectors +1953536130

    16:17:30.406 Disk 1 scanning C:\WINDOWS\system32\drivers

    16:17:43.593 Service scanning

    16:17:48.187 Service kl1 C:\WINDOWS\system32\DRIVERS\kl1.sys **LOCKED** 5

    16:17:48.281 Service klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys **LOCKED** 5

    16:17:48.296 Service klkbdflt C:\WINDOWS\system32\DRIVERS\klkbdflt.sys **LOCKED** 5

    16:17:48.328 Service klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys **LOCKED** 5

    16:17:48.343 Service kltdi C:\WINDOWS\system32\DRIVERS\kltdi.sys **LOCKED** 5

    16:17:48.406 Service kneps C:\WINDOWS\system32\DRIVERS\kneps.sys **LOCKED** 5

    16:17:53.203 Modules scanning

    16:17:56.656 Disk 1 trace - called modules:

    16:17:56.671 ntkrnlpa.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll SI3112r.sys

    16:17:56.671 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a63c608]

    16:17:56.671 3 CLASSPNP.SYS[ba0a8fd7] -> nt!IofCallDriver -> \Device\Scsi\SI3112r1Port2Path0Target0Lun0[0x8a62fa38]

    16:17:57.703 AVAST engine scan C:\WINDOWS

    16:18:01.906 AVAST engine scan C:\WINDOWS\system32

    16:21:37.734 AVAST engine scan C:\WINDOWS\system32\drivers

    16:22:02.812 AVAST engine scan C:\Documents and Settings\matolis

    16:23:02.062 AVAST engine scan C:\Documents and Settings\All Users

    16:23:51.640 Scan finished successfully

    16:26:52.656 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\matolis\Desktop\MBR.dat"

    16:26:52.656 The log file has been saved successfully to "C:\Documents and Settings\matolis\Desktop\aswMBR.txt"

    I had to run "Roguekiller" twice because the first time I ran it I had forgotten to close down my other programs(mbam, Kaspersky ect) sorry about that this is confusiing, but RK made 3 reports.

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com

    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website : http://tigzy.geekstogo.com/roguekiller.php

    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

    Started in : Normal mode

    User : matolis [Admin rights]

    Mode : Scan -- Date : 04/01/2013 16:36:15

    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤

    [RUN][sUSP PATH] HKLM\[...]\Run : SearchProtection (C:\Documents and Settings\All Users\Application Data\Search Protection\_run.bat) [-] -> FOUND

    [HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    SSDT[122] : NtOpenProcess @ 0x805C1462 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0x96192C4C)

    SSDT[128] : NtOpenThread @ 0x805C16EE -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0x96192D3C)

    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD800BB-63JKC0 +++++

    --- User ---

    [MBR] e830bfbade9ae6845a724b66390a44da

    [bSP] 873b6688299a642a951645c4e274ccac : Windows XP MBR Code

    Partition table:

    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    +++++ PhysicalDrive1: SiI RAID 0 Set 0 SCSI Disk Device +++++

    --- User ---

    [MBR] fd3085d2deb2d7a3800d077ee06bcb8a

    [bSP] 29de1555f20f4574cd04076ba872fded : Windows XP MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953875 Mo

    User = LL1 ... OK!

    Error reading LL2 MBR!

    Finished : << RKreport[1]_S_04012013_02d1636.txt >>

    RKreport[1]_S_04012013_02d1636.txt

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com

    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website : http://tigzy.geekstogo.com/roguekiller.php

    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

    Started in : Normal mode

    User : matolis [Admin rights]

    Mode : Remove -- Date : 04/01/2013 16:37:01

    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤

    [RUN][sUSP PATH] HKLM\[...]\Run : SearchProtection (C:\Documents and Settings\All Users\Application Data\Search Protection\_run.bat) [-] -> DELETED

    [HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)

    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    SSDT[122] : NtOpenProcess @ 0x805C1462 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0x96192C4C)

    SSDT[128] : NtOpenThread @ 0x805C16EE -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0x96192D3C)

    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD800BB-63JKC0 +++++

    --- User ---

    [MBR] e830bfbade9ae6845a724b66390a44da

    [bSP] 873b6688299a642a951645c4e274ccac : Windows XP MBR Code

    Partition table:

    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!

    +++++ PhysicalDrive1: SiI RAID 0 Set 0 SCSI Disk Device +++++

    --- User ---

    [MBR] fd3085d2deb2d7a3800d077ee06bcb8a

    [bSP] 29de1555f20f4574cd04076ba872fded : Windows XP MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953875 Mo

    User = LL1 ... OK!

    Error reading LL2 MBR!

    Finished : << RKreport[2]_D_04012013_02d1637.txt >>

    RKreport[1]_S_04012013_02d1636.txt ; RKreport[2]_D_04012013_02d1637.txt

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

    mail : tigzyRK<at>gmail<dot>com

    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website : http://tigzy.geekstogo.com/roguekiller.php

    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

    Started in : Normal mode

    User : matolis [Admin rights]

    Mode : Shortcuts HJfix -- Date : 04/01/2013 16:38:14

    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ File attributes restored: ¤¤¤

    Desktop: Success 0 / Fail 0

    Quick launch: Success 0 / Fail 0

    Programs: Success 6 / Fail 0

    Start menu: Success 0 / Fail 0

    User folder: Success 51 / Fail 0

    My documents: Success 0 / Fail 0

    My favorites: Success 0 / Fail 0

    My pictures: Success 0 / Fail 0

    My music: Success 0 / Fail 0

    My videos: Success 0 / Fail 0

    Local drives: Success 64 / Fail 0

    Backup: [NOT FOUND]

    Drives:

    [A:] \Device\Floppy0 -- 0x2 --> Skipped

    [C:] \Device\HarddiskVolume1 -- 0x3 --> Restored

    [D:] \Device\CdRom0 -- 0x5 --> Skipped

    [E:] \Device\HarddiskVolume2 -- 0x3 --> Restored

    Finished : << RKreport[3]_SC_04012013_02d1638.txt >>

    RKreport[1]_S_04012013_02d1636.txt ; RKreport[2]_D_04012013_02d1637.txt ; RKreport[3]_SC_04012013_02d1638.txt

  8. This problem happens contiunally and at random. It happens when I go online, but never does it happen offline and from what I've read of other people with this problem it could likely be a virus or malware of some kind or a backdoor trojin. I was referred here by one of the experts from General Malwarebytes Anti-malware forum" someone please help me determine if I do indeed have some kind of malicious attack on my PC or if it is merely a software glitch.

    here are my PC's stats.

    DDS (Ver_2012-11-20.01) - NTFS_x86

    Internet Explorer: 8.0.6001.18702

    Run by matolis at 14:56:48 on 2013-04-01

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1361 [GMT -5:00]

    .

    AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

    AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

    FW: Lavasoft Ad-Aware *Disabled*

    FW: Kaspersky Internet Security *Disabled*

    .

    ============== Running Processes ================

    .

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\Program Files\Creative\Shared Files\CTAudSvc.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe

    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

    C:\WINDOWS\CTHELPER.EXE

    C:\WINDOWS\system32\CTXFIHLP.EXE

    C:\Program Files\Razer\razertra.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe

    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

    C:\Documents and Settings\All Users\Application Data\Search Protection\SearchProtection.exe

    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs

    C:\WINDOWS\system32\svchost.exe -k LocalService

    C:\WINDOWS\system32\svchost.exe -k LocalService

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = about:blank

    mStart Page = about:blank

    uURLSearchHooks: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll

    BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

    BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll

    BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll

    BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll

    TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

    mRun: [CTHelper] CTHELPER.EXE

    mRun: [updReg] c:\windows\UpdReg.EXE

    mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

    mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k

    mRun: [CTxfiHlp] CTXFIHLP.EXE

    mRun: [razertra] c:\program files\razer\razertra.exe

    mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"

    mRun: [searchProtection] c:\documents and settings\all users\application data\search protection\_run.bat

    mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run

    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"

    mRunOnce: [Z1] cmd /c "e:\mbar\mbar.exe" /cleanup /s

    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

    mPolicies-Explorer: NoDriveTypeAutoRun = dword:28

    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

    IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm

    IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll

    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll

    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1363374798406

    Notify: AtiExtEvent - Ati2evxx.dll

    Notify: klogon - c:\windows\system32\klogon.dll

    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-3-25 13560]

    R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2012-6-19 136024]

    R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2013-3-15 116264]

    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2013-3-15 586584]

    R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 43608]

    R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344]

    R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2013-2-21 1236336]

    R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 356376]

    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-15 682344]

    R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]

    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]

    R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]

    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2012-6-27 35672]

    R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 24408]

    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 24920]

    R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-3-31 35144]

    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-15 21104]

    S1 1502209drv;1502209drv;c:\windows\system32\drivers\1502209drv.sys [2013-3-20 475736]

    S2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2012-9-20 3677000]

    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2013-3-17 99856]

    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2013-3-21 79360]

    S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]

    S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]

    S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]

    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2013-3-25 25832]

    .

    =============== Created Last 30 ================

    .

    2013-03-31 11:29:07 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

    2013-03-29 18:51:11 -------- d-----w- c:\documents and settings\all users\application data\EA Core

    2013-03-29 18:51:06 -------- d-----w- c:\documents and settings\all users\application data\EA Logs

    2013-03-29 18:02:42 -------- d--h--w- c:\program files\common files\EAInstaller

    2013-03-29 18:02:22 -------- d-----w- c:\program files\NVIDIA Corporation

    2013-03-29 15:37:47 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

    2013-03-29 09:43:44 -------- d-----w- c:\program files\Origin Games

    2013-03-29 09:43:43 -------- d-----w- c:\documents and settings\matolis\local settings\application data\Origin

    2013-03-29 09:43:42 -------- d-----w- c:\documents and settings\matolis\application data\Origin

    2013-03-29 09:43:30 -------- d-----w- c:\documents and settings\all users\application data\Origin

    2013-03-29 09:43:30 -------- d-----w- c:\documents and settings\all users\application data\Electronic Arts

    2013-03-29 09:43:09 -------- d-----w- c:\program files\Origin

    2013-03-29 07:52:46 -------- d-----w- c:\program files\MSXML 4.0

    2013-03-29 07:38:01 -------- d-----w- c:\program files\Microsoft Games

    2013-03-29 07:02:44 -------- d-----w- C:\Games

    2013-03-29 06:43:03 -------- d-----w- c:\documents and settings\all users\application data\BioWare

    2013-03-29 06:01:18 -------- d-----w- c:\program files\Mass Effect 2

    2013-03-25 17:33:52 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP

    2013-03-25 17:00:28 -------- d-----w- c:\program files\Dragon Age

    2013-03-25 15:12:26 -------- d-----w- c:\program files\common files\BioWare

    2013-03-25 14:54:24 -------- d-----w- c:\program files\Mass Effect

    2013-03-25 07:47:23 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Antivirus

    2013-03-25 07:47:22 -------- d-----w- c:\documents and settings\matolis\application data\LavasoftStatistics

    2013-03-25 07:42:35 -------- d-----w- c:\program files\Ad-Aware Antivirus

    2013-03-25 07:41:55 -------- d-----w- c:\documents and settings\all users\application data\Downloaded Installations

    2013-03-25 07:41:46 -------- d-----w- c:\documents and settings\matolis\local settings\application data\adawarebp

    2013-03-25 07:41:46 -------- d-----w- c:\documents and settings\all users\application data\Search Protection

    2013-03-25 07:41:45 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars

    2013-03-25 07:41:45 -------- d-----w- c:\documents and settings\all users\application data\adawaretb

    2013-03-25 07:41:43 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection

    2013-03-25 07:41:06 -------- d-----w- c:\program files\Toolbar Cleaner

    2013-03-25 07:40:59 -------- d-----w- c:\documents and settings\matolis\application data\SecureSearch

    2013-03-25 07:40:54 -------- d-----w- c:\program files\adawaretb

    2013-03-25 07:40:54 -------- d-----w- c:\documents and settings\matolis\application data\adawaretb

    2013-03-25 07:39:30 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys

    2013-03-25 07:39:29 44424 ----a-w- c:\windows\system32\sbbd.exe

    2013-03-25 07:39:19 -------- d-----w- c:\documents and settings\matolis\application data\Ad-Aware Antivirus

    2013-03-21 19:31:39 -------- d-----w- c:\program files\common files\Wise Installation Wizard

    2013-03-21 17:10:20 -------- d-----w- c:\documents and settings\matolis\local settings\application data\Adobe

    2013-03-21 17:03:24 -------- d-----w- c:\documents and settings\matolis\local settings\application data\WMTools Downloaded Files

    2013-03-21 16:51:45 57344 ----a-w- c:\windows\system32\razer.cpl

    2013-03-21 16:51:45 38904 ----a-w- c:\windows\system32\drivers\razerusb.sys

    2013-03-21 16:39:11 102400 ----a-w- c:\windows\system32\cttele32.dll

    2013-03-21 16:39:03 -------- d-----w- c:\program files\OpenAL

    2013-03-21 16:35:39 22691984 ----a-w- c:\windows\system32\AppSetup.exe

    2013-03-21 16:32:07 -------- d-----w- c:\program files\common files\Creative Labs Shared

    2013-03-21 07:23:19 -------- d--h--w- c:\windows\PIF

    2013-03-21 03:43:37 475736 ----a-w- c:\windows\system32\drivers\1502209drv.sys

    2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

    2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

    2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

    2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

    2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

    2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

    2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

    2013-03-21 02:16:48 -------- d-----w- c:\documents and settings\matolis\local settings\application data\Apple

    2013-03-21 02:16:13 -------- d-----w- c:\documents and settings\matolis\local settings\application data\Apple Computer

    2013-03-21 02:05:38 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2013-03-21 02:05:38 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2013-03-19 10:05:59 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll

    2013-03-19 10:04:19 -------- d--h--w- c:\windows\msdownld.tmp

    2013-03-19 10:04:04 -------- d-----w- c:\windows\Logs

    2013-03-19 08:21:36 -------- d-----w- c:\windows\pss

    2013-03-17 17:37:57 -------- d-----w- c:\documents and settings\matolis\local settings\application data\ATI

    2013-03-17 17:35:23 99856 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys

    2013-03-17 17:33:27 -------- d-----w- C:\AMD

    2013-03-17 16:48:05 -------- d-----w- c:\program files\CCleaner

    2013-03-17 04:50:42 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

    2013-03-17 04:47:46 -------- d-----w- C:\USBVaccine

    2013-03-16 22:19:12 -------- d-----w- c:\program files\Windows Media Connect 2

    2013-03-16 22:17:59 -------- d-----w- c:\windows\system32\LogFiles

    2013-03-16 03:55:05 -------- d-----w- c:\windows\system32\XPSViewer

    2013-03-16 03:54:39 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

    2013-03-16 03:54:39 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

    2013-03-16 03:54:39 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    2013-03-16 03:54:39 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

    2013-03-16 03:54:39 575488 ------w- c:\windows\system32\xpsshhdr.dll

    2013-03-16 03:54:39 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

    2013-03-16 03:54:39 1676288 ------w- c:\windows\system32\xpssvcs.dll

    2013-03-16 03:54:39 117760 ------w- c:\windows\system32\prntvpt.dll

    2013-03-16 03:54:38 -------- d-----w- C:\70a2473e871645d7e4

    2013-03-15 21:13:51 -------- d-sh--w- c:\documents and settings\matolis\PrivacIE

    2013-03-15 21:13:50 -------- d-sh--w- c:\documents and settings\matolis\IECompatCache

    2013-03-15 21:05:26 -------- d-sh--w- c:\documents and settings\matolis\IETldCache

    2013-03-15 19:48:31 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

    2013-03-15 19:48:02 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll

    2013-03-15 19:47:43 -------- d-----w- c:\windows\ie8updates

    2013-03-15 19:47:37 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

    2013-03-15 19:47:37 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll

    2013-03-15 19:47:37 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

    2013-03-15 19:47:37 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

    2013-03-15 19:47:37 2004992 -c----w- c:\windows\system32\dllcache\iertutil.dll

    2013-03-15 19:47:37 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

    2013-03-15 19:47:37 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll

    2013-03-15 19:46:34 -------- dc-h--w- c:\windows\ie8

    2013-03-15 19:30:52 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys

    2013-03-15 19:27:34 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

    2013-03-15 19:27:34 3072 ------w- c:\windows\system32\iacenc.dll

    2013-03-15 19:25:54 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

    2013-03-15 19:18:13 2193024 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

    2013-03-15 19:18:13 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

    2013-03-15 19:18:12 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

    2013-03-15 19:18:04 5120 ----a-w- c:\windows\system32\xpsp4res.dll

    2013-03-15 19:17:18 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

    2013-03-15 19:17:18 272128 ------w- c:\windows\system32\drivers\bthport.sys

    2013-03-15 19:15:53 26144 ----a-w- c:\windows\system32\spupdsvc.exe

    2013-03-15 19:15:53 -------- d-----w- c:\windows\system32\PreInstall

    2013-03-15 19:15:52 -------- d--h--w- c:\windows\$hf_mig$

    2013-03-15 19:13:14 -------- d-sh--w- c:\documents and settings\matolis\UserData

    2013-03-15 19:04:53 -------- d-----w- c:\windows\system32\SoftwareDistribution

    2013-03-15 17:20:11 -------- d-----w- c:\documents and settings\matolis\application data\Malwarebytes

    2013-03-15 17:19:57 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

    2013-03-15 17:19:56 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

    2013-03-15 17:19:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2013-03-15 17:05:28 -------- d-----w- c:\program files\Kaspersky Lab

    2013-03-15 17:05:28 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab

    2013-03-15 17:05:22 74072 ----a-w- c:\windows\system32\drivers\klflt.sys

    2013-03-15 16:54:46 7062 ----a-w- c:\windows\system32\audiopid.vxd

    2013-03-15 16:54:35 647872 ------w- c:\windows\system32\Mscomct2.ocx

    2013-03-15 16:54:35 41984 ------w- c:\windows\Ctregrun.exe

    2013-03-15 16:54:22 90112 ------w- c:\windows\Updreg.EXE

    2013-03-15 16:53:52 445016 ----a-w- c:\windows\system32\wrap_oal.dll

    2013-03-15 16:53:52 109144 ----a-w- c:\windows\system32\OpenAL32.dll

    2013-03-15 16:53:20 10240 ----a-w- c:\windows\CTDCRES.DLL

    2013-03-15 16:53:20 -------- d-----w- c:\windows\system32\Data

    2013-03-15 16:52:41 -------- d-----w- c:\program files\Creative

    2013-03-15 14:25:00 -------- d-sh--r- C:\acroldr

    2013-03-15 10:18:57 -------- d--h--w- c:\windows\system32\GroupPolicy

    2013-03-15 09:19:52 0 ----a-w- c:\windows\ativpsrm.bin

    2013-03-15 09:12:59 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll

    2013-03-15 09:12:59 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll

    2013-03-15 09:12:59 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll

    2013-03-15 09:12:59 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll

    2013-03-15 09:12:59 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll

    2013-03-15 09:03:45 -------- d-----w- c:\documents and settings\matolis\local settings\application data\ApplicationHistory

    2013-03-15 09:02:50 -------- d-----w- c:\windows\system32\URTTemp

    2013-03-15 08:55:46 19240 ----a-r- c:\windows\system32\drivers\SiWinAcc.sys

    2013-03-15 08:55:46 118824 ----a-r- c:\windows\system32\SilSupp.dll

    2013-03-15 08:55:46 116264 ----a-r- c:\windows\system32\drivers\SI3112r.sys

    2013-03-15 08:35:32 117248 ----a-r- c:\windows\system32\drivers\viamraid.sys

    2013-03-15 08:18:56 27904 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS

    2013-03-15 08:18:52 -------- d-----w- c:\windows\system32\ReinstallBackups

    2013-03-15 08:18:29 306688 ----a-w- c:\windows\IsUninst.exe

    2013-03-15 08:18:21 -------- d-----w- c:\documents and settings\matolis\WINDOWS

    2013-03-15 08:15:05 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS

    .

    ==================== Find3M ====================

    .

    2013-03-15 16:35:09 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys

    2013-03-15 16:35:08 24920 ----a-w- c:\windows\system32\drivers\klmouflt.sys

    2013-03-15 16:35:08 24408 ----a-w- c:\windows\system32\drivers\klkbdflt.sys

    2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys

    2013-02-06 10:48:44 81920 ------w- c:\windows\system32\ieencode.dll

    2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll

    2013-02-05 20:05:46 43520 ------w- c:\windows\system32\licmgr10.dll

    2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl

    2013-02-05 05:53:57 385024 ------w- c:\windows\system32\html.iec

    2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll

    2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe

    2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe

    2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys

    2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax

    2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll

    .

    ============= FINISH: 14:57:41.96 ===============

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2012-11-20.01)

    .

    Microsoft Windows XP Professional

    Boot Device: \Device\HarddiskVolume1

    Install Date: 3/15/2013 2:16:14 AM

    System Uptime: 4/1/2013 2:20:07 PM (0 hours ago)

    .

    Motherboard: ASUSTeK Computer Inc. | | K8V

    Processor: AMD Athlon 64 Processor 3200+ | Socket 754 | 2002/200mhz

    .

    ==== Disk Partitions =========================

    .

    A: is Removable

    C: is FIXED (NTFS) - 932 GiB total, 842.072 GiB free.

    D: is CDROM ()

    E: is FIXED (NTFS) - 75 GiB total, 73.977 GiB free.

    .

    ==== Disabled Device Manager Items =============

    .

    Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}

    Description: AMD High Definition Audio Device

    Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&2D021E0F&0&0001

    Manufacturer: Advanced Micro Devices

    Name: AMD High Definition Audio Device

    PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&2D021E0F&0&0001

    Service: AtiHDAudioService

    .

    Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}

    Description: VIA RAID Controller - 3149

    Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_80ED1043&REV_80\3&267A616A&0&78

    Manufacturer: VIA Technologies, Inc.

    Name: VIA RAID Controller - 3149

    PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_80ED1043&REV_80\3&267A616A&0&78

    Service: viamraid

    .

    ==== System Restore Points ===================

    .

    No restore point in system.

    .

    ==== Installed Programs ======================

    .

    Ad-Aware Antivirus

    Ad-Aware Security Add-on

    Adobe Flash Player 11 ActiveX

    Adobe Reader XI (11.0.02)

    AMD Catalyst Install Manager

    Apple Application Support

    Apple Software Update

    Catalyst Control Center

    Catalyst Control Center - Branding

    Catalyst Control Center Graphics Previews Common

    Catalyst Control Center InstallProxy

    Catalyst Control Center Localization All

    ccc-utility

    CCC Help Chinese Standard

    CCC Help Chinese Traditional

    CCC Help Czech

    CCC Help Danish

    CCC Help Dutch

    CCC Help English

    CCC Help Finnish

    CCC Help French

    CCC Help German

    CCC Help Greek

    CCC Help Hungarian

    CCC Help Italian

    CCC Help Japanese

    CCC Help Korean

    CCC Help Norwegian

    CCC Help Polish

    CCC Help Portuguese

    CCC Help Russian

    CCC Help Spanish

    CCC Help Swedish

    CCC Help Thai

    CCC Help Turkish

    CCleaner

    Creative Audio Control Panel

    Creative Console Launcher

    Creative Software AutoUpdate

    Creative System Information

    Creative WaveStudio 7

    DARK VOID

    Dragon Age: Origins

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

    Hotfix for Windows XP (KB954550-v5)

    Kaspersky Internet Security 2013

    Malwarebytes Anti-Malware version 1.70.0.1100

    Mass Effect

    Mass Effect 2

    Mass Effect™ 3

    Microsoft .NET Framework 1.1

    Microsoft .NET Framework 1.1 Security Update (KB2742597)

    Microsoft .NET Framework 2.0 Service Pack 2

    Microsoft .NET Framework 3.0 Service Pack 2

    Microsoft .NET Framework 3.5 SP1

    Microsoft Compression Client Pack 1.0 for Windows XP

    Microsoft Flight Simulator X

    Microsoft User-Mode Driver Framework Feature Pack 1.0

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    MSXML 4.0 SP2 Parser and SDK

    NVIDIA PhysX

    OpenAL

    Origin

    QuickTime

    Razer

    redist

    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

    Security Update for Windows Internet Explorer 8 (KB2510531)

    Security Update for Windows Internet Explorer 8 (KB2618444)

    Security Update for Windows Internet Explorer 8 (KB2744842)

    Security Update for Windows Internet Explorer 8 (KB2797052)

    Security Update for Windows Internet Explorer 8 (KB2809289)

    Security Update for Windows Internet Explorer 8 (KB982381)

    Security Update for Windows XP (KB923789)

    Sound Blaster X-Fi

    Two Worlds

    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

    Update for Windows Internet Explorer 8 (KB2598845)

    Update for Windows Internet Explorer 8 (KB2632503)

    WebFldrs XP

    Windows Genuine Advantage Notifications (KB905474)

    Windows Genuine Advantage Validation Tool (KB892130)

    Windows Internet Explorer 8

    Windows Media Format 11 runtime

    Windows Media Player 11

    .

    ==== Event Viewer Messages From Past Week ========

    .

    4/1/2013 2:20:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: gagp30kx

    4/1/2013 2:17:59 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.

    3/31/2013 9:30:59 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Ad-Aware service to connect.

    3/31/2013 9:30:59 AM, error: Service Control Manager [7000] - The Ad-Aware service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    3/31/2013 9:30:54 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service SBAMSvc with arguments "" in order to run the server: {FE7E09CE-BBF4-4698-8BC1-37C9002DAA43}

    3/25/2013 8:13:41 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

    3/25/2013 8:13:41 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    3/25/2013 6:35:13 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.

    3/25/2013 6:35:13 AM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    3/25/2013 12:56:20 PM, error: Application Popup [877] - There was error [DATABASE OPEN FAILED] processing the driver database.

    .

    ==== End Of File ===========================

  9. Please run the Check Tool and DDS Logs tool below and ATTACH your results so someone can review them so we can see if we can tell what is going on...

    Please post an mbam-check log:

    Create an mbam-check log:

    • Download mbam-check.exe from here and save it to your desktop
    • Double-click on mbam-check.exe to run it, it should then open a log file
    • Please attach the CheckResults.txt file which should now be located on your desktop to your next reply

    Next, Please run the following scanner and send back the logs.

    Download DDS from one of the locations below and save to your Desktop

    dds.scr

    dds.com

    Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

    Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

    Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

    Click the Run button if prompted with an Open File - Security Warning dialog box.

    A black DOS console should open and run for a moment.


    • When done, DDS will open two (2) logs:

      1. DDS.txt
      2. Attach.txt



    • Save both reports to your desktop
    • Please include the following logs in your next reply: DDS.txt and Attach.txt
      You can ignore the note about zipping the Attach.txt file in most cases.

    DDS (Ver_2012-11-20.01) - NTFS_x86

    Internet Explorer: 8.0.6001.18702

    Run by matolis at 9:25:47 on 2013-03-31

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1301 [GMT -5:00]

    .

    AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

    AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

    FW: Lavasoft Ad-Aware *Disabled*

    FW: Kaspersky Internet Security *Disabled*

    .

    ============== Running Processes ================

    .

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Creative\Shared Files\CTAudSvc.exe

    C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe

    C:\WINDOWS\CTHELPER.EXE

    C:\WINDOWS\system32\CTXFIHLP.EXE

    C:\Program Files\Razer\razertra.exe

    C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe

    C:\Documents and Settings\All Users\Application Data\Search Protection\SearchProtection.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe

    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe

    C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs

    C:\WINDOWS\system32\svchost.exe -k LocalService

    C:\WINDOWS\system32\svchost.exe -k LocalService

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = about:blank

    mStart Page = about:blank

    uURLSearchHooks: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll

    BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

    BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll

    BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll

    BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll

    TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

    mRun: [CTHelper] CTHELPER.EXE

    mRun: [updReg] c:\windows\UpdReg.EXE

    mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

    mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k

    mRun: [CTxfiHlp] CTXFIHLP.EXE

    mRun: [razertra] c:\program files\razer\razertra.exe

    mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"

    mRun: [searchProtection] c:\documents and settings\all users\application data\search protection\_run.bat

    mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run

    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"

    mRunOnce: [Z1] cmd /c "e:\mbar-1.01.0.1021\mbar\mbar.exe" /cleanup /s

    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

    mPolicies-Explorer: NoDriveTypeAutoRun = dword:28

    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

    IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll

    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll

    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1363374798406

    Notify: AtiExtEvent - Ati2evxx.dll

    Notify: klogon - c:\windows\system32\klogon.dll

    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-3-25 13560]

    R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2012-6-19 136024]

    R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2013-3-15 116264]

    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2013-3-15 586584]

    R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 43608]

    R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344]

    R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2013-2-21 1236336]

    R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]

    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]

    R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]

    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2013-3-25 25832]

    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2012-6-27 35672]

    R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 24408]

    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 24920]

    R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-3-31 35144]

    S1 1502209drv;1502209drv;c:\windows\system32\drivers\1502209drv.sys [2013-3-20 475736]

    S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 356376]

    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-15 682344]

    S2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2012-9-20 3677000]

    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2013-3-17 99856]

    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2013-3-21 79360]

    S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]

    S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]

    S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]

    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-15 21104]

    .

    =============== Created Last 30 ================

    .

    2013-03-31 11:29:07 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

    2013-03-29 18:51:11 -------- d-----w- c:\documents and settings\all users\application data\EA Core

    2013-03-29 18:51:06 -------- d-----w- c:\documents and settings\all users\application data\EA Logs

    2013-03-29 18:02:42 -------- d--h--w- c:\program files\common files\EAInstaller

    2013-03-29 18:02:22 -------- d-----w- c:\program files\NVIDIA Corporation

    2013-03-29 15:37:47 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

    2013-03-29 09:43:44 -------- d-----w- c:\program files\Origin Games

    2013-03-29 09:43:43 -------- d-----w- c:\documents and settings\matolis\local settings\application data\Origin

    2013-03-29 09:43:42 -------- d-----w- c:\documents and settings\matolis\application data\Origin

    2013-03-29 09:43:30 -------- d-----w- c:\documents and settings\all users\application data\Origin

    2013-03-29 09:43:30 -------- d-----w- c:\documents and settings\all users\application data\Electronic Arts

    2013-03-29 09:43:09 -------- d-----w- c:\program files\Origin

    2013-03-29 07:52:46 -------- d-----w- c:\program files\MSXML 4.0

    2013-03-29 07:38:01 -------- d-----w- c:\program files\Microsoft Games

    2013-03-29 07:02:44 -------- d-----w- C:\Games

    2013-03-29 06:43:03 -------- d-----w- c:\documents and settings\all users\application data\BioWare

    2013-03-29 06:01:18 -------- d-----w- c:\program files\Mass Effect 2

    2013-03-25 17:33:52 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP

    2013-03-25 17:00:28 -------- d-----w- c:\program files\Dragon Age

    2013-03-25 15:12:26 -------- d-----w- c:\program files\common files\BioWare

    2013-03-25 14:54:24 -------- d-----w- c:\program files\Mass Effect

    2013-03-25 07:47:23 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Antivirus

    2013-03-25 07:47:22 -------- d-----w- c:\documents and settings\matolis\application data\LavasoftStatistics

    2013-03-25 07:42:35 -------- d-----w- c:\program files\Ad-Aware Antivirus

    2013-03-25 07:41:55 -------- d-----w- c:\documents and settings\all users\application data\Downloaded Installations

    2013-03-25 07:41:46 -------- d-----w- c:\documents and settings\matolis\local settings\application data\adawarebp

    2013-03-25 07:41:46 -------- d-----w- c:\documents and settings\all users\application data\Search Protection

    2013-03-25 07:41:45 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars

    2013-03-25 07:41:45 -------- d-----w- c:\documents and settings\all users\application data\adawaretb

    2013-03-25 07:41:43 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection

    2013-03-25 07:41:06 -------- d-----w- c:\program files\Toolbar Cleaner

    2013-03-25 07:40:59 -------- d-----w- c:\documents and settings\matolis\application data\SecureSearch

    2013-03-25 07:40:54 -------- d-----w- c:\program files\adawaretb

    2013-03-25 07:40:54 -------- d-----w- c:\documents and settings\matolis\application data\adawaretb

    2013-03-25 07:39:30 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys

    2013-03-25 07:39:29 44424 ----a-w- c:\windows\system32\sbbd.exe

    2013-03-25 07:39:19 -------- d-----w- c:\documents and settings\matolis\application data\Ad-Aware Antivirus

    2013-03-21 19:31:39 -------- d-----w- c:\program files\common files\Wise Installation Wizard

    2013-03-21 17:10:20 -------- d-----w- c:\documents and settings\matolis\local settings\application data\Adobe

    2013-03-21 17:03:24 -------- d-----w- c:\documents and settings\matolis\local settings\application data\WMTools Downloaded Files

    2013-03-21 16:51:45 57344 ----a-w- c:\windows\system32\razer.cpl

    2013-03-21 16:51:45 38904 ----a-w- c:\windows\system32\drivers\razerusb.sys

    2013-03-21 16:39:11 102400 ----a-w- c:\windows\system32\cttele32.dll

    2013-03-21 16:39:03 -------- d-----w- c:\program files\OpenAL

    2013-03-21 16:35:39 22691984 ----a-w- c:\windows\system32\AppSetup.exe

    2013-03-21 16:32:07 -------- d-----w- c:\program files\common files\Creative Labs Shared

    2013-03-21 07:23:19 -------- d--h--w- c:\windows\PIF

    2013-03-21 03:43:37 475736 ----a-w- c:\windows\system32\drivers\1502209drv.sys

    2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

    2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

    2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

    2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

    2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

    2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

    2013-03-21 02:17:23 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

    2013-03-21 02:16:48 -------- d-----w- c:\documents and settings\matolis\local settings\application data\Apple

    2013-03-21 02:16:13 -------- d-----w- c:\documents and settings\matolis\local settings\application data\Apple Computer

    2013-03-21 02:05:38 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2013-03-21 02:05:38 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2013-03-19 10:05:59 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll

    2013-03-19 10:04:19 -------- d--h--w- c:\windows\msdownld.tmp

    2013-03-19 10:04:04 -------- d-----w- c:\windows\Logs

    2013-03-19 08:21:36 -------- d-----w- c:\windows\pss

    2013-03-17 17:37:57 -------- d-----w- c:\documents and settings\matolis\local settings\application data\ATI

    2013-03-17 17:35:23 99856 ----a-w- c:\windows\system32\drivers\AtihdXP3.sys

    2013-03-17 17:33:27 -------- d-----w- C:\AMD

    2013-03-17 16:48:05 -------- d-----w- c:\program files\CCleaner

    2013-03-17 04:50:42 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

    2013-03-17 04:47:46 -------- d-----w- C:\USBVaccine

    2013-03-16 22:19:12 -------- d-----w- c:\program files\Windows Media Connect 2

    2013-03-16 22:17:59 -------- d-----w- c:\windows\system32\LogFiles

    2013-03-16 03:55:05 -------- d-----w- c:\windows\system32\XPSViewer

    2013-03-16 03:54:39 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

    2013-03-16 03:54:39 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

    2013-03-16 03:54:39 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    2013-03-16 03:54:39 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

    2013-03-16 03:54:39 575488 ------w- c:\windows\system32\xpsshhdr.dll

    2013-03-16 03:54:39 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

    2013-03-16 03:54:39 1676288 ------w- c:\windows\system32\xpssvcs.dll

    2013-03-16 03:54:39 117760 ------w- c:\windows\system32\prntvpt.dll

    2013-03-16 03:54:38 -------- d-----w- C:\70a2473e871645d7e4

    2013-03-15 21:13:51 -------- d-sh--w- c:\documents and settings\matolis\PrivacIE

    2013-03-15 21:13:50 -------- d-sh--w- c:\documents and settings\matolis\IECompatCache

    2013-03-15 21:05:26 -------- d-sh--w- c:\documents and settings\matolis\IETldCache

    2013-03-15 19:48:31 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

    2013-03-15 19:48:02 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll

    2013-03-15 19:47:43 -------- d-----w- c:\windows\ie8updates

    2013-03-15 19:47:37 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

    2013-03-15 19:47:37 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll

    2013-03-15 19:47:37 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

    2013-03-15 19:47:37 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

    2013-03-15 19:47:37 2004992 -c----w- c:\windows\system32\dllcache\iertutil.dll

    2013-03-15 19:47:37 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

    2013-03-15 19:47:37 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll

    2013-03-15 19:46:34 -------- dc-h--w- c:\windows\ie8

    2013-03-15 19:30:52 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys

    2013-03-15 19:27:34 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

    2013-03-15 19:27:34 3072 ------w- c:\windows\system32\iacenc.dll

    2013-03-15 19:25:54 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

    2013-03-15 19:18:13 2193024 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

    2013-03-15 19:18:13 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

    2013-03-15 19:18:12 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

    2013-03-15 19:18:04 5120 ----a-w- c:\windows\system32\xpsp4res.dll

    2013-03-15 19:17:18 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

    2013-03-15 19:17:18 272128 ------w- c:\windows\system32\drivers\bthport.sys

    2013-03-15 19:15:53 26144 ----a-w- c:\windows\system32\spupdsvc.exe

    2013-03-15 19:15:53 -------- d-----w- c:\windows\system32\PreInstall

    2013-03-15 19:15:52 -------- d--h--w- c:\windows\$hf_mig$

    2013-03-15 19:13:14 -------- d-sh--w- c:\documents and settings\matolis\UserData

    2013-03-15 19:04:53 -------- d-----w- c:\windows\system32\SoftwareDistribution

    2013-03-15 17:20:11 -------- d-----w- c:\documents and settings\matolis\application data\Malwarebytes

    2013-03-15 17:19:57 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

    2013-03-15 17:19:56 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

    2013-03-15 17:19:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2013-03-15 17:05:28 -------- d-----w- c:\program files\Kaspersky Lab

    2013-03-15 17:05:28 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab

    2013-03-15 17:05:22 74072 ----a-w- c:\windows\system32\drivers\klflt.sys

    2013-03-15 16:54:46 7062 ----a-w- c:\windows\system32\audiopid.vxd

    2013-03-15 16:54:35 647872 ------w- c:\windows\system32\Mscomct2.ocx

    2013-03-15 16:54:35 41984 ------w- c:\windows\Ctregrun.exe

    2013-03-15 16:54:22 90112 ------w- c:\windows\Updreg.EXE

    2013-03-15 16:53:52 445016 ----a-w- c:\windows\system32\wrap_oal.dll

    2013-03-15 16:53:52 109144 ----a-w- c:\windows\system32\OpenAL32.dll

    2013-03-15 16:53:20 10240 ----a-w- c:\windows\CTDCRES.DLL

    2013-03-15 16:53:20 -------- d-----w- c:\windows\system32\Data

    2013-03-15 16:52:41 -------- d-----w- c:\program files\Creative

    2013-03-15 14:25:00 -------- d-sh--r- C:\acroldr

    2013-03-15 10:18:57 -------- d--h--w- c:\windows\system32\GroupPolicy

    2013-03-15 09:19:52 0 ----a-w- c:\windows\ativpsrm.bin

    2013-03-15 09:12:59 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll

    2013-03-15 09:12:59 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll

    2013-03-15 09:12:59 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll

    2013-03-15 09:12:59 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll

    2013-03-15 09:12:59 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll

    2013-03-15 09:03:45 -------- d-----w- c:\documents and settings\matolis\local settings\application data\ApplicationHistory

    2013-03-15 09:02:50 -------- d-----w- c:\windows\system32\URTTemp

    2013-03-15 08:55:46 19240 ----a-r- c:\windows\system32\drivers\SiWinAcc.sys

    2013-03-15 08:55:46 118824 ----a-r- c:\windows\system32\SilSupp.dll

    2013-03-15 08:55:46 116264 ----a-r- c:\windows\system32\drivers\SI3112r.sys

    2013-03-15 08:35:32 117248 ----a-r- c:\windows\system32\drivers\viamraid.sys

    2013-03-15 08:18:56 27904 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS

    2013-03-15 08:18:52 -------- d-----w- c:\windows\system32\ReinstallBackups

    2013-03-15 08:18:29 306688 ----a-w- c:\windows\IsUninst.exe

    2013-03-15 08:18:21 -------- d-----w- c:\documents and settings\matolis\WINDOWS

    2013-03-15 08:15:05 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS

    .

    ==================== Find3M ====================

    .

    2013-03-15 16:35:09 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys

    2013-03-15 16:35:08 24920 ----a-w- c:\windows\system32\drivers\klmouflt.sys

    2013-03-15 16:35:08 24408 ----a-w- c:\windows\system32\drivers\klkbdflt.sys

    2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys

    2013-02-06 10:48:44 81920 ------w- c:\windows\system32\ieencode.dll

    2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll

    2013-02-05 20:05:46 43520 ------w- c:\windows\system32\licmgr10.dll

    2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl

    2013-02-05 05:53:57 385024 ------w- c:\windows\system32\html.iec

    2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll

    2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe

    2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe

    2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys

    2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax

    2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll

    .

    ============= FINISH: 9:26:17.46 ===============

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2012-11-20.01)

    .

    Microsoft Windows XP Professional

    Boot Device: \Device\HarddiskVolume1

    Install Date: 3/15/2013 2:16:14 AM

    System Uptime: 3/31/2013 4:44:32 AM (5 hours ago)

    .

    Motherboard: ASUSTeK Computer Inc. | | K8V

    Processor: AMD Athlon™ 64 Processor 3200+ | Socket 754 | 2002/200mhz

    .

    ==== Disk Partitions =========================

    .

    A: is Removable

    C: is FIXED (NTFS) - 932 GiB total, 842.117 GiB free.

    D: is CDROM ()

    E: is FIXED (NTFS) - 75 GiB total, 73.998 GiB free.

    .

    ==== Disabled Device Manager Items =============

    .

    Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}

    Description: AMD High Definition Audio Device

    Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&2D021E0F&0&0001

    Manufacturer: Advanced Micro Devices

    Name: AMD High Definition Audio Device

    PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&2D021E0F&0&0001

    Service: AtiHDAudioService

    .

    Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}

    Description: VIA RAID Controller - 3149

    Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_80ED1043&REV_80\3&267A616A&0&78

    Manufacturer: VIA Technologies, Inc.

    Name: VIA RAID Controller - 3149

    PNP Device ID: PCI\VEN_1106&DEV_3149&SUBSYS_80ED1043&REV_80\3&267A616A&0&78

    Service: viamraid

    .

    ==== System Restore Points ===================

    .

    No restore point in system.

    .

    ==== Installed Programs ======================

    .

    Ad-Aware Antivirus

    Ad-Aware Security Add-on

    Adobe Flash Player 11 ActiveX

    Adobe Reader XI (11.0.02)

    AMD Catalyst Install Manager

    Apple Application Support

    Apple Software Update

    Catalyst Control Center

    Catalyst Control Center - Branding

    Catalyst Control Center Graphics Previews Common

    Catalyst Control Center InstallProxy

    Catalyst Control Center Localization All

    ccc-utility

    CCC Help Chinese Standard

    CCC Help Chinese Traditional

    CCC Help Czech

    CCC Help Danish

    CCC Help Dutch

    CCC Help English

    CCC Help Finnish

    CCC Help French

    CCC Help German

    CCC Help Greek

    CCC Help Hungarian

    CCC Help Italian

    CCC Help Japanese

    CCC Help Korean

    CCC Help Norwegian

    CCC Help Polish

    CCC Help Portuguese

    CCC Help Russian

    CCC Help Spanish

    CCC Help Swedish

    CCC Help Thai

    CCC Help Turkish

    CCleaner

    Creative Audio Control Panel

    Creative Console Launcher

    Creative Software AutoUpdate

    Creative System Information

    Creative WaveStudio 7

    DARK VOID

    Dragon Age: Origins

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

    Hotfix for Windows XP (KB954550-v5)

    Kaspersky Internet Security 2013

    Malwarebytes Anti-Malware version 1.70.0.1100

    Mass Effect

    Mass Effect 2

    Mass Effect™ 3

    Microsoft .NET Framework 1.1

    Microsoft .NET Framework 1.1 Security Update (KB2742597)

    Microsoft .NET Framework 2.0 Service Pack 2

    Microsoft .NET Framework 3.0 Service Pack 2

    Microsoft .NET Framework 3.5 SP1

    Microsoft Compression Client Pack 1.0 for Windows XP

    Microsoft Flight Simulator X

    Microsoft User-Mode Driver Framework Feature Pack 1.0

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    MSXML 4.0 SP2 Parser and SDK

    NVIDIA PhysX

    OpenAL

    Origin

    QuickTime

    Razer

    redist

    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

    Security Update for Windows Internet Explorer 8 (KB2510531)

    Security Update for Windows Internet Explorer 8 (KB2618444)

    Security Update for Windows Internet Explorer 8 (KB2744842)

    Security Update for Windows Internet Explorer 8 (KB2797052)

    Security Update for Windows Internet Explorer 8 (KB2809289)

    Security Update for Windows Internet Explorer 8 (KB982381)

    Security Update for Windows XP (KB923789)

    Sound Blaster X-Fi

    Two Worlds

    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

    Update for Windows Internet Explorer 8 (KB2598845)

    Update for Windows Internet Explorer 8 (KB2632503)

    WebFldrs XP

    Windows Genuine Advantage Notifications (KB905474)

    Windows Genuine Advantage Validation Tool (KB892130)

    Windows Internet Explorer 8

    Windows Media Format 11 runtime

    Windows Media Player 11

    .

    ==== Event Viewer Messages From Past Week ========

    .

    3/25/2013 8:13:41 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

    3/25/2013 8:13:41 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    3/25/2013 6:35:13 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.

    3/25/2013 6:35:13 AM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    3/25/2013 12:56:20 PM, error: Application Popup [877] - There was error [DATABASE OPEN FAILED] processing the driver database.

    .

    ==== End Of File ===========================

    CheckResults.txt

  10. I am using Malwarebytes Anti-malware PRO with the latest defintions and my "Enable malicious website blocking" feature randomly disables itself when I am online(though never when I'm offline) Also I cannot check the "Enable malicious website blocking" box when this happens. Only when I reboot does the feature become re-enabled again. I have no way of telling if I have some kind of virus or malware or not. It happens randomly but only when I'm online. Have repartitioned, reformatted my hard drive numourous times and reinstalled windows, even put a new array of hard disks in and reinstalled Windows XP Pro SP3 but the problem persists. Have done numourous scans with Kaspersky 2013 and Malwarebytes Anti-malware software as well as Malwarebytes rootkit beta software and come up with a "clean bill of health" yet the problem persists.

    Please someone help me determine what the problem is and if it -is- or is -not- a virus or malware. I am sick of this happening. :wacko::excl:

  11. many things have happened to my computer since I did a clean install.

    *was unable to delete a partition(my D drive had a partition I wanted to delete because I had WD Acronis installed and had transferred my partition to my (current) c drive.

    *malwarebytes anti-malware would not let me enable "website blocking" and would inadvertantly turn off when I was able to enable it.

    *Kaspersky wouldn't update after I ran windows update(I always update it and run a virus scan before rebooting to scan new updates for viruses/imalware)

    *Malwarebytes anti-malware refused to load after windows update and installing internet explorer 8

    *when I rebooted after installing internet explorer 8, windows hung on my desktop with no icons and and a message on the left top corner of the screen said "loading personal settings" when I haven't set up internet explorer. the only user on my PC is me and no one else!

    computer is slow to on start up and Kaspersky takes 2 or more minutes to load into task bar.

    *Malwarebytes anti-malware is slow to start when I want to open it to do a manual scan

    *computer generally slow, internet explorer 8 slow to open, takes nearly a minute for browser to pop up.

    *windows update site slow to load.

    Sorry! First time on this forum, I misinterpeted the instructions, only human.

    I'll post the dds and attach.txt here:

    DDS (Ver_2012-11-20.01) - NTFS_x86

    Internet Explorer: 8.0.6001.18702

    Run by matolis at 11:28:13 on 2013-03-08

    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1398 [GMT -6:00]

    .

    AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

    FW: Kaspersky Internet Security *Enabled*

    .

    ============== Running Processes ================

    .

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\Creative\Shared Files\CTAudSvc.exe

    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

    d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

    C:\WINDOWS\CTHELPER.EXE

    C:\WINDOWS\system32\CTXFIHLP.EXE

    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

    d:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    d:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

    d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe

    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs

    C:\WINDOWS\system32\svchost.exe -k NetworkService

    C:\WINDOWS\system32\svchost.exe -k LocalService

    C:\WINDOWS\system32\svchost.exe -k LocalService

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = about:blank

    BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll

    BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll

    BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll

    BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll

    mRun: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack

    mRun: [startCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

    mRun: [CTHelper] CTHELPER.EXE

    mRun: [updReg] c:\windows\UpdReg.EXE

    mRun: [CTxfiHlp] CTXFIHLP.EXE

    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe"

    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

    mPolicies-Explorer: NoDriveTypeAutoRun = dword:28

    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

    IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2013\ie_banner_deny.htm

    IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll

    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll

    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1362745571437

    Notify: AtiExtEvent - Ati2evxx.dll

    Notify: klogon - c:\windows\system32\klogon.dll

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2012-6-19 136024]

    R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2013-3-7 116264]

    R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2013-3-7 77056]

    R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [2013-3-7 83392]

    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2013-3-8 586584]

    R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 43608]

    R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344]

    R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2013\avp.exe [2012-8-17 356376]

    R2 MBAMScheduler;MBAMScheduler;d:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-3-8 398184]

    R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-8 682344]

    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2013-3-8 99856]

    R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]

    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]

    R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]

    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2012-6-27 35672]

    R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-10-25 24408]

    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-10-25 24920]

    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-8 21104]

    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2013-3-8 79360]

    S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-5-5 171096]

    S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-5-5 1324120]

    S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-5-5 72792]

    .

    =============== Created Last 30 ================

    .

    2013-03-08 16:26:20 -------- d-----w- c:\windows\system32\XPSViewer

    2013-03-08 16:25:55 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

    2013-03-08 16:25:55 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

    2013-03-08 16:25:55 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    2013-03-08 16:25:55 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

    2013-03-08 16:25:55 575488 ------w- c:\windows\system32\xpsshhdr.dll

    2013-03-08 16:25:55 117760 ------w- c:\windows\system32\prntvpt.dll

    2013-03-08 16:25:54 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

    2013-03-08 16:25:54 1676288 ------w- c:\windows\system32\xpssvcs.dll

    2013-03-08 14:09:50 -------- d-sh--w- c:\documents and settings\matolis\IECompatCache

    2013-03-08 13:52:48 -------- d-sh--w- c:\documents and settings\matolis\PrivacIE

    2013-03-08 13:46:11 -------- d-sh--w- c:\documents and settings\matolis\IETldCache

    2013-03-08 13:04:39 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

    2013-03-08 13:04:13 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll

    2013-03-08 13:03:55 -------- d-----w- c:\windows\ie8updates

    2013-03-08 13:03:49 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

    2013-03-08 13:03:49 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll

    2013-03-08 13:03:49 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

    2013-03-08 13:03:49 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

    2013-03-08 13:03:49 2004992 -c----w- c:\windows\system32\dllcache\iertutil.dll

    2013-03-08 13:03:49 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

    2013-03-08 13:03:49 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll

    2013-03-08 13:03:09 -------- dc-h--w- c:\windows\ie8

    2013-03-08 12:41:13 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

    2013-03-08 12:41:13 3072 ------w- c:\windows\system32\iacenc.dll

    2013-03-08 12:39:41 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

    2013-03-08 12:33:11 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

    2013-03-08 12:33:10 2193024 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

    2013-03-08 12:33:10 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

    2013-03-08 12:33:05 5120 ----a-w- c:\windows\system32\xpsp4res.dll

    2013-03-08 12:32:32 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

    2013-03-08 12:32:32 272128 ------w- c:\windows\system32\drivers\bthport.sys

    2013-03-08 12:31:35 26144 ----a-w- c:\windows\system32\spupdsvc.exe

    2013-03-08 12:31:35 -------- d-----w- c:\windows\system32\PreInstall

    2013-03-08 12:31:33 -------- d--h--w- c:\windows\$hf_mig$

    2013-03-08 12:26:08 -------- d-sh--w- c:\documents and settings\matolis\UserData

    2013-03-08 12:12:34 -------- d-----w- c:\windows\system32\SoftwareDistribution

    2013-03-08 11:00:41 -------- d-----w- c:\documents and settings\matolis\application data\Malwarebytes

    2013-03-08 11:00:28 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

    2013-03-08 11:00:27 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

    2013-03-08 10:32:07 -------- d-----w- c:\program files\Kaspersky Lab

    2013-03-08 10:32:07 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab

    2013-03-08 10:32:01 74072 ----a-w- c:\windows\system32\drivers\klflt.sys

    2013-03-08 10:19:48 102400 ----a-w- c:\windows\system32\cttele32.dll

    2013-03-08 10:19:43 -------- d-----w- c:\program files\OpenAL

    2013-03-08 10:16:59 22691984 ----a-w- c:\windows\system32\AppSetup.exe

    2013-03-08 10:16:24 -------- d-----w- c:\program files\common files\Creative Labs Shared

    2013-03-08 10:06:37 7062 ----a-w- c:\windows\system32\audiopid.vxd

    2013-03-08 10:06:27 647872 ------w- c:\windows\system32\Mscomct2.ocx

    2013-03-08 10:06:27 41984 ------w- c:\windows\Ctregrun.exe

    2013-03-08 10:06:11 90112 ------w- c:\windows\Updreg.EXE

    2013-03-08 10:05:42 445016 ----a-w- c:\windows\system32\wrap_oal.dll

    2013-03-08 10:05:42 109144 ----a-w- c:\windows\system32\OpenAL32.dll

    2013-03-08 10:05:12 10240 ----a-w- c:\windows\CTDCRES.DLL

    2013-03-08 10:05:12 -------- d-----w- c:\windows\system32\Data

    2013-03-08 10:04:53 -------- d-----w- c:\program files\Creative

    2013-03-08 10:03:55 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll

    2013-03-08 10:03:55 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll

    2013-03-08 10:03:55 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe

    2013-03-08 10:03:55 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll

    2013-03-08 10:03:55 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll

    2013-03-08 10:03:55 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll

    2013-03-08 10:03:54 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll

    2013-03-08 10:03:54 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll

    2013-03-08 09:53:42 -------- d-----w- c:\documents and settings\matolis\local settings\application data\ATI

    2013-03-08 09:52:04 6272 -c--a-w- c:\windows\system32\dllcache\splitter.sys

    2013-03-08 09:52:04 6272 ----a-w- c:\windows\system32\drivers\splitter.sys

    2013-03-08 09:52:03 83072 -c--a-w- c:\windows\system32\dllcache\wdmaud.sys

    2013-03-08 09:52:03 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys

    2013-03-08 09:52:02 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys

    2013-03-08 09:52:02 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys

    2013-03-08 09:52:01 56576 -c--a-w- c:\windows\system32\dllcache\swmidi.sys

    2013-03-08 09:52:01 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys

    2013-03-08 09:52:00 142592 -c--a-w- c:\windows\system32\dllcache\aec.sys

    2013-03-08 09:52:00 142592 ----a-w- c:\windows\system32\drivers\aec.sys

    2013-03-08 09:34:46 -------- d-----w- c:\documents and settings\matolis\local settings\application data\ApplicationHistory

    2013-03-08 09:34:09 -------- d-----w- c:\windows\system32\URTTemp

    2013-03-08 09:19:54 -------- d-----w- c:\windows\system32\appmgmt

    2013-03-08 05:04:55 83392 ----a-w- c:\windows\system32\drivers\vsflt53.sys

    2013-03-08 05:04:55 601408 ----a-w- c:\windows\system32\drivers\timntr.sys

    2013-03-08 05:04:55 125472 ----a-w- c:\windows\system32\drivers\vididr.sys

    2013-03-08 05:01:54 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

    2013-03-08 05:00:18 77056 ----a-r- c:\windows\system32\drivers\viasraid.sys

    .

    ==================== Find3M ====================

    .

    2013-03-08 11:25:46 43608 ----a-w- c:\windows\system32\drivers\kltdi.sys

    2013-03-08 09:51:44 0 ----a-w- c:\windows\ativpsrm.bin

    2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll

    2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe

    2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe

    2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys

    2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax

    2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll

    2012-12-27 10:24:19 81920 ------w- c:\windows\system32\ieencode.dll

    2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll

    2012-12-26 20:16:28 43520 ------w- c:\windows\system32\licmgr10.dll

    2012-12-26 20:16:28 1469440 ------w- c:\windows\system32\inetcpl.cpl

    2012-12-24 06:40:59 385024 ------w- c:\windows\system32\html.iec

    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll

    .

    =================== ROOTKIT ====================

    .

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

    Windows 5.1.2600 Disk: SiI_____ rev.1100 -> Harddisk1\DR1 -> \Device\Scsi\UlSata1Port2Path0Target0Lun0

    .

    device: opened successfully

    user: MBR read successfully

    .

    Disk trace:

    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys vsflt53.sys hal.dll SCSIPORT.SYS SI3112r.sys

    c:\windows\system32\drivers\vsflt53.sys Acronis Acronis Virtual Disk

    c:\windows\system32\drivers\SI3112r.sys Silicon Image, Inc Medley

    1 ntkrnlpa!IofCallDriver[0x804EE190] -> \Device\Harddisk1\DR1[0x8A603AB8]

    3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EE190] -> [0x8A693648]

    5 vsflt53[0xB9F60C2B] -> ntkrnlpa!IofCallDriver[0x804EE190] -> \Device\Scsi\SI3112r1Port3Path0Target0Lun0[0x8A637A38]

    kernel: MBR read successfully

    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

    user != kernel MBR !!!

    sectors 586088446 (+255): user != kernel

    .

    ============= FINISH: 11:29:01.10 ===============

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2012-11-20.01)

    .

    Microsoft Windows XP Professional

    Boot Device: \Device\HarddiskVolume2

    Install Date: 3/7/2013 10:46:52 PM

    System Uptime: 3/8/2013 11:17:26 AM (0 hours ago)

    .

    Motherboard: ASUSTeK Computer Inc. | | K8V

    Processor: AMD Athlon 64 Processor 3200+ | Socket 754 | 2002/200mhz

    .

    ==== Disk Partitions =========================

    .

    A: is Removable

    C: is FIXED (NTFS) - 279 GiB total, 272.893 GiB free.

    D: is FIXED (NTFS) - 932 GiB total, 930.62 GiB free.

    E: is CDROM ()

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    No restore point in system.

    .

    ==== Installed Programs ======================

    .

    AMD Catalyst Install Manager

    Catalyst Control Center

    Catalyst Control Center - Branding

    Catalyst Control Center Graphics Previews Common

    Catalyst Control Center InstallProxy

    Catalyst Control Center Localization All

    ccc-utility

    CCC Help Chinese Standard

    CCC Help Chinese Traditional

    CCC Help Czech

    CCC Help Danish

    CCC Help Dutch

    CCC Help English

    CCC Help Finnish

    CCC Help French

    CCC Help German

    CCC Help Greek

    CCC Help Hungarian

    CCC Help Italian

    CCC Help Japanese

    CCC Help Korean

    CCC Help Norwegian

    CCC Help Polish

    CCC Help Portuguese

    CCC Help Russian

    CCC Help Spanish

    CCC Help Swedish

    CCC Help Thai

    CCC Help Turkish

    Creative Audio Control Panel

    Creative Console Launcher

    Creative Software AutoUpdate

    Creative System Information

    Creative WaveStudio 7

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

    Hotfix for Windows XP (KB2779562)

    Hotfix for Windows XP (KB952287)

    Hotfix for Windows XP (KB954550-v5)

    Kaspersky Internet Security 2013

    Malwarebytes Anti-Malware version 1.70.0.1100

    Microsoft .NET Framework 1.1

    Microsoft .NET Framework 1.1 Security Update (KB2742597)

    Microsoft .NET Framework 2.0 Service Pack 2

    Microsoft .NET Framework 3.0 Service Pack 2

    Microsoft .NET Framework 3.5 SP1

    OpenAL

    Security Update for Microsoft Windows (KB2564958)

    Security Update for Windows Internet Explorer 8 (KB2510531)

    Security Update for Windows Internet Explorer 8 (KB2618444)

    Security Update for Windows Internet Explorer 8 (KB2744842)

    Security Update for Windows Internet Explorer 8 (KB2792100)

    Security Update for Windows Internet Explorer 8 (KB2797052)

    Security Update for Windows Internet Explorer 8 (KB982381)

    Security Update for Windows Media Player (KB2378111)

    Security Update for Windows Media Player (KB952069)

    Security Update for Windows Media Player (KB954155)

    Security Update for Windows Media Player (KB973540)

    Security Update for Windows Media Player (KB975558)

    Security Update for Windows Media Player (KB978695)

    Security Update for Windows XP (KB2115168)

    Security Update for Windows XP (KB2229593)

    Security Update for Windows XP (KB2296011)

    Security Update for Windows XP (KB2347290)

    Security Update for Windows XP (KB2360937)

    Security Update for Windows XP (KB2387149)

    Security Update for Windows XP (KB2393802)

    Security Update for Windows XP (KB2419632)

    Security Update for Windows XP (KB2423089)

    Security Update for Windows XP (KB2440591)

    Security Update for Windows XP (KB2443105)

    Security Update for Windows XP (KB2478960)

    Security Update for Windows XP (KB2478971)

    Security Update for Windows XP (KB2479943)

    Security Update for Windows XP (KB2481109)

    Security Update for Windows XP (KB2483185)

    Security Update for Windows XP (KB2485663)

    Security Update for Windows XP (KB2506212)

    Security Update for Windows XP (KB2507938)

    Security Update for Windows XP (KB2508429)

    Security Update for Windows XP (KB2509553)

    Security Update for Windows XP (KB2510581)

    Security Update for Windows XP (KB2535512)

    Security Update for Windows XP (KB2536276-v2)

    Security Update for Windows XP (KB2544893-v2)

    Security Update for Windows XP (KB2566454)

    Security Update for Windows XP (KB2570947)

    Security Update for Windows XP (KB2584146)

    Security Update for Windows XP (KB2585542)

    Security Update for Windows XP (KB2592799)

    Security Update for Windows XP (KB2598479)

    Security Update for Windows XP (KB2603381)

    Security Update for Windows XP (KB2618451)

    Security Update for Windows XP (KB2619339)

    Security Update for Windows XP (KB2620712)

    Security Update for Windows XP (KB2624667)

    Security Update for Windows XP (KB2631813)

    Security Update for Windows XP (KB2646524)

    Security Update for Windows XP (KB2653956)

    Security Update for Windows XP (KB2655992)

    Security Update for Windows XP (KB2659262)

    Security Update for Windows XP (KB2661637)

    Security Update for Windows XP (KB2676562)

    Security Update for Windows XP (KB2686509)

    Security Update for Windows XP (KB2691442)

    Security Update for Windows XP (KB2698365)

    Security Update for Windows XP (KB2705219-v2)

    Security Update for Windows XP (KB2712808)

    Security Update for Windows XP (KB2719985)

    Security Update for Windows XP (KB2723135-v2)

    Security Update for Windows XP (KB2727528)

    Security Update for Windows XP (KB2753842-v2)

    Security Update for Windows XP (KB2757638)

    Security Update for Windows XP (KB2758857)

    Security Update for Windows XP (KB2770660)

    Security Update for Windows XP (KB2778344)

    Security Update for Windows XP (KB2780091)

    Security Update for Windows XP (KB2792100)

    Security Update for Windows XP (KB2797052)

    Security Update for Windows XP (KB2799494)

    Security Update for Windows XP (KB2802968)

    Security Update for Windows XP (KB923561)

    Security Update for Windows XP (KB923789)

    Security Update for Windows XP (KB946648)

    Security Update for Windows XP (KB950762)

    Security Update for Windows XP (KB950974)

    Security Update for Windows XP (KB951376-v2)

    Security Update for Windows XP (KB952004)

    Security Update for Windows XP (KB952954)

    Security Update for Windows XP (KB956572)

    Security Update for Windows XP (KB956744)

    Security Update for Windows XP (KB956802)

    Security Update for Windows XP (KB956844)

    Security Update for Windows XP (KB959426)

    Security Update for Windows XP (KB960803)

    Security Update for Windows XP (KB960859)

    Security Update for Windows XP (KB969059)

    Security Update for Windows XP (KB970430)

    Security Update for Windows XP (KB971657)

    Security Update for Windows XP (KB972270)

    Security Update for Windows XP (KB973507)

    Security Update for Windows XP (KB973869)

    Security Update for Windows XP (KB973904)

    Security Update for Windows XP (KB974112)

    Security Update for Windows XP (KB974318)

    Security Update for Windows XP (KB974392)

    Security Update for Windows XP (KB974571)

    Security Update for Windows XP (KB975025)

    Security Update for Windows XP (KB975467)

    Security Update for Windows XP (KB975560)

    Security Update for Windows XP (KB975713)

    Security Update for Windows XP (KB977816)

    Security Update for Windows XP (KB977914)

    Security Update for Windows XP (KB978338)

    Security Update for Windows XP (KB978542)

    Security Update for Windows XP (KB978706)

    Security Update for Windows XP (KB979309)

    Security Update for Windows XP (KB979482)

    Security Update for Windows XP (KB979687)

    Security Update for Windows XP (KB981322)

    Security Update for Windows XP (KB981997)

    Security Update for Windows XP (KB982132)

    Security Update for Windows XP (KB982665)

    Sound Blaster X-Fi

    Update for Windows Internet Explorer 8 (KB2598845)

    Update for Windows XP (KB2345886)

    Update for Windows XP (KB2467659)

    Update for Windows XP (KB2661254-v2)

    Update for Windows XP (KB2736233)

    Update for Windows XP (KB2749655)

    Update for Windows XP (KB898461)

    Update for Windows XP (KB951978)

    Update for Windows XP (KB968389)

    Update for Windows XP (KB971029)

    Update for Windows XP (KB973815)

    WebFldrs XP

    Windows Genuine Advantage Notifications (KB905474)

    Windows Genuine Advantage Validation Tool (KB892130)

    Windows Internet Explorer 8

    .

    ==== Event Viewer Messages From Past Week ========

    .

    3/8/2013 4:05:40 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file a3d.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 80.0.0.3, the version of the system file is 2.9.0.0.

    3/7/2013 11:52:59 PM, error: Distributed Link Tracking Client [12507] - The volume ID for D: has been reset, since it was a duplicate of that on C:. This volume ID is used by Distributed Link Tracking to automatically repair file links, such as Shell Shortcuts and OLE links, when for some reason those links become broken.

    .

    ==== End Of File ===========================

    attach.txt

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.