mustfirst

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01 (ATTENTION: ====> FRST version is 8 days old and could be outdated) Ran by Plating (administrator) on PLATING-PC on 19-05-2014 22:44:16 Running from C:\Users\Plating\Desktop Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\psksvc.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\TPSrvWow.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Panda Security) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\WebProxy.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.PRD2012\MSSQL\Binn\sqlservr.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PsCtrlS.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PavFnSvr.exe (Panda Security, S.L.) C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\pavsrvx86.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\AVENGINE.EXE (Panda Security S.L.) C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PsImSvc.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.PRD2012\MSSQL\Binn\fdlauncher.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.PRD2012\MSSQL\Binn\fdhost.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\iWrap.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes Corporation ) C:\Users\Plating\Downloads\mbam-setup-2.0.1.1004.exe () C:\Users\Plating\AppData\Local\Temp\is-1H47E.tmp\mbam-setup-2.0.1.1004.tmp (Malwarebytes Corporation ) C:\Users\Plating\Downloads\mbam-setup-2.0.1.1004.exe () C:\Users\Plating\AppData\Local\Temp\is-T80MQ.tmp\mbam-setup-2.0.1.1004.tmp ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [APVXDWIN] => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\APVXDWIN.EXE [1062880 2013-09-30] (Panda Security, S.L.) HKLM-x32\...\Run: [sCANINICIO] => C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\Inicio.exe [71648 2013-09-30] (Panda Security, S.L.) Winlogon\Notify\avldr: C:\Windows\system32\avldr64.dll (On-Access Anti-Malware Scanner Sync) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1000836758-3836644389-1698870471-1000\...\Run: [uTorrent] => C:\Users\Plating\AppData\Roaming\uTorrent\uTorrent.exe [1268560 2014-05-09] (BitTorrent Inc.) HKU\S-1-5-21-1000836758-3836644389-1698870471-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) HKU\S-1-5-21-1000836758-3836644389-1698870471-1000\...\Run: [DellSystemDetect] => C:\Users\Plating\AppData\Local\Apps\2.0\HRQL2W32.42J\8HV2DNAT.GV8\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-05-17] (Dell) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEC83E669BEFDCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = SearchScopes: HKCU - DefaultScope {CBFA9CFB-BC8C-4547-A0D0-B5D8BE55507C} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites04_14_17_ch&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CtAzy0AtBtA0F0FtBzytN0D0Tzu0SzzyEzztN1L2XzutBtFtBtDtFyDtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDzz0AtC0CyB0EzytGyBtAtBtAtGtDzytBtAtG0F0FzytAtGtAyEyEtDyEyB0DtD0Dzyzyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzz0CyCyDzyyD0FtG0BtC0EtCtG0A0CtD0EtG0E0DyE0AtGyD0FtB0ByByCyByEyEzytAtA2Q&cr=327136600&ir= SearchScopes: HKCU - {CBFA9CFB-BC8C-4547-A0D0-B5D8BE55507C} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites04_14_17_ch&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CtAzy0AtBtA0F0FtBzytN0D0Tzu0SzzyEzztN1L2XzutBtFtBtDtFyDtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDzz0AtC0CyB0EzytGyBtAtBtAtGtDzytBtAtG0F0FzytAtGtAyEyEtDyEyB0DtD0Dzyzyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzz0CyCyDzyyD0FtG0BtC0EtCtG0A0CtD0EtG0E0DyE0AtGyD0FtB0ByByCyByEyEzytAtA2Q&cr=327136600&ir= BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9 FireFox: ======== FF ProfilePath: C:\Users\Plating\AppData\Roaming\Mozilla\Firefox\Profiles\k7jhdccg.default FF user.js: detected! => C:\Users\Plating\AppData\Roaming\Mozilla\Firefox\Profiles\k7jhdccg.default\user.js FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Extension: MySearchDial NewTab - C:\Users\Plating\AppData\Roaming\Mozilla\Firefox\Profiles\k7jhdccg.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2014-05-19] Chrome: ======= CHR HomePage: hxxp://vancouver.en.craigslist.ca/ CHR StartupUrls: "hxxp://start.mysearchdial.com/?f=1&a=dsites04_14_17_ch&cd=2XzuyEtN2Y1L1QzuzzyEzz0FyCzy0CtAzy0AtBtA0F0FtBzytN0D0Tzu0SzzyEzztN1L2XzutBtFtBtDtFyDtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDzz0AtC0CyB0EzytGyBtAtBtAtGtDzytBtAtG0F0FzytAtGtAyEyEtDyEyB0DtD0Dzyzyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzz0CyCyDzyyD0FtG0BtC0EtCtG0A0CtD0EtG0E0DyE0AtGyD0FtB0ByByCyByEyEzytAtA2Q&cr=327136600&ir=", "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP" CHR Extension: (Google Docs) - C:\Users\Plating\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-20] CHR Extension: (Google Drive) - C:\Users\Plating\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-20] CHR Extension: (YouTube) - C:\Users\Plating\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-20] CHR Extension: (Google Search) - C:\Users\Plating\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-20] CHR Extension: (Motorola Connect) - C:\Users\Plating\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigmoblgooahdmdibodmcnffgnejlndh [2014-05-13] CHR Extension: (Google Wallet) - C:\Users\Plating\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-20] CHR Extension: (Gmail) - C:\Users\Plating\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-20] ==================== Services (Whitelisted) ================= S3 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218040 2012-06-12] (Microsoft Corporation) R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL11.PRD2012\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation) R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.PRD2012\MSSQL\Binn\sqlservr.exe [190904 2012-06-12] (Microsoft Corporation) S3 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS11.PRD2012\OLAP\bin\msmdsrv.exe [61538744 2012-06-12] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] () R2 Panda Software Controller; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PsCtrls.exe [177440 2012-11-19] (Panda Security, S.L.) R2 PAVFNSVR; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PavFnSvr.exe [202016 2012-09-21] (Panda Security, S.L.) R2 PavPrSrv; C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe [62768 2008-02-04] (Panda Security, S.L.) R2 PAVSRV; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\pavsrvx86.exe [313664 2011-04-13] (Panda Security, S.L.) R2 PSIMSVC; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PsImSvc.exe [108288 2008-06-19] (Panda Security S.L.) R2 PskSvcRetail; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\PskSvc.exe [28992 2010-08-16] (Panda Security, S.L.) S3 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS11.PRD2012\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2348472 2012-06-12] (Microsoft Corporation) S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [137304 2012-02-11] (Microsoft Corporation) S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [342104 2012-02-11] (Microsoft Corporation) S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.PRD2012\MSSQL\Binn\SQLAGENT.EXE [608696 2012-06-12] (Microsoft Corporation) R2 TPSrv; C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\TPSrvWow.exe [173816 2014-02-25] (Panda Security, S.L.) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== R2 AmFSM; C:\Windows\System32\DRIVERS\amm6460.sys [71432 2012-03-26] (Panda Security, S.L.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-28] (Disc Soft Ltd) R0 pavboot; C:\Windows\System32\Drivers\pavboot64.sys [30792 2010-06-22] (Panda Security, S.L.) S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation) R1 ShldFlt; C:\Windows\System32\DRIVERS\ShldFlt.sys [48136 2009-10-27] (Panda Security, S.L.) S3 lmimirr; system32\DRIVERS\lmimirr.sys [X] R3 PavTPK.sys; \??\C:\Windows\system32\PavTPK.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-19 22:44 - 2014-05-19 22:44 - 00016158 _____ () C:\Users\Plating\Desktop\FRST.txt 2014-05-19 22:44 - 2014-05-19 22:44 - 00000000 ____D () C:\FRST 2014-05-19 22:43 - 2014-05-19 22:43 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-19 22:43 - 2014-05-19 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-19 22:43 - 2014-05-19 22:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-05-19 22:43 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-19 22:43 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-19 22:43 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-19 22:42 - 2014-05-19 22:42 - 02067456 _____ (Farbar) C:\Users\Plating\Downloads\FRST64 (1).exe 2014-05-19 22:41 - 2014-05-19 22:42 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Plating\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-19 19:55 - 2014-05-19 19:55 - 00418424 _____ () C:\Users\Plating\Downloads\Player Setup.exe 2014-05-19 19:30 - 2014-05-19 19:30 - 00942528 _____ () C:\Users\Plating\Downloads\setup.exe 2014-05-18 21:10 - 2014-05-18 21:10 - 00335728 _____ (Excellent4App) C:\Users\Plating\Downloads\Alexis y Fido - Contestame El Telefono (feat Flex).exe 2014-05-18 21:08 - 2014-05-18 21:08 - 00335792 _____ (Excellent4App) C:\Users\Plating\Downloads\Alexis Fido Feat Flex - Contestame el telefono alexis y fido feat flex.exe 2014-05-17 01:15 - 2014-05-17 01:15 - 00000000 ____D () C:\Windows\LastGood 2014-05-17 01:15 - 2011-08-23 21:57 - 00565352 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys 2014-05-17 01:15 - 2011-08-23 21:57 - 00074272 _____ () C:\Windows\system32\RtNicProp64.dll 2014-05-17 01:14 - 2014-05-17 01:14 - 05848248 _____ () C:\Users\Plating\Downloads\LOM_Realtek_W7_A03_Setup-X4R87_ZPE.exe 2014-05-17 01:14 - 2014-05-17 01:14 - 02701696 _____ () C:\Users\Plating\Downloads\R292605.exe 2014-05-17 01:09 - 2014-05-17 01:09 - 00417872 _____ () C:\Users\Plating\Downloads\DellSystemDetect.exe 2014-05-16 01:40 - 2014-05-16 01:46 - 00000000 ____D () C:\ProgramData\VCE Exam Simulator 2014-05-16 01:40 - 2014-05-16 01:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VCE Exam Simulator Demo 2014-05-16 01:40 - 2014-05-16 01:40 - 00000000 ____D () C:\Program Files (x86)\VCE Exam Simulator Demo 2014-05-16 01:38 - 2014-05-16 01:39 - 14800237 _____ () C:\Users\Plating\Downloads\vce_exam_simulator_demo_setup (1).zip 2014-05-16 01:35 - 2014-05-16 01:36 - 14804014 _____ () C:\Users\Plating\Downloads\vce_exam_simulator_demo_setup.zip 2014-05-16 01:34 - 2014-05-16 01:34 - 00649664 _____ (Visual CertExam Software ) C:\Users\Plating\Downloads\vce_converter_setup.exe 2014-05-16 01:32 - 2014-05-16 01:32 - 00000000 ____D () C:\Users\Plating\AppData\Roaming\IsolatedStorage 2014-05-16 01:32 - 2014-05-16 01:32 - 00000000 ____D () C:\Users\Plating\AppData\Local\FileViewPro 2014-05-16 01:32 - 2014-05-16 01:32 - 00000000 ____D () C:\ProgramData\IsolatedStorage 2014-05-16 01:29 - 2014-05-16 01:32 - 00000000 ____D () C:\Program Files\FileViewPro 2014-05-16 01:24 - 2014-05-16 01:24 - 02388400 _____ () C:\Users\Plating\Downloads\FileViewPro_2014.exe 2014-05-16 01:24 - 2014-05-16 01:24 - 00000000 ____D () C:\Spacekace 2014-05-16 01:23 - 2014-05-16 01:23 - 00000000 ____D () C:\Windows\SysWOW64\WinNTDlls 2014-05-16 01:23 - 2014-05-16 01:23 - 00000000 ____D () C:\Windows\SysWOW64\Win98Dlls 2014-05-16 01:23 - 2014-05-16 01:23 - 00000000 ____D () C:\Users\Plating\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Press Training Kit Exam Prep 2014-05-16 01:23 - 2014-05-16 01:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Press Training Kit Exam Prep 2014-05-16 01:22 - 2014-05-16 01:22 - 01395271 _____ () C:\Users\Plating\Downloads\Microsoft.Braindump2go.70-462.v2013-08-12.by.Raman.90q.vce 2014-05-15 23:15 - 2014-05-15 23:15 - 00000000 ____D () C:\ProgramData\Panda Software 2014-05-15 20:39 - 2014-05-15 20:45 - 155611589 _____ () C:\Users\Plating\Downloads\How To Kiss a Girl You Just Met (w_ Live Footage!).mp4 2014-05-15 19:22 - 2014-05-15 19:23 - 00250152 _____ (Premium Installer ) C:\Users\Plating\Downloads\Player-Chrome.exe 2014-05-13 21:18 - 2014-05-13 21:18 - 02066944 _____ (Farbar) C:\Users\Plating\Desktop\FRST64.exe 2014-05-13 20:48 - 2014-05-15 23:18 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-13 20:48 - 2014-05-13 20:48 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-13 20:13 - 2014-05-05 21:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-13 20:13 - 2014-05-05 21:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-13 20:13 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-13 20:13 - 2014-05-05 20:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-13 20:13 - 2014-05-05 20:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-13 20:13 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-13 20:06 - 2014-05-08 23:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-13 20:06 - 2014-05-08 23:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-13 20:06 - 2014-04-11 19:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-13 20:06 - 2014-04-11 19:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-13 20:06 - 2014-04-11 19:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-13 20:06 - 2014-04-11 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-13 20:06 - 2014-04-11 19:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-13 20:06 - 2014-04-11 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-13 20:06 - 2014-04-11 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-13 20:06 - 2014-04-11 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-13 20:06 - 2014-04-11 19:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-13 20:06 - 2014-03-24 19:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-13 20:06 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-13 20:06 - 2014-03-04 02:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-13 20:06 - 2014-03-04 02:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-13 20:06 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-13 20:06 - 2014-03-04 02:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-13 20:06 - 2014-03-04 02:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-13 20:06 - 2014-03-04 02:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-13 20:06 - 2014-03-04 02:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-13 20:06 - 2014-03-04 02:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-13 20:06 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-13 20:06 - 2014-03-04 02:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-13 20:06 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-13 20:06 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-13 20:06 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-13 20:06 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-13 20:06 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-13 20:06 - 2014-03-04 02:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-13 20:06 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-13 20:06 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-13 20:06 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-13 20:06 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-13 20:06 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-13 20:06 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-13 20:06 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-13 20:06 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-13 20:06 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-13 20:06 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-13 20:06 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-13 20:06 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-13 20:06 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-13 20:06 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-13 20:06 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-13 20:06 - 2014-03-04 02:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-13 00:01 - 2014-05-13 00:01 - 00000000 ____D () C:\Users\Plating\AppData\Local\VS Revo Group 2014-05-13 00:01 - 2014-05-13 00:01 - 00000000 ____D () C:\ProgramData\VS Revo Group 2014-05-13 00:01 - 2014-05-13 00:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2014-05-13 00:01 - 2014-05-13 00:01 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-05-13 00:01 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys 2014-05-12 20:35 - 2014-05-12 20:35 - 00003256 _____ () C:\Windows\System32\Tasks\{3F471AAD-0E5F-44AC-9285-AAA7A57B001B} 2014-05-12 20:33 - 2014-05-12 20:33 - 00000000 ____D () C:\Program Files (x86)\ManageEngine 2014-05-10 12:24 - 2014-05-10 12:24 - 00000146 _____ () C:\Users\Plating\Desktop\paris.txt 2014-05-08 22:02 - 2014-05-08 22:03 - 00000128 _____ () C:\Users\Plating\Desktop\yo soy.txt 2014-05-08 21:38 - 2014-05-08 21:38 - 00000000 ____D () C:\Panda Software 2014-05-06 22:00 - 2014-05-13 20:18 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-03 11:04 - 2013-10-01 04:40 - 00197600 _____ (Panda Security) C:\Windows\system32\PavTrc64.dll 2014-05-03 11:04 - 2013-09-12 09:15 - 00153568 _____ (Panda Security) C:\Windows\SysWOW64\PavTrc.dll 2014-05-03 11:04 - 2012-04-04 08:00 - 00269312 _____ (Panda Security) C:\Windows\system32\WPApi64.dll 2014-05-03 11:04 - 2012-04-04 08:00 - 00177664 _____ (Panda Security) C:\Windows\SysWOW64\WPApi.dll 2014-05-02 23:29 - 2014-05-18 11:30 - 00008627 _____ () C:\Windows\SysWOW64\PAV_FOG.OPC 2014-05-02 23:12 - 2014-05-02 23:12 - 00000000 ____D () C:\Users\Plating\AppData\Local\Panda Security 2014-05-02 23:11 - 2014-05-02 23:11 - 00000262 _____ () C:\Windows\system32\PavCPL64.dat 2014-05-02 23:11 - 2014-05-02 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Antivirus Pro 2014 2014-05-02 23:11 - 2010-06-22 18:20 - 00030792 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\pavboot64.sys 2014-05-02 23:11 - 2007-03-15 19:38 - 00046640 _____ (Panda Software) C:\Windows\system32\pavcpl64.cpl 2014-05-02 23:10 - 2014-05-12 23:06 - 00000000 ____D () C:\Program Files (x86)\Panda Security 2014-05-02 23:10 - 2014-05-02 23:10 - 00000000 ____D () C:\Windows\SysWOW64\PAV 2014-05-02 23:10 - 2014-05-02 23:10 - 00000000 ____D () C:\Users\Plating\AppData\Roaming\Panda Security 2014-05-02 23:10 - 2014-05-02 23:10 - 00000000 ____D () C:\ProgramData\Panda Security 2014-05-02 23:10 - 2014-03-20 02:29 - 00120056 _____ (Panda Security, S.L.) C:\Windows\system32\PavLspHook64.dll 2014-05-02 23:10 - 2014-03-20 02:29 - 00089336 _____ (Panda Security, S.L.) C:\Windows\SysWOW64\PavLspHookWow.dll 2014-05-02 23:10 - 2014-02-25 03:59 - 00838392 _____ (Panda Security, S.L.) C:\Windows\system32\PavSHook64.dll 2014-05-02 23:10 - 2014-02-25 03:59 - 00545528 _____ (Panda Security, S.L.) C:\Windows\SysWOW64\PavSHookWow.dll 2014-05-02 23:10 - 2014-02-25 03:59 - 00269560 _____ (Panda Security, S.L.) C:\Windows\system32\sysHelper64.dll 2014-05-02 23:10 - 2014-02-25 03:59 - 00213752 _____ (Panda Security, S.L.) C:\Windows\SysWOW64\sysHelper32.dll 2014-05-02 23:10 - 2012-03-26 18:57 - 00071432 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\amm6460.sys 2014-05-02 23:10 - 2010-06-21 17:02 - 00323392 _____ (Panda Security, S.L.) C:\Windows\system32\TpUtil64.dll 2014-05-02 23:10 - 2010-06-21 17:02 - 00202048 _____ (Panda Security, S.L.) C:\Windows\SysWOW64\TpUtilWow.dll 2014-05-02 23:10 - 2010-06-21 17:01 - 00090944 _____ (Panda Security, S.L.) C:\Windows\system32\PavIpc64.dll 2014-05-02 23:10 - 2010-06-21 17:01 - 00066880 _____ (Panda Security, S.L.) C:\Windows\SysWOW64\PavIpcWow.dll 2014-05-02 23:10 - 2010-03-24 12:56 - 00064768 _____ (On-Access Anti-Malware Scanner Sync) C:\Windows\system32\avldr64.dll 2014-05-02 23:10 - 2009-10-27 12:07 - 00048136 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\ShldFlt.sys 2014-05-02 23:10 - 2003-10-22 18:23 - 00446464 _____ (eHelp Corporation.) C:\Windows\SysWOW64\HHActiveX.dll 2014-05-02 23:06 - 2014-05-02 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-02 23:06 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-05-02 23:06 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-05-02 23:06 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-05-02 23:06 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-05-02 23:05 - 2014-05-02 23:06 - 00004030 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-05-02 22:58 - 2014-05-02 22:58 - 00000260 _____ () C:\Users\Plating\Desktop\house.txt 2014-05-01 22:03 - 2014-05-01 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Capcom 2014-05-01 22:02 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll 2014-05-01 21:57 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2014-05-01 21:57 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2014-05-01 21:57 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll 2014-05-01 21:57 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2014-05-01 21:57 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2014-05-01 21:57 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2014-05-01 21:57 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2014-05-01 21:57 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2014-05-01 21:57 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll 2014-05-01 21:57 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2014-05-01 21:57 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll 2014-05-01 21:57 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2014-05-01 21:57 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll 2014-05-01 21:57 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2014-05-01 21:57 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll 2014-05-01 21:57 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2014-05-01 21:57 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll 2014-05-01 21:45 - 2014-05-01 21:45 - 00000000 ____D () C:\Program Files (x86)\Capcom 2014-05-01 19:30 - 2014-05-01 20:02 - 00001333 _____ () C:\Users\Plating\Desktop\myhouse.html 2014-04-28 21:06 - 2014-04-28 21:06 - 00000012 _____ () C:\Users\Plating\Desktop\chris rego.txt 2014-04-28 00:11 - 2014-04-28 00:17 - 00000525 _____ () C:\Users\Plating\Desktop\MyApproach.txt 2014-04-27 21:03 - 2014-04-27 21:03 - 00000040 _____ () C:\Users\Plating\AppData\Roaming\WB.CFG 2014-04-27 20:06 - 2014-04-27 20:06 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-04-27 20:04 - 2014-04-27 20:04 - 00000000 __SHD () C:\Users\Plating\AppData\Local\EmieUserList 2014-04-27 20:04 - 2014-04-27 20:04 - 00000000 __SHD () C:\Users\Plating\AppData\Local\EmieSiteList 2014-04-27 20:02 - 2014-04-27 23:03 - 00000300 _____ () C:\Windows\Tasks\Digital Sites.job 2014-04-27 20:02 - 2014-04-27 20:03 - 00003248 _____ () C:\Windows\System32\Tasks\Digital Sites 2014-04-27 20:02 - 2014-04-27 20:02 - 00000000 ____D () C:\Users\Plating\AppData\Roaming\WorldofTanks 2014-04-27 20:02 - 2014-04-27 20:02 - 00000000 ____D () C:\Users\Plating\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks551 2014-04-27 20:02 - 2014-04-27 20:02 - 00000000 ____D () C:\Users\Plating\AppData\Roaming\DigitalSites 2014-04-27 20:02 - 2014-04-27 20:02 - 00000000 ____D () C:\Program Files (x86)\Image Converter 2014-04-22 23:58 - 2014-04-23 00:04 - 00000000 ____D () C:\ProgramData\BlueStacksSetup ==================== One Month Modified Files and Folders ======= 2014-05-19 22:44 - 2014-05-19 22:44 - 00016158 _____ () C:\Users\Plating\Desktop\FRST.txt 2014-05-19 22:44 - 2014-05-19 22:44 - 00000000 ____D () C:\FRST 2014-05-19 22:43 - 2014-05-19 22:43 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-19 22:43 - 2014-05-19 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-19 22:43 - 2014-05-19 22:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-05-19 22:42 - 2014-05-19 22:42 - 02067456 _____ (Farbar) C:\Users\Plating\Downloads\FRST64 (1).exe 2014-05-19 22:42 - 2014-05-19 22:41 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Plating\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-19 22:28 - 2013-12-20 13:05 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-19 21:50 - 2013-12-20 12:15 - 01922689 _____ () C:\Windows\WindowsUpdate.log 2014-05-19 21:49 - 2013-12-20 13:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-19 20:53 - 2013-12-20 14:23 - 00000000 ____D () C:\Users\Plating\AppData\Roaming\Skype 2014-05-19 19:55 - 2014-05-19 19:55 - 00418424 _____ () C:\Users\Plating\Downloads\Player Setup.exe 2014-05-19 19:30 - 2014-05-19 19:30 - 00942528 _____ () C:\Users\Plating\Downloads\setup.exe 2014-05-19 12:28 - 2013-12-20 13:05 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-19 11:05 - 2013-12-22 19:16 - 00000000 ____D () C:\Users\Plating\AppData\Roaming\uTorrent 2014-05-18 21:10 - 2014-05-18 21:10 - 00335728 _____ (Excellent4App) C:\Users\Plating\Downloads\Alexis y Fido - Contestame El Telefono (feat Flex).exe 2014-05-18 21:08 - 2014-05-18 21:08 - 00335792 _____ (Excellent4App) C:\Users\Plating\Downloads\Alexis Fido Feat Flex - Contestame el telefono alexis y fido feat flex.exe 2014-05-18 20:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache 2014-05-18 11:30 - 2014-05-02 23:29 - 00008627 _____ () C:\Windows\SysWOW64\PAV_FOG.OPC 2014-05-17 01:15 - 2014-05-17 01:15 - 00000000 ____D () C:\Windows\LastGood 2014-05-17 01:15 - 2013-12-20 13:17 - 00000000 ____D () C:\Program Files (x86)\Realtek 2014-05-17 01:15 - 2013-12-20 12:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-05-17 01:14 - 2014-05-17 01:14 - 05848248 _____ () C:\Users\Plating\Downloads\LOM_Realtek_W7_A03_Setup-X4R87_ZPE.exe 2014-05-17 01:14 - 2014-05-17 01:14 - 02701696 _____ () C:\Users\Plating\Downloads\R292605.exe 2014-05-17 01:09 - 2014-05-17 01:09 - 00417872 _____ () C:\Users\Plating\Downloads\DellSystemDetect.exe 2014-05-17 01:09 - 2013-12-20 13:04 - 00000000 ____D () C:\Users\Plating\AppData\Local\Deployment 2014-05-16 01:53 - 2013-12-22 21:25 - 00000000 ____D () C:\Users\Plating\AppData\Roaming\vlc 2014-05-16 01:46 - 2014-05-16 01:40 - 00000000 ____D () C:\ProgramData\VCE Exam Simulator 2014-05-16 01:40 - 2014-05-16 01:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VCE Exam Simulator Demo 2014-05-16 01:40 - 2014-05-16 01:40 - 00000000 ____D () C:\Program Files (x86)\VCE Exam Simulator Demo 2014-05-16 01:39 - 2014-05-16 01:38 - 14800237 _____ () C:\Users\Plating\Downloads\vce_exam_simulator_demo_setup (1).zip 2014-05-16 01:36 - 2014-05-16 01:35 - 14804014 _____ () C:\Users\Plating\Downloads\vce_exam_simulator_demo_setup.zip 2014-05-16 01:34 - 2014-05-16 01:34 - 00649664 _____ (Visual CertExam Software ) C:\Users\Plating\Downloads\vce_converter_setup.exe 2014-05-16 01:32 - 2014-05-16 01:32 - 00000000 ____D () C:\Users\Plating\AppData\Roaming\IsolatedStorage 2014-05-16 01:32 - 2014-05-16 01:32 - 00000000 ____D () C:\Users\Plating\AppData\Local\FileViewPro 2014-05-16 01:32 - 2014-05-16 01:32 - 00000000 ____D () C:\ProgramData\IsolatedStorage 2014-05-16 01:32 - 2014-05-16 01:29 - 00000000 ____D () C:\Program Files\FileViewPro 2014-05-16 01:24 - 2014-05-16 01:24 - 02388400 _____ () C:\Users\Plating\Downloads\FileViewPro_2014.exe 2014-05-16 01:24 - 2014-05-16 01:24 - 00000000 ____D () C:\Spacekace 2014-05-16 01:24 - 2013-12-20 12:32 - 00000000 ____D () C:\Users\Plating\AppData\Local\VirtualStore 2014-05-16 01:23 - 2014-05-16 01:23 - 00000000 ____D () C:\Windows\SysWOW64\WinNTDlls 2014-05-16 01:23 - 2014-05-16 01:23 - 00000000 ____D () C:\Windows\SysWOW64\Win98Dlls 2014-05-16 01:23 - 2014-05-16 01:23 - 00000000 ____D () C:\Users\Plating\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Press Training Kit Exam Prep 2014-05-16 01:23 - 2014-05-16 01:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Press Training Kit Exam Prep 2014-05-16 01:22 - 2014-05-16 01:22 - 01395271 _____ () C:\Users\Plating\Downloads\Microsoft.Braindump2go.70-462.v2013-08-12.by.Raman.90q.vce 2014-05-15 23:18 - 2014-05-13 20:48 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-15 23:16 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-15 23:16 - 2009-07-13 21:51 - 00031089 _____ () C:\Windows\setupact.log 2014-05-15 23:15 - 2014-05-15 23:15 - 00000000 ____D () C:\ProgramData\Panda Software 2014-05-15 23:15 - 2013-12-20 13:18 - 00479242 _____ () C:\Windows\PFRO.log 2014-05-15 23:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-15 22:51 - 2009-07-13 21:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-15 22:51 - 2009-07-13 21:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-15 20:45 - 2014-05-15 20:39 - 155611589 _____ () C:\Users\Plating\Downloads\How To Kiss a Girl You Just Met (w_ Live Footage!).mp4 2014-05-15 19:23 - 2014-05-15 19:22 - 00250152 _____ (Premium Installer ) C:\Users\Plating\Downloads\Player-Chrome.exe 2014-05-13 22:51 - 2009-07-13 22:13 - 00982274 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-13 21:49 - 2013-12-20 13:07 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-13 21:49 - 2013-12-20 13:07 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-13 21:49 - 2013-12-20 13:07 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-13 21:18 - 2014-05-13 21:18 - 02066944 _____ (Farbar) C:\Users\Plating\Desktop\FRST64.exe 2014-05-13 20:48 - 2014-05-13 20:48 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-13 20:21 - 2014-02-17 00:31 - 00000000 ____D () C:\Users\MSSQLFDLauncher 2014-05-13 20:21 - 2013-12-20 12:32 - 00000000 ___RD () C:\Users\Plating\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-13 20:21 - 2013-12-20 12:32 - 00000000 ___RD () C:\Users\Plating\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-13 20:18 - 2014-05-06 22:00 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-13 20:14 - 2013-12-21 02:35 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-13 20:13 - 2013-12-22 20:20 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-13 20:11 - 2013-12-22 20:20 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-13 00:01 - 2014-05-13 00:01 - 00000000 ____D () C:\Users\Plating\AppData\Local\VS Revo Group 2014-05-13 00:01 - 2014-05-13 00:01 - 00000000 ____D () C:\ProgramData\VS Revo Group 2014-05-13 00:01 - 2014-05-13 00:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2014-05-13 00:01 - 2014-05-13 00:01 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-05-12 23:54 - 2013-12-20 13:05 - 00000000 ____D () C:\Program Files (x86)\Google 2014-05-12 23:08 - 2014-03-02 14:40 - 00000000 ____D () C:\ProgramData\LogMeIn 2014-05-12 23:06 - 2014-05-02 23:10 - 00000000 ____D () C:\Program Files (x86)\Panda Security 2014-05-12 23:06 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-05-12 22:10 - 2014-02-11 01:17 - 00007670 _____ () C:\Users\Plating\AppData\Local\resmon.resmoncfg 2014-05-12 20:35 - 2014-05-12 20:35 - 00003256 _____ () C:\Windows\System32\Tasks\{3F471AAD-0E5F-44AC-9285-AAA7A57B001B} 2014-05-12 20:33 - 2014-05-12 20:33 - 00000000 ____D () C:\Program Files (x86)\ManageEngine 2014-05-10 12:24 - 2014-05-10 12:24 - 00000146 _____ () C:\Users\Plating\Desktop\paris.txt 2014-05-10 12:23 - 2013-12-20 13:05 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-10 12:23 - 2013-12-20 13:05 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-08 23:14 - 2014-05-13 20:06 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-08 23:11 - 2014-05-13 20:06 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 22:03 - 2014-05-08 22:02 - 00000128 _____ () C:\Users\Plating\Desktop\yo soy.txt 2014-05-08 21:38 - 2014-05-08 21:38 - 00000000 ____D () C:\Panda Software 2014-05-05 21:40 - 2014-05-13 20:13 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-05 21:17 - 2014-05-13 20:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-05 20:25 - 2014-05-13 20:13 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-05 20:07 - 2014-05-13 20:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-05 20:00 - 2014-05-13 20:13 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-05 19:10 - 2014-05-13 20:13 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-04 19:20 - 2014-02-17 00:30 - 00000000 ____D () C:\Users\Plating\Documents\SQL Server Management Studio 2014-05-02 23:43 - 2013-12-20 14:17 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-05-02 23:12 - 2014-05-02 23:12 - 00000000 ____D () C:\Users\Plating\AppData\Local\Panda Security 2014-05-02 23:11 - 2014-05-02 23:11 - 00000262 _____ () C:\Windows\system32\PavCPL64.dat 2014-05-02 23:11 - 2014-05-02 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Antivirus Pro 2014 2014-05-02 23:10 - 2014-05-02 23:10 - 00000000 ____D () C:\Windows\SysWOW64\PAV 2014-05-02 23:10 - 2014-05-02 23:10 - 00000000 ____D () C:\Users\Plating\AppData\Roaming\Panda Security 2014-05-02 23:10 - 2014-05-02 23:10 - 00000000 ____D () C:\ProgramData\Panda Security 2014-05-02 23:06 - 2014-05-02 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-02 23:06 - 2014-05-02 23:05 - 00004030 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-05-02 23:06 - 2013-12-29 12:36 - 00000000 ____D () C:\ProgramData\Oracle 2014-05-02 23:06 - 2013-12-29 12:31 - 00000000 ____D () C:\Program Files (x86)\Java 2014-05-02 22:58 - 2014-05-02 22:58 - 00000260 _____ () C:\Users\Plating\Desktop\house.txt 2014-05-01 22:03 - 2014-05-01 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Capcom 2014-05-01 21:57 - 2014-04-06 21:59 - 00001664 _____ () C:\Windows\DirectX.log 2014-05-01 21:45 - 2014-05-01 21:45 - 00000000 ____D () C:\Program Files (x86)\Capcom 2014-05-01 20:02 - 2014-05-01 19:30 - 00001333 _____ () C:\Users\Plating\Desktop\myhouse.html 2014-04-28 21:06 - 2014-04-28 21:06 - 00000012 _____ () C:\Users\Plating\Desktop\chris rego.txt 2014-04-28 00:17 - 2014-04-28 00:11 - 00000525 _____ () C:\Users\Plating\Desktop\MyApproach.txt 2014-04-27 23:03 - 2014-04-27 20:02 - 00000300 _____ () C:\Windows\Tasks\Digital Sites.job 2014-04-27 21:03 - 2014-04-27 21:03 - 00000040 _____ () C:\Users\Plating\AppData\Roaming\WB.CFG 2014-04-27 20:06 - 2014-04-27 20:06 - 00000000 ____D () C:\Windows\system32\appmgmt 2014-04-27 20:06 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Public\Libraries 2014-04-27 20:04 - 2014-04-27 20:04 - 00000000 __SHD () C:\Users\Plating\AppData\Local\EmieUserList 2014-04-27 20:04 - 2014-04-27 20:04 - 00000000 __SHD () C:\Users\Plating\AppData\Local\EmieSiteList 2014-04-27 20:03 - 2014-04-27 20:02 - 00003248 _____ () C:\Windows\System32\Tasks\Digital Sites 2014-04-27 20:02 - 2014-04-27 20:02 - 00000000 ____D () C:\Users\Plating\AppData\Roaming\WorldofTanks 2014-04-27 20:02 - 2014-04-27 20:02 - 00000000 ____D () C:\Users\Plating\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks551 2014-04-27 20:02 - 2014-04-27 20:02 - 00000000 ____D () C:\Users\Plating\AppData\Roaming\DigitalSites 2014-04-27 20:02 - 2014-04-27 20:02 - 00000000 ____D () C:\Program Files (x86)\Image Converter 2014-04-27 19:46 - 2014-04-17 21:41 - 00000008 __RSH () C:\Users\Plating\ntuser.pol 2014-04-27 19:46 - 2013-12-20 12:30 - 00000000 ____D () C:\Users\Plating 2014-04-23 00:04 - 2014-04-22 23:58 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2014-04-20 23:05 - 2014-04-06 21:58 - 00000000 ____D () C:\Users\Plating\AppData\Local\Windows Live Some content of TEMP: ==================== C:\Users\Plating\AppData\Local\Temp\Checkupdate.exe C:\Users\Plating\AppData\Local\Temp\DSETUP.dll C:\Users\Plating\AppData\Local\Temp\dsetup32.dll C:\Users\Plating\AppData\Local\Temp\DXSETUP.exe C:\Users\Plating\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\Plating\AppData\Local\Temp\gcapi_dll.dll C:\Users\Plating\AppData\Local\Temp\gtapi_signed.dll C:\Users\Plating\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Plating\AppData\Local\Temp\ose00000.exe C:\Users\Plating\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\Plating\AppData\Local\Temp\vlc-2.1.3-win32.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2014-05-13 20:06] - [2014-03-04 02:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-11 13:33 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014 01 Ran by Plating at 2014-05-19 22:44:49 Running from C:\Users\Plating\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Panda Antivirus Pro 2014 (Enabled - Up to date) {86971480-9989-6750-B122-681A86518D59} AS: Panda Antivirus Pro 2014 (Enabled - Up to date) {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.) Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) CPUID CPU-Z 1.68 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft) Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.1.1031 - Foxit Corporation) GDR 2218 for SQL Server 2012 (KB2716442) (64-bit) (HKLM\...\KB2716442) (Version: 11.0.2218.0 - Microsoft Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden Intel PROSet Wireless (Version: - ) Hidden Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation) Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation) Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation) Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden Microsoft Press Training Kit Exam Prep Suite 70-462 (HKLM-x32\...\{A37598D0-843F-45DB-A827-0018487065B8}) (Version: 1.0.0 - MeasureUp) Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation) Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation) Microsoft SQL Server 2012 (64-bit) (Version: - ) Hidden Microsoft SQL Server 2012 Data-Tier App Framework (HKLM\...\{A007BD05-ECFD-4F64-89F6-7E95F91F0DFB}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{587F8B5C-D30D-4EEC-849B-FC410EA38AAF}) (Version: 11.0.2218.0 - Microsoft Corporation) Microsoft SQL Server 2012 Policies (HKLM-x32\...\{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 RS Add-in for SharePoint (HKLM\...\{1527F893-FB8F-45D1-8B83-488E9F5C516C}) (Version: 11.0.2218.0 - Microsoft Corporation) Microsoft SQL Server 2012 RsFx Driver (Version: 11.0.2100.60 - Microsoft Corporation) Hidden Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL Compiler Service (HKLM\...\{03A2AE02-CBC9-4746-A376-0F7BF6AF5F39}) (Version: 11.0.2218.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM\...\{CC8B009A-98C9-497F-99AF-CEBE35D8C0CF}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server Data Tools – Database Projects – Web installer entry point (HKLM-x32\...\{F3BBC56F-2282-4464-952F-A89772181F30}) (Version: 10.3.20116.0 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Shell (Integrated) - ENU (HKLM-x32\...\{012D26C3-E12A-3BDA-8ECE-DF14E721A507}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications Design-Time 3.0 (HKLM-x32\...\{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}) (Version: 10.0.40220 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications x64 Runtime 3.0 (HKLM\...\{F14401A9-F0A0-33CC-8444-F60823A60DEB}) (Version: 10.0.40220 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 (HKLM-x32\...\{191A6F65-6878-398D-A272-EF011B80F371}) (Version: 10.0.40220 - Microsoft Corporation) Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Panda Antivirus Pro 2014 (HKLM-x32\...\{E55FB276-73C9-4776-AB53-BC028C0509ED}) (Version: 13.01.01 - Panda Security) Panda Antivirus Pro 2014 (x32 Version: 13.01.01 - Panda Security) Hidden Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Prerequisites for SSDT (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6383 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.) Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) SQL Server 2012 Analysis Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden SQL Server 2012 BI Development Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden SQL Server 2012 Client Tools (Version: 11.0.2100.60 - Microsoft Corporation) Hidden SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden SQL Server 2012 Data quality client (Version: 11.0.2100.60 - Microsoft Corporation) Hidden SQL Server 2012 Data quality service (Version: 11.0.2100.60 - Microsoft Corporation) Hidden SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden SQL Server 2012 Distributed Replay (Version: 11.0.2100.60 - Microsoft Corporation) Hidden SQL Server 2012 Documentation Components (Version: 11.0.2100.60 - Microsoft Corporation) Hidden SQL Server 2012 Full text search (Version: 11.0.2100.60 - Microsoft Corporation) Hidden SQL Server 2012 Integration Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden SQL Server 2012 Master Data Services (Version: 11.0.2218.0 - Microsoft Corporation) Hidden SQL Server 2012 Reporting Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden SQL Server 2012 RS_SharePoint_SharedService (Version: 11.0.2100.60 - Microsoft Corporation) Hidden SQL Server 2012 SQL Data Quality Common (Version: 11.0.2100.60 - Microsoft Corporation) Hidden SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation) Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden Street Fighter X Tekken (HKLM-x32\...\{43430FA5-AF68-4A2D-A7D4-891000008200}) (Version: 1.0.0.0 - CAPCOM U.S.A., INC) Tableau Public 8.1 (32-bit) (HKLM-x32\...\{6D0CF75C-6A46-42B3-A2C6-AEEFA2758981}) (Version: 8.1.1349 - Tableau Software) UltraStar Deluxe (HKLM-x32\...\UltraStar Deluxe) (Version: 1.1 - USDX Team) Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) VCE Exam Simulator Demo (HKLM-x32\...\VCE Exam Simulator Demo_is1) (Version: - Avanset) Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation) VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) ==================== Restore Points ========================= 17-05-2014 08:14:57 Installed Realtek Ethernet Controller Driver ==================== Hosts content: ========================== 2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {203A206E-CD4F-4EE9-AC2E-18F0F622358D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated) Task: {580CE5C5-414B-4D75-8FB7-F250F7F56A09} - System32\Tasks\Digital Sites => C:\Users\Plating\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {5E86DB41-DFF4-47AD-B075-71F0F1F2FC08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-20] (Google Inc.) Task: {60E06BA1-82B1-4199-A769-03C70A64FACC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {B2E08760-0534-4B3C-A4FA-35C64D57148E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-20] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Plating\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2013-12-20 13:17 - 2011-01-18 11:36 - 00182560 _____ () C:\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcc3d64.dll 2014-05-19 22:42 - 2014-05-19 22:42 - 00706560 _____ () C:\Users\Plating\AppData\Local\Temp\is-1H47E.tmp\mbam-setup-2.0.1.1004.tmp 2014-05-19 22:42 - 2014-05-19 22:42 - 00706560 _____ () C:\Users\Plating\AppData\Local\Temp\is-T80MQ.tmp\mbam-setup-2.0.1.1004.tmp 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-05-02 23:11 - 2007-02-14 13:55 - 00165424 _____ () C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\MiniCrypto.dll 2014-05-02 23:11 - 2004-05-19 11:33 - 00507904 _____ () C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\libxml2.dll 2014-05-02 23:11 - 2007-02-14 13:55 - 00099888 _____ () C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2014\APIcr.dll 2014-05-15 19:32 - 2014-05-07 16:29 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll 2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2014-05-15 19:32 - 2014-05-07 16:29 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libglesv2.dll 2014-05-15 19:32 - 2014-05-07 16:29 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libegl.dll 2014-05-15 19:32 - 2014-05-07 16:29 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll 2014-05-15 19:32 - 2014-05-07 16:29 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll 2014-05-15 19:32 - 2014-05-07 16:29 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll 2013-12-29 12:31 - 2014-04-14 20:07 - 00018856 _____ () C:\Program Files (x86)\Java\jre7\bin\jp2native.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail => ""="Service" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: AERTFilters => 2 MSCONFIG\Services: BDESVC => 3 MSCONFIG\Services: Bluetooth Device Monitor => 2 MSCONFIG\Services: Bluetooth Media Service => 3 MSCONFIG\Services: Bluetooth OBEX Service => 2 MSCONFIG\Services: bthserv => 3 MSCONFIG\Services: CertPropSvc => 3 MSCONFIG\Services: CscService => 2 MSCONFIG\Services: EFS => 3 MSCONFIG\Services: Fax => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: MpsSvc => 2 MSCONFIG\Services: MSiSCSI => 3 MSCONFIG\Services: Netlogon => 3 MSCONFIG\Services: RemoteRegistry => 3 MSCONFIG\Services: SCardSvr => 3 MSCONFIG\Services: SCPolicySvc => 3 MSCONFIG\Services: seclogon => 3 MSCONFIG\Services: SessionEnv => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Spooler => 2 MSCONFIG\Services: TabletInputService => 3 MSCONFIG\Services: TermService => 3 MSCONFIG\Services: UmRdpService => 3 MSCONFIG\Services: W32Time => 3 MSCONFIG\Services: WinDefend => 2 MSCONFIG\Services: WPCSvc => 3 MSCONFIG\startupfolder: C:^Users^Plating^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp MSCONFIG\startupreg: DellSystemDetect => C:\Users\Plating\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==================== Faulty Device Manager Devices ============= Name: SM Bus Controller Description: SM Bus Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/19/2014 09:21:54 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Faulting application name: OUTLOOK.EXE, version: 14.0.4734.1000, time stamp: 0x4b58fdfa Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x6d2a0000 Faulting process id: 0x103c Faulting application start time: 0xOUTLOOK.EXE0 Faulting application path: OUTLOOK.EXE1 Faulting module path: OUTLOOK.EXE2 Report Id: OUTLOOK.EXE3 Error: (05/19/2014 09:03:21 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Faulting application name: Skype.exe, version: 6.14.0.104, time stamp: 0x52f90e3e Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x6eab0000 Faulting process id: 0x5d4 Faulting application start time: 0xSkype.exe0 Faulting application path: Skype.exe1 Faulting module path: Skype.exe2 Report Id: Skype.exe3 Error: (05/19/2014 08:25:04 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Faulting application name: OUTLOOK.EXE, version: 14.0.4734.1000, time stamp: 0x4b58fdfa Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x6cca0000 Faulting process id: 0x28b4 Faulting application start time: 0xOUTLOOK.EXE0 Faulting application path: OUTLOOK.EXE1 Faulting module path: OUTLOOK.EXE2 Report Id: OUTLOOK.EXE3 Error: (05/19/2014 07:28:13 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Faulting application name: Skype.exe, version: 6.14.0.104, time stamp: 0x52f90e3e Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x18150000 Faulting process id: 0x321c Faulting application start time: 0xSkype.exe0 Faulting application path: Skype.exe1 Faulting module path: Skype.exe2 Report Id: Skype.exe3 Error: (05/19/2014 02:46:55 PM) (Source: Microsoft Office 14) (User: ) (EventID: 2001) Description: Microsoft Outlook: Rejected Safe Mode action : Outlook experienced a serious problem with the 'send to bluetooth' add-in. If you have seen this message multiple times, you should disable this add-in and check to see if an update is available. Do you want to disable this add-in?. Rejected Safe Mode action : Microsoft Outlook. Error: (05/19/2014 02:46:18 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Faulting application name: OUTLOOK.EXE, version: 14.0.4734.1000, time stamp: 0x4b58fdfa Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x6c8c0000 Faulting process id: 0x2238 Faulting application start time: 0xOUTLOOK.EXE0 Faulting application path: OUTLOOK.EXE1 Faulting module path: OUTLOOK.EXE2 Report Id: OUTLOOK.EXE3 Error: (05/19/2014 00:57:01 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Faulting application name: Skype.exe, version: 6.14.0.104, time stamp: 0x52f90e3e Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x19bf0000 Faulting process id: 0x98c Faulting application start time: 0xSkype.exe0 Faulting application path: Skype.exe1 Faulting module path: Skype.exe2 Report Id: Skype.exe3 Error: (05/18/2014 10:37:01 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Faulting application name: OUTLOOK.EXE, version: 14.0.4734.1000, time stamp: 0x4b58fdfa Faulting module name: PSTOREC.DLL_unloaded, version: 0.0.0.0, time stamp: 0x4a5bdad3 Exception code: 0xc0000005 Fault offset: 0x6d320000 Faulting process id: 0xf2c Faulting application start time: 0xOUTLOOK.EXE0 Faulting application path: OUTLOOK.EXE1 Faulting module path: OUTLOOK.EXE2 Report Id: OUTLOOK.EXE3 Error: (05/18/2014 00:25:59 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Faulting application name: OUTLOOK.EXE, version: 14.0.4734.1000, time stamp: 0x4b58fdfa Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x6bfd0000 Faulting process id: 0x10bc Faulting application start time: 0xOUTLOOK.EXE0 Faulting application path: OUTLOOK.EXE1 Faulting module path: OUTLOOK.EXE2 Report Id: OUTLOOK.EXE3 Error: (05/17/2014 00:29:01 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Faulting application name: OUTLOOK.EXE, version: 14.0.4734.1000, time stamp: 0x4b58fdfa Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x6e130000 Faulting process id: 0x1de4 Faulting application start time: 0xOUTLOOK.EXE0 Faulting application path: OUTLOOK.EXE1 Faulting module path: OUTLOOK.EXE2 Report Id: OUTLOOK.EXE3 System errors: ============= Error: (05/16/2014 01:18:55 AM) (Source: volsnap) (User: ) (EventID: 36) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (05/15/2014 11:18:47 PM) (Source: Service Control Manager) (User: ) (EventID: 7024) Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143. Error: (05/15/2014 11:15:13 PM) (Source: Service Control Manager) (User: ) (EventID: 7023) Description: The Panda On-Access Anti-Malware Service service terminated with the following error: %%1 Error: (05/14/2014 11:56:04 PM) (Source: DCOM) (User: ) (EventID: 10001) Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} Error: (05/13/2014 10:56:55 PM) (Source: DCOM) (User: ) (EventID: 10001) Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} Error: (05/13/2014 08:22:19 PM) (Source: Service Control Manager) (User: ) (EventID: 7024) Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143. Error: (05/13/2014 08:18:49 PM) (Source: Service Control Manager) (User: ) (EventID: 7023) Description: The Panda On-Access Anti-Malware Service service terminated with the following error: %%1 Error: (05/13/2014 07:48:34 PM) (Source: DCOM) (User: ) (EventID: 10010) Description: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} Error: (05/12/2014 10:48:20 PM) (Source: WMPNetworkSvc) (User: ) (EventID: 14332) Description: WMPNetworkSvc0x80004005 Error: (05/12/2014 10:45:35 PM) (Source: Service Control Manager) (User: ) (EventID: 7023) Description: The Panda On-Access Anti-Malware Service service terminated with the following error: %%1 Microsoft Office Sessions: ========================= Error: (05/19/2014 09:21:54 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: OUTLOOK.EXE14.0.4734.10004b58fdfaunknown0.0.0.000000000c00000056d2a0000103c01cf73db19336661C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEunknown459a781d-dfd6-11e3-9739-4ceb42389491 Error: (05/19/2014 09:03:21 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Skype.exe6.14.0.10452f90e3eunknown0.0.0.000000000c00000056eab00005d401cf73dac8ba660cC:\Program Files (x86)\Skype\Phone\Skype.exeunknownadfc5935-dfd3-11e3-9739-4ceb42389491 Error: (05/19/2014 08:25:04 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: OUTLOOK.EXE14.0.4734.10004b58fdfaunknown0.0.0.000000000c00000056cca000028b401cf73abd904ac26C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEunknown54d24ee8-dfce-11e3-9739-4ceb42389491 Error: (05/19/2014 07:28:13 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Skype.exe6.14.0.10452f90e3eunknown0.0.0.000000000c000000518150000321c01cf73a043bc9850C:\Program Files (x86)\Skype\Phone\Skype.exeunknown63c2bb67-dfc6-11e3-9739-4ceb42389491 Error: (05/19/2014 02:46:55 PM) (Source: Microsoft Office 14) (User: ) (EventID: 2001) Description: Microsoft OutlookOutlook experienced a serious problem with the 'send to bluetooth' add-in. If you have seen this message multiple times, you should disable this add-in and check to see if an update is available. Do you want to disable this add-in? Error: (05/19/2014 02:46:18 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: OUTLOOK.EXE14.0.4734.10004b58fdfaunknown0.0.0.000000000c00000056c8c0000223801cf7396ac1186a0C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEunknown01f47093-df9f-11e3-9739-4ceb42389491 Error: (05/19/2014 00:57:01 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: Skype.exe6.14.0.10452f90e3eunknown0.0.0.000000000c000000519bf000098c01cf7322cfad4f00C:\Program Files (x86)\Skype\Phone\Skype.exeunknownbd6b5a51-df8f-11e3-9739-4ceb42389491 Error: (05/18/2014 10:37:01 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: OUTLOOK.EXE14.0.4734.10004b58fdfaPSTOREC.DLL_unloaded0.0.0.04a5bdad3c00000056d320000f2c01cf730108f155e2C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEPSTOREC.DLL999eec6e-df17-11e3-9739-4ceb42389491 Error: (05/18/2014 00:25:59 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: OUTLOOK.EXE14.0.4734.10004b58fdfaunknown0.0.0.000000000c00000056bfd000010bc01cf7255650f424bC:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEunknown3d2d5534-dec2-11e3-9739-4ceb42389491 Error: (05/17/2014 00:29:01 PM) (Source: Application Error) (User: ) (EventID: 1000) Description: OUTLOOK.EXE14.0.4734.10004b58fdfaunknown0.0.0.000000000c00000056e1300001de401cf71a7750a3156C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEunknown7f797b9b-ddf9-11e3-9739-4ceb42389491 ==================== Memory info =========================== Percentage of memory in use: 37% Total physical RAM: 6038.17 MB Available physical RAM: 3787.61 MB Total Pagefile: 12074.52 MB Available Pagefile: 8595.69 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:97.66 GB) (Free:16.87 GB) NTFS Drive d: () (Fixed) (Total:166.01 GB) (Free:22.02 GB) NTFS Drive e: () (Fixed) (Total:182.46 GB) (Free:14.86 GB) NTFS Drive j: (RECOVERY) (Fixed) (Total:10.5 GB) (Free:0.6 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 07F2837E) Partition 1: (Not Active) - (Size=102 MB) - (Type=DE) Partition 2: (Active) - (Size=11 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=348 GB) - (Type=OF Extended) ==================== End Of Log ============================

I rebooted my comoputer by accident today just now even though it was not indicated. I went to msconfig and unchecked utorrent. here is the new dss log: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7600.16385Run by King at 22:51:39 on 2013-12-17Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.6038.3738 [GMT -8:00].AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}.============== Running Processes ===============.C:\PROGRA~2\AVG\AVG2014\avgrsa.exeC:\Program Files (x86)\AVG\AVG2014\avgcsrva.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskeng.exeC:\Program Files\Realtek\Audio\HDA\AERTSr64.exeC:\Program Files (x86)\AVG\AVG2014\avgfws.exeC:\Program Files (x86)\AVG\AVG2014\avgidsagent.exeC:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exeC:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Program Files\Macrium\Reflect\ReflectService.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files (x86)\Intel\Bluetooth\obexsrv.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\WUDFHost.exeC:\Program Files (x86)\AVG\AVG2014\avgnsa.exeC:\Program Files (x86)\AVG\AVG2014\avgemca.exeC:\Windows\System32\svchost.exe -k swprvC:\Windows\system32\LogonUI.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\DAEMON Tools Lite\DTLite.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\AVG\AVG2014\avgui.exeC:\Program Files (x86)\AVG\AVG2014\avgcsrva.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exeC:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wuauclt.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exeBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLTB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunuRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorunmRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLYmPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTrusted Zone: dell.comTCP: NameServer = 10.0.1.1TCP: Interfaces\{F3455C39-6B6E-4942-99ED-15A90A3FE42F} : DHCPNameServer = 10.0.1.1TCP: Interfaces\{F3455C39-6B6E-4942-99ED-15A90A3FE42F}\4554C4553503835363 : DHCPNameServer = 192.168.1.254 75.153.176.9Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.============= SERVICES / DRIVERS ===============.R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2013-9-26 57144]R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-12-14 283064]R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-8-29 53760]R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-10-10 288768]R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-10-11 59904]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-12-14 317440]R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-9-13 95744]R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-9-13 212992]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-12-14 17480]S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-12-14 9800].=============== Created Last 30 ================.2013-12-18 06:50:39 -------- d-----w- C:\Windows\pss2013-12-17 07:45:59 82944 ----a-w- C:\Windows\System32\drivers\ipfltdrv.sys.bak2013-12-16 06:35:43 -------- d-----w- C:\Windows\System32\appmgmt2013-12-16 03:14:44 216064 ----a-w- C:\Windows\SysWow64\gcapi_dll.dll2013-12-16 03:14:37 -------- d-----w- C:\Users\King\AppData\Roaming\Foxit Software2013-12-16 03:14:36 -------- d-----w- C:\Program Files (x86)\Foxit Software2013-12-16 03:13:51 -------- d-----w- C:\Users\King\AppData\Roaming\IrfanView2013-12-16 03:13:51 -------- d-----w- C:\Program Files (x86)\IrfanView2013-12-15 22:33:07 -------- d-----w- C:\Windows\AutoKMS2013-12-15 22:24:32 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll2013-12-15 22:24:32 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll2013-12-15 22:24:32 48960 ----a-w- C:\Windows\System32\netfxperf.dll2013-12-15 22:24:32 444752 ----a-w- C:\Windows\System32\mscoree.dll2013-12-15 22:24:32 320352 ----a-w- C:\Windows\System32\PresentationHost.exe2013-12-15 22:24:32 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll2013-12-15 22:24:32 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe2013-12-15 22:24:32 1942856 ----a-w- C:\Windows\System32\dfshim.dll2013-12-15 22:24:32 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll2013-12-15 22:24:32 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll2013-12-15 20:14:12 142336 ----a-w- C:\Windows\System32\poqexec.exe2013-12-15 20:14:12 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe2013-12-15 19:47:17 77312 ----a-w- C:\Windows\System32\packager.dll2013-12-15 19:47:17 67072 ----a-w- C:\Windows\SysWow64\packager.dll2013-12-15 09:52:12 15584 ----a-w- C:\Users\King\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll2013-12-15 09:47:01 -------- d-----w- C:\Program Files (x86)\MSECache2013-12-15 09:42:08 -------- d-----w- C:\Program Files\Microsoft Synchronization Services2013-12-15 09:41:43 -------- d-----w- C:\Windows\PCHEALTH2013-12-15 09:41:43 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition2013-12-15 09:39:30 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 82013-12-15 09:38:26 -------- d-----w- C:\Program Files\Microsoft Analysis Services2013-12-15 09:38:26 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services2013-12-15 09:37:46 -------- d-----w- C:\Users\King\AppData\Local\Microsoft Help2013-12-15 09:29:30 -------- d-----w- C:\Users\King\AppData\Roaming\AVG20142013-12-15 09:28:05 -------- d-----w- C:\ProgramData\AVG20142013-12-15 09:27:41 -------- d-----w- C:\Program Files (x86)\AVG2013-12-15 09:25:18 -------- d-----w- C:\Users\King\AppData\Local\MFAData2013-12-15 09:25:18 -------- d-----w- C:\Users\King\AppData\Local\Avg20142013-12-15 09:25:18 -------- d-----w- C:\ProgramData\MFAData2013-12-15 09:17:55 -------- d-----w- C:\Users\King\AppData\Roaming\uTorrent2013-12-15 07:49:52 -------- d-----w- C:\Program Files\Macrium2013-12-15 07:47:53 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys2013-12-15 07:47:51 -------- d-----w- C:\Users\King\AppData\Roaming\DAEMON Tools Lite2013-12-15 07:47:49 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite2013-12-15 07:47:19 -------- d-----w- C:\ProgramData\DAEMON Tools Lite2013-12-15 07:08:17 -------- d-----w- C:\ProgramData\Macrium2013-12-15 06:55:49 -------- d-----w- C:\Users\King\AppData\Local\TBHostSupport2013-12-15 06:40:51 -------- d-----w- C:\ProgramData\Conduit2013-12-15 06:40:35 -------- d-----w- C:\Users\King\AppData\Local\NativeMessaging2013-12-15 06:40:34 -------- d-----w- C:\Users\King\AppData\Local\Conduit2013-12-15 06:40:32 -------- d-----w- C:\Users\King\AppData\Local\CRE2013-12-15 06:40:32 -------- d-----w- C:\Program Files (x86)\Conduit2013-12-15 06:39:45 -------- d-----w- C:\Users\King\AppData\Roaming\TuneUp Software2013-12-15 05:52:46 -------- d-----w- C:\Windows\System32\SRSLabs2013-12-15 05:47:34 -------- d-----w- C:\Program Files (x86)\VideoLAN2013-12-15 05:39:59 -------- d-----r- C:\Program Files (x86)\Skype2013-12-15 05:39:22 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll2013-12-15 05:39:22 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll2013-12-15 05:38:49 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine2013-12-15 05:15:19 49940480 ----a-w- C:\Program Files (x86)\GUTEDF.tmp2013-12-15 05:15:19 -------- d-----w- C:\Program Files (x86)\GUMEDE.tmp2013-12-15 05:10:13 -------- d-----w- C:\Users\King\AppData\Local\Google2013-12-15 05:10:08 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-12-15 05:10:08 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-12-15 05:09:31 -------- d-----w- C:\Users\King\AppData\Local\Adobe2013-12-15 05:09:21 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5978130-B3D7-4053-9061-F27F878EDC86}\mpengine.dll2013-12-15 05:09:17 267936 ------w- C:\Windows\System32\MpSigStub.exe2013-12-15 05:06:19 139264 ----a-w- C:\Windows\System32\cabview.dll2013-12-15 05:06:19 132608 ----a-w- C:\Windows\SysWow64\cabview.dll2013-12-15 05:06:18 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll2013-12-15 05:06:18 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys2013-12-15 05:06:18 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys2013-12-15 05:06:18 1031680 ----a-w- C:\Windows\System32\rdpcore.dll2013-12-15 05:04:32 -------- d-----w- C:\Users\King\AppData\Local\Apps2013-12-15 05:04:31 -------- d-----w- C:\Users\King\AppData\Local\Deployment2013-12-15 05:02:19 2622464 ----a-w- C:\Windows\System32\wucltux.dll2013-12-15 05:02:12 99840 ----a-w- C:\Windows\System32\wudriver.dll2013-12-15 05:02:05 36864 ----a-w- C:\Windows\System32\wuapp.exe2013-12-15 05:02:05 186752 ----a-w- C:\Windows\System32\wuwebv.dll2013-12-15 04:56:34 -------- d--h--w- C:\Windows\System32\WLANProfiles2013-12-15 04:56:25 -------- d-----w- C:\Users\King\AppData\Roaming\Intel2013-12-15 04:56:12 -------- d-----w- C:\Users\King\Roaming2013-12-15 04:56:12 -------- d-----w- C:\ProgramData\Roaming2013-12-15 04:55:05 -------- d-----w- C:\Program Files (x86)\Cisco2013-12-15 04:54:22 -------- d-sh--w- C:\Windows\Installer2013-12-15 04:50:36 -------- d-----w- C:\Program Files\Common Files\Intel2013-12-15 04:50:35 -------- d-----w- C:\Program Files (x86)\Common Files\Intel2013-12-15 04:45:57 -------- d-----w- C:\Users\King\AppData\Local\VirtualStore2013-12-15 03:25:02 -------- d-----w- C:\Windows\Panther2013-12-15 03:16:06 -------- d-----w- C:\Windows.old.0002013-12-15 00:53:10 -------- d-----w- C:\Windows.old2013-12-12 04:58:42 -------- d-----w- C:\fotos.==================== Find3M ====================.2013-11-06 05:55:48 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys2013-11-05 05:52:42 240920 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys2013-11-01 07:00:18 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys2013-11-01 06:49:46 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys2013-10-25 06:25:58 194872 ----a-w- C:\Windows\System32\drivers\avgidsha.sys2013-10-09 23:34:14 3381832 ----a-w- C:\Windows\System32\BootMan.exe2013-10-09 23:24:36 2499656 ----a-w- C:\Windows\SysWow64\BootMan.exe2013-10-01 08:52:08 123704 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys2013-09-26 17:44:54 57144 ----a-w- C:\Windows\System32\drivers\avgfwd6a.sys.============= FINISH: 22:55:51.24 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume2Install Date: 14/12/2013 8:44:17 PMSystem Uptime: 17/12/2013 10:45:30 PM (0 hours ago).Motherboard: Dell Inc. | | 05VJ58Processor: Intel® Core i7-2670QM CPU @ 2.20GHz | CPU | 792/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 98 GiB total, 21.908 GiB free.D: is FIXED (NTFS) - 166 GiB total, 2.655 GiB free.E: is FIXED (NTFS) - 182 GiB total, 5.944 GiB free.F: is CDROM ()G: is RemovableI: is CDROM ()J: is FIXED (NTFS) - 11 GiB total, 0.598 GiB free.K: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: Description: SM Bus ControllerDevice ID: PCI\VEN_8086&DEV_1C22&SUBSYS_04D81028&REV_05\3&11583659&0&FBManufacturer: Name: SM Bus ControllerPNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_04D81028&REV_05\3&11583659&0&FBService: .==== System Restore Points ===================.RP16: 16/12/2013 6:51:00 PM - Windows UpdateRP17: 17/12/2013 10:31:59 PM - Windows UpdateRP18: 17/12/2013 10:52:17 PM - Windows Update.==== Installed Programs ======================.Adobe Flash Player 11 ActiveXµTorrentAVG 2014DAEMON Tools LiteDefinition Update for Microsoft Office 2010 (KB982726) 64-Bit EditionDell System DetectEaseUS Partition Master 9.3.0ERUNT 1.1jFoxit ReaderGoogle ChromeGoogle Update HelperIntel PROSet WirelessIntel® Processor GraphicsIntel® PROSet/Wireless for Bluetooth® + High SpeedIntel® PROSet/Wireless Software for Bluetooth® TechnologyIntel® PROSet/Wireless WiFi SoftwareIrfanView (remove only)Macrium Reflect Free EditionMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 32-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 32-bit MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft Outlook Hotmail Connector 64-bitNotepad++Realtek High Definition Audio DriverRenesas Electronics USB 3.0 Host Controller DriverSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Excel 2010 (KB2597166) 64-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2553322) 64-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2553431) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 64-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 64-Bit EditionSecurity Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit EditionSecurity Update for Microsoft SharePoint Workspace 2010 (KB2566445)Security Update for Microsoft Visio Viewer 2010 (KB2597981) 64-Bit EditionSkype™ 6.11Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553181) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2597091) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 64-Bit EditionUpdate for Microsoft Office 2010 (KB2825640) 64-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 64-Bit EditionUpdate for Microsoft OneNote 2010 (KB2589345) 64-Bit EditionUpdate for Microsoft Outlook 2010 (KB2553248) 64-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit EditionVisual Studio 2012 x64 RedistributablesVisual Studio 2012 x86 RedistributablesVLC media player 2.1.2Winamp.==== Event Viewer Messages From Past Week ========.17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB979538).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2799926).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2762895).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2761217).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2732500).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2729094).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2661254).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2506928).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2345886).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB974571).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2813170).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2712808).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2705219).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2698365).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2660649).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2659262).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2654428).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2653956).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2644615).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2619339).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2564958).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2544893).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2532531).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2511455).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2491683).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2483614).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2442962).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2419640).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2378111).17/12/2013 10:51:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2742598).17/12/2013 10:51:00 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB980408).17/12/2013 10:51:00 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2726535).17/12/2013 10:51:00 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2699779).17/12/2013 10:51:00 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2506014).17/12/2013 10:51:00 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for User-Mode Driver Framework version 1.11 for Windows 7 for x64-based Systems (KB2685813).17/12/2013 10:51:00 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).17/12/2013 10:51:00 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2743555).17/12/2013 10:51:00 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2727528).17/12/2013 10:51:00 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2706045).17/12/2013 10:51:00 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2690533).17/12/2013 10:51:00 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2645640).17/12/2013 10:51:00 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2423089).17/12/2013 10:51:00 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2387149).17/12/2013 10:51:00 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2656355).17/12/2013 10:51:00 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2817183).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB980846).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB977074).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB974431).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB971033).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2786400).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2779562).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2773072).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2749655).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2748349).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2741355).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2718704).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2709630).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2660075).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2640148).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2603229).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2552343).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2547666).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2545698).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2541014).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2522422).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2511250).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2488113).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2484033).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2467023).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2454826).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Rights Management Services Client for Windows 7 for x64-based Systems (KB979099).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Kernel-Mode Driver Framework version 1.11 for Windows 7 for x64-based Systems (KB2685811).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB982799).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB982665).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB982132).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB979688).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB979687).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB978542).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB975560).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB975467).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB972270).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2840149).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2813347).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2808735).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2807986).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2790655).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2790113).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2785220).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2770660).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2769369).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2758857).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2757638).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2753842).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2691442).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2685939).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2676562).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2667402).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2655992).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2631813).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2620704).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2585542).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2579686).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2570947).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2536276).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2536275).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2535512).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2509553).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2506212).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2479943).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2393802).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2347290).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2305420).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2296011).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2281679).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2032276).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2789644).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2756920).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2736418).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2729451).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2656410).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2604114).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Microsoft .NET Framework 3.5 SP1 Update for Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB982526).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Cumulative Update for Media Center for Windows 7 x64-based Systems (KB2284742).17/12/2013 10:50:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Cumulative Security Update for ActiveX Killbits for Windows 7 for x64-based Systems (KB2618451).17/12/2013 10:50:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2563227).17/12/2013 10:50:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Update for Windows 7 for x64-based Systems (KB2387530).17/12/2013 10:50:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB979482).17/12/2013 10:50:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2658846).17/12/2013 10:50:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a2d: Security Update for Windows 7 for x64-based Systems (KB2560656).17/12/2013 10:46:55 PM, Error: Service Control Manager [7023] - 17/12/2013 10:44:56 PM, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.17/12/2013 10:38:39 PM, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.16/12/2013 11:17:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB2563227).16/12/2013 11:17:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB2387530).16/12/2013 11:17:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB979482).16/12/2013 11:17:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2658846).16/12/2013 11:17:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2620704).16/12/2013 11:17:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2560656).15/12/2013 2:18:56 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.15/12/2013 1:28:44 AM, Error: Service Control Manager [7024] - The AVG Firewall service terminated with service-specific error %%-536805289.14/12/2013 7:33:40 PM, Error: Service Control Manager [7023] - The Windows Search service terminated with the following error: The media is write protected..==== End Of File ===========================

There you go, let me know if im missing anything: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7600.16385 Run by King at 23:26:25 on 2013-12-16 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.6038.1819 [GMT -8:00] . AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2014\avgrsa.exe C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\AVG\AVG2014\avgfws.exe C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Macrium\Reflect\ReflectService.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe C:\Program Files (x86)\AVG\AVG2014\avgemca.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\explorer.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\regedit.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE C:\Users\King\AppData\Roaming\uTorrent\uTorrent.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file> uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [uTorrent] "C:\Users\King\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Trusted Zone: dell.com TCP: NameServer = 10.0.1.1 TCP: Interfaces\{F3455C39-6B6E-4942-99ED-15A90A3FE42F} : DHCPNameServer = 10.0.1.1 TCP: Interfaces\{F3455C39-6B6E-4942-99ED-15A90A3FE42F}\4554C4553503835363 : DHCPNameServer = 192.168.1.254 75.153.176.9 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file> x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices x64-RunOnce: [NoIE4StubProcessing] C:\Windows\System32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544] R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808] R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2013-9-26 57144] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-12-14 283064] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144] R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-8-29 53760] R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-10-10 288768] R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-10-11 59904] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-12-14 317440] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-9-13 95744] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-9-13 212992] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144] S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-12-14 17480] S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-12-14 9800] . =============== Created Last 30 ================ . 2013-12-16 06:35:43 -------- d-----w- C:\Windows\System32\appmgmt 2013-12-16 03:14:44 216064 ----a-w- C:\Windows\SysWow64\gcapi_dll.dll 2013-12-16 03:14:37 -------- d-----w- C:\Users\King\AppData\Roaming\Foxit Software 2013-12-16 03:14:36 -------- d-----w- C:\Program Files (x86)\Foxit Software 2013-12-16 03:13:51 -------- d-----w- C:\Users\King\AppData\Roaming\IrfanView 2013-12-16 03:13:51 -------- d-----w- C:\Program Files (x86)\IrfanView 2013-12-15 22:33:07 -------- d-----w- C:\Windows\AutoKMS 2013-12-15 22:24:32 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll 2013-12-15 22:24:32 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll 2013-12-15 22:24:32 48960 ----a-w- C:\Windows\System32\netfxperf.dll 2013-12-15 22:24:32 444752 ----a-w- C:\Windows\System32\mscoree.dll 2013-12-15 22:24:32 320352 ----a-w- C:\Windows\System32\PresentationHost.exe 2013-12-15 22:24:32 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll 2013-12-15 22:24:32 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe 2013-12-15 22:24:32 1942856 ----a-w- C:\Windows\System32\dfshim.dll 2013-12-15 22:24:32 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll 2013-12-15 22:24:32 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll 2013-12-15 19:47:17 77312 ----a-w- C:\Windows\System32\packager.dll 2013-12-15 19:47:17 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2013-12-15 09:52:12 15584 ----a-w- C:\Users\King\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll 2013-12-15 09:47:01 -------- d-----w- C:\Program Files (x86)\MSECache 2013-12-15 09:42:08 -------- d-----w- C:\Program Files\Microsoft Synchronization Services 2013-12-15 09:41:43 -------- d-----w- C:\Windows\PCHEALTH 2013-12-15 09:41:43 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition 2013-12-15 09:39:30 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8 2013-12-15 09:38:26 -------- d-----w- C:\Program Files\Microsoft Analysis Services 2013-12-15 09:38:26 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2013-12-15 09:37:46 -------- d-----w- C:\Users\King\AppData\Local\Microsoft Help 2013-12-15 09:29:30 -------- d-----w- C:\Users\King\AppData\Roaming\AVG2014 2013-12-15 09:28:05 -------- d-----w- C:\ProgramData\AVG2014 2013-12-15 09:27:41 -------- d-----w- C:\Program Files (x86)\AVG 2013-12-15 09:25:18 -------- d-----w- C:\Users\King\AppData\Local\MFAData 2013-12-15 09:25:18 -------- d-----w- C:\Users\King\AppData\Local\Avg2014 2013-12-15 09:25:18 -------- d-----w- C:\ProgramData\MFAData 2013-12-15 09:17:55 -------- d-----w- C:\Users\King\AppData\Roaming\uTorrent 2013-12-15 07:49:52 -------- d-----w- C:\Program Files\Macrium 2013-12-15 07:47:53 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys 2013-12-15 07:47:51 -------- d-----w- C:\Users\King\AppData\Roaming\DAEMON Tools Lite 2013-12-15 07:47:49 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite 2013-12-15 07:47:19 -------- d-----w- C:\ProgramData\DAEMON Tools Lite 2013-12-15 07:08:17 -------- d-----w- C:\ProgramData\Macrium 2013-12-15 06:55:49 -------- d-----w- C:\Users\King\AppData\Local\TBHostSupport 2013-12-15 06:40:51 -------- d-----w- C:\ProgramData\Conduit 2013-12-15 06:40:35 -------- d-----w- C:\Users\King\AppData\Local\NativeMessaging 2013-12-15 06:40:34 -------- d-----w- C:\Users\King\AppData\Local\Conduit 2013-12-15 06:40:32 -------- d-----w- C:\Users\King\AppData\Local\CRE 2013-12-15 06:40:32 -------- d-----w- C:\Program Files (x86)\Conduit 2013-12-15 06:39:45 -------- d-----w- C:\Users\King\AppData\Roaming\TuneUp Software 2013-12-15 05:52:46 -------- d-----w- C:\Windows\System32\SRSLabs 2013-12-15 05:47:34 -------- d-----w- C:\Program Files (x86)\VideoLAN 2013-12-15 05:39:59 -------- d-----r- C:\Program Files (x86)\Skype 2013-12-15 05:39:22 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll 2013-12-15 05:39:22 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll 2013-12-15 05:38:49 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine 2013-12-15 05:15:19 49940480 ----a-w- C:\Program Files (x86)\GUTEDF.tmp 2013-12-15 05:15:19 -------- d-----w- C:\Program Files (x86)\GUMEDE.tmp 2013-12-15 05:10:13 -------- d-----w- C:\Users\King\AppData\Local\Google 2013-12-15 05:10:08 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-15 05:10:08 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-12-15 05:09:31 -------- d-----w- C:\Users\King\AppData\Local\Adobe 2013-12-15 05:09:21 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D5978130-B3D7-4053-9061-F27F878EDC86}\mpengine.dll 2013-12-15 05:09:17 267936 ------w- C:\Windows\System32\MpSigStub.exe 2013-12-15 05:06:19 139264 ----a-w- C:\Windows\System32\cabview.dll 2013-12-15 05:06:19 132608 ----a-w- C:\Windows\SysWow64\cabview.dll 2013-12-15 05:06:18 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2013-12-15 05:06:18 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2013-12-15 05:06:18 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2013-12-15 05:06:18 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2013-12-15 05:04:32 -------- d-----w- C:\Users\King\AppData\Local\Apps 2013-12-15 05:04:31 -------- d-----w- C:\Users\King\AppData\Local\Deployment 2013-12-15 05:02:19 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2013-12-15 05:02:12 99840 ----a-w- C:\Windows\System32\wudriver.dll 2013-12-15 05:02:05 36864 ----a-w- C:\Windows\System32\wuapp.exe 2013-12-15 05:02:05 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2013-12-15 04:56:34 -------- d--h--w- C:\Windows\System32\WLANProfiles 2013-12-15 04:56:25 -------- d-----w- C:\Users\King\AppData\Roaming\Intel 2013-12-15 04:56:12 -------- d-----w- C:\Users\King\Roaming 2013-12-15 04:56:12 -------- d-----w- C:\ProgramData\Roaming 2013-12-15 04:55:05 -------- d-----w- C:\Program Files (x86)\Cisco 2013-12-15 04:54:22 -------- d-sh--w- C:\Windows\Installer 2013-12-15 04:50:36 -------- d-----w- C:\Program Files\Common Files\Intel 2013-12-15 04:50:35 -------- d-----w- C:\Program Files (x86)\Common Files\Intel 2013-12-15 04:45:57 -------- d-----w- C:\Users\King\AppData\Local\VirtualStore 2013-12-15 03:25:02 -------- d-----w- C:\Windows\Panther 2013-12-15 03:16:06 -------- d-----w- C:\Windows.old.000 2013-12-15 00:53:10 -------- d-----w- C:\Windows.old 2013-12-12 04:58:42 -------- d-----w- C:\fotos . ==================== Find3M ==================== . 2013-11-06 05:55:48 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys 2013-11-05 05:52:42 240920 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys 2013-11-01 07:00:18 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2013-11-01 06:49:46 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys 2013-10-25 06:25:58 194872 ----a-w- C:\Windows\System32\drivers\avgidsha.sys 2013-10-09 23:34:14 3381832 ----a-w- C:\Windows\System32\BootMan.exe 2013-10-09 23:24:36 2499656 ----a-w- C:\Windows\SysWow64\BootMan.exe 2013-10-01 08:52:08 123704 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2013-09-26 17:44:54 57144 ----a-w- C:\Windows\System32\drivers\avgfwd6a.sys . ============= FINISH: 23:27:43.21 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume2 Install Date: 14/12/2013 8:44:17 PM System Uptime: 16/12/2013 11:50:22 AM (12 hours ago) . Motherboard: Dell Inc. | | 05VJ58 Processor: Intel® Core i7-2670QM CPU @ 2.20GHz | CPU | 1892/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 98 GiB total, 22.797 GiB free. D: is FIXED (NTFS) - 166 GiB total, 2.655 GiB free. E: is FIXED (NTFS) - 182 GiB total, 5.944 GiB free. F: is CDROM () G: is Removable I: is CDROM () J: is FIXED (NTFS) - 11 GiB total, 0.598 GiB free. K: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: SM Bus Controller Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_04D81028&REV_05\3&11583659&0&FB Manufacturer: Name: SM Bus Controller PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_04D81028&REV_05\3&11583659&0&FB Service: . ==== System Restore Points =================== . RP16: 16/12/2013 6:51:00 PM - Windows Update . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX µTorrent AVG 2014 DAEMON Tools Lite Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Dell System Detect EaseUS Partition Master 9.3.0 Foxit Reader Google Chrome Google Update Helper Intel PROSet Wireless Intel® Processor Graphics Intel® PROSet/Wireless for Bluetooth® + High Speed Intel® PROSet/Wireless Software for Bluetooth® Technology Intel® PROSet/Wireless WiFi Software IrfanView (remove only) Macrium Reflect Free Edition Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 32-bit MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Outlook Hotmail Connector 64-bit Notepad++ Realtek High Definition Audio Driver Renesas Electronics USB 3.0 Host Controller Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Excel 2010 (KB2597166) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553322) 64-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553431) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 64-Bit Edition Skype™ 6.11 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2597091) 64-Bit Edition Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 64-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables VLC media player 2.1.2 Winamp . ==== Event Viewer Messages From Past Week ======== . 16/12/2013 11:17:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB2563227). 16/12/2013 11:17:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Update for Windows 7 for x64-based Systems (KB2387530). 16/12/2013 11:17:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB979482). 16/12/2013 11:17:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2658846). 16/12/2013 11:17:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2620704). 16/12/2013 11:17:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB2560656). 15/12/2013 2:18:56 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10. 15/12/2013 1:28:44 AM, Error: Service Control Manager [7024] - The AVG Firewall service terminated with service-specific error %%-536805289. 14/12/2013 7:33:40 PM, Error: Service Control Manager [7023] - The Windows Search service terminated with the following error: The media is write protected. . ==== End Of File =========================== Rkill 2.6.3 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 12/16/2013 11:30:36 PM in x64 mode. Windows Version: Windows 7 Ultimate Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * Explorer Policy Removed: NoActiveDesktopChanges [HKLM] Backup Registry file created at: C:\Users\King\Desktop\rkill\rkill-12-16-2013-11-30-39.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 12/16/2013 11:31:36 PM Execution time: 0 hours(s), 1 minute(s), and 0 seconds(s) RogueKiller V8.7.12 _x64_ [Nov 25 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : King [Admin rights] Mode : Scan -- Date : 12/16/2013 23:46:36 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤ [V2][sUSP PATH] BackgroundContainer Startup Task : "C:\Windows\SysWOW64\Rundll32.exe" - "C:\Users\King\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][x][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500325AS ATA Device +++++ --- User --- [MBR] 5254b1680807abf8832ee136b0115fc1 [bSP] 0d9bdc844c4d286fe0b40717de6e9b3f : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 19149480 | Size: 10753 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 100006 Mo 3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 245987280 | Size: 356826 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_12162013_234636.txt >> REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoActiveDesktopChanges"=dword:00000001

Computer is slow. I think i have a virus. I need a hand here. Thanks

lol it took 2 minutes before it started to install i thought it got stopped but finnaly i installed it and this is the log only 2 lines: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK

Results of screen317's Security Check version 0.99.18 Windows 7 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Avira AntiVir Personal - Free Antivirus WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 18 Out of date Java installed! Flash Player Out of Date! Adobe Flash Player 10.0.45.2 ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe ``````````End of Log````````````

ComboFix 11-08-18.03 - baby 08/21/2011 22:00:46.2.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1222 [GMT -7:00] Running from: c:\users\baby\Downloads\ComboFix.exe AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2011-07-22 to 2011-08-22 ))))))))))))))))))))))))))))))) . . 2011-08-22 05:16 . 2011-08-22 05:16 -------- d-----w- c:\users\jobagent\AppData\Local\temp 2011-08-22 05:16 . 2011-08-22 05:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-22 05:16 . 2011-08-22 05:16 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp 2011-08-14 19:11 . 2011-08-17 14:57 0 ----a-w- c:\users\baby\AppData\Local\Mrumudaxubigaxe.bin 2011-08-07 05:35 . 2011-08-07 05:35 -------- d-----w- c:\users\baby\AppData\Roaming\Avira 2011-08-07 05:32 . 2011-08-07 05:42 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-08-07 05:32 . 2011-08-07 05:42 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-08-07 05:32 . 2011-08-07 05:32 -------- d-----w- c:\programdata\Avira 2011-08-07 05:32 . 2011-08-07 05:32 -------- d-----w- c:\program files\Avira 2011-08-07 05:03 . 2011-08-07 05:03 -------- d-----w- c:\users\baby\AppData\Roaming\Malwarebytes 2011-08-07 05:02 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-07 05:02 . 2011-08-07 05:02 -------- d-----w- c:\programdata\Malwarebytes 2011-08-07 05:02 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-07 05:02 . 2011-08-07 05:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-05 05:34 . 2011-08-05 05:34 388096 ----a-r- c:\users\baby\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-27 05:29 . 2011-07-27 05:29 -------- d-----r- c:\program files\Skype 2011-07-25 03:48 . 2011-07-25 03:48 -------- d-----w- C:\ppsvodcache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-04 08:18 . 2011-06-04 08:18 5632 ----a-r- c:\users\baby\AppData\Roaming\Microsoft\Installer\{879F64A7-7EC6-4281-90DB-C720DE11D79C}\nunit_icon.exe 2011-04-14 21:01 . 2011-06-06 04:49 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk backup=c:\windows\pss\OfficeSAS.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^baby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] path=c:\users\baby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk backup=c:\windows\pss\Dropbox.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^baby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PPS.lnk] path=c:\users\baby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk backup=c:\windows\pss\PPS.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^baby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Trillian.lnk] path=c:\users\baby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk backup=c:\windows\pss\Trillian.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 21:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-01-30 00:52 135664 ----atw- c:\users\baby\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-06-08 00:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor] 2006-11-03 18:01 319488 ----a-w- c:\windows\PixArt\Pac207\Monitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2009-10-03 18:40 13826664 ----a-w- c:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPS Accelerator] 2010-02-24 03:25 214408 ----a-w- c:\progra~1\PPStream\PPSAP.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-06-15 22:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-01-11 23:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-02-09 01:39 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2010-12-22 07:59 396152 ----a-w- c:\program files\uTorrent\uTorrent.exe . R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 OpenVPNTechOVPN_Instantiator;OpenVPNTech Instantiator Service AS;c:\program files\OpenVPNTech\bin\instant-xmlserv.exe [2009-12-04 1012386] R2 SQLAgent$DEV2008;SQL Server Agent (DEV2008);c:\dev2008\MSSQL10.DEV2008\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936] R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2010-04-17 22416] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 14216] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 8456] R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [x] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-11-05 13224] R3 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2009-05-27 202584] R3 MSSQL$DEV2005;SQL Server (DEV2005);c:\dev2008\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136] R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2010-10-24 38976] R3 ReportServer$SSRS2005;SQL Server Reporting Services (SSRS2005);c:\dev2005\MSSQL.8\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2009-05-27 13672] R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-12-26 288768] R3 SYBBCK_BABYPC_BS;Sybase BCKServer _ BABYPC_BS;c:\sybase\ASE-15_0\bin\bcksrvr.exe [x] R3 SYBBCK_SYBASE_BS;Sybase BCKServer _ SYBASE_BS;c:\sybase\ASE-15_0\bin\bcksrvr.exe [x] R3 SYBMON_BABYPC_MS;Sybase MONServer _ BABYPC_MS;c:\sybase\ASE-15_0\bin\monsrvr.exe [x] R3 SYBMON_SYBASE_MS;Sybase MONServer _ SYBASE_MS;c:\sybase\ASE-15_0\bin\monsrvr.exe [x] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400] R4 KMService;KMService;c:\windows\system32\srvany.exe [2010-05-29 8192] R4 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2008-05-21 75016] R4 msftesql$DEV2005;SQL Server FullText Search (DEV2005);c:\dev2008\MSSQL.1\MSSQL\Binn\msftesql.exe [2007-06-22 95592] R4 MSOLAP$DEV2008;SQL Server Analysis Services (DEV2008);c:\dev2008\MSAS10.DEV2008\OLAP\bin\msmdsrv.exe [2009-03-30 21953896] R4 MSSQL$DEV2008;SQL Server (DEV2008);c:\dev2008\MSSQL10.DEV2008\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392] R4 MSSQLFDLauncher$DEV2008;SQL Full-text Filter Daemon Launcher (DEV2008);c:\dev2008\MSSQL10.DEV2008\MSSQL\Binn\fdlauncher.exe [2008-07-10 31256] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128] R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-23 2808664] R4 ReportServer$DEV2008;SQL Server Reporting Services (DEV2008);c:\dev2008\MSRS10.DEV2008\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2009-03-30 1113448] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336] R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-06 691696] R4 SQLAgent$DEV2005;SQL Server Agent (DEV2005);c:\dev2008\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2008-11-25 346976] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-12-01 143248] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-12-01 41936] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2008-08-29 3664384] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-11-05 27632] S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2009-11-19 25984] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-01 100560] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-12-01 111504] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Contents of the 'Scheduled Tasks' folder . 2011-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3568164831-4236057464-2028866383-1000Core.job - c:\users\baby\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-30 00:52] . 2011-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3568164831-4236057464-2028866383-1000UA.job - c:\users\baby\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-30 00:52] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.babylon.com/home?AF=18826 uInternet Settings,ProxyOverride = 127.0.0.1;*.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: pps.tv Trusted Zone: ppstream.com Trusted Zone: webscache.com TCP: DhcpNameServer = 192.168.1.254 199.185.220.254 FF - ProfilePath - c:\users\baby\AppData\Roaming\Mozilla\Firefox\Profiles\ok4we97h.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18826 FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home?AF=18826 FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msftesql$DEV2005] "ImagePath"="c:\dev2008\MSSQL.1\MSSQL\Binn\msftesql.exe -s:MSSQL.1 -f:DEV2005" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver] "ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3568164831-4236057464-2028866383-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4D7782BF-3B64-20B7-8CA1-8F1858EBC93E}*] @Allowed: (Read) (RestrictedCode) "jagebfkgdghdddhhbalc"=hex:62,61,6b,63,00,00 "jagebfkgdghdddhhbapb"=hex:62,61,70,63,00,00 "iagdnhpkcgliodfklg"=hex:6b,61,68,63,66,6d,67,64,64,6f,70,6d,70,6e,6b,61,65,70, 67,61,62,68,00,02 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(2288) c:\windows\system32\nvshext.dll . Completion time: 2011-08-21 22:19:49 ComboFix-quarantined-files.txt 2011-08-22 05:19 ComboFix2.txt 2011-08-18 04:25 . Pre-Run: 10,923,651,072 bytes free Post-Run: 10,868,965,376 bytes free . - - End Of File - - 994B6145B90AA534B6C23F244EDEA3EC Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7532 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 8/21/2011 10:27:28 PM mbam-log-2011-08-21 (22-27-28).txt Scan type: Quick scan Objects scanned: 215288 Time elapsed: 7 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) didnt have IE but i downloaded IE9 try to start ESET scanner but i get an error when i clicked install on the following msg "This site wants to install the following add-on:'onlinescanner.cab' from ESET spo s.r.o."

i went to safe mode to scan my system. attached are my 2 logs. Thanks!!! ComboFix.txt mbam-log-2011-08-17 (21-00-12).txt

oh sorry just saw your replied will take care of it tomorrow when i have time

. DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.7600.16385 Run by baby at 22:47:15 on 2011-08-06 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1197 [GMT -7:00] . AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k apphost C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Windows\System32\msdtc.exe c:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe C:\Program Files\OpenVPNTech\bin\instant-xmlserv.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k iissvcs C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/home?AF=18826 uInternet Settings,ProxyOverride = 127.0.0.1;*.local uURLSearchHooks: H - No File BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - &Yahoo! Toolbar Helper BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers\YontooIEClient.dll uRun: [AdobeBridge] uRun: [Google Update] "c:\users\baby\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 Trusted Zone: pps.tv Trusted Zone: ppstream.com Trusted Zone: webscache.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.254 199.185.220.254 TCP: Interfaces\{644D5FD7-620D-4BC4-8B44-B42A7DC43ADE} : DhcpNameServer = 192.168.1.254 199.185.220.254 TCP: Interfaces\{644D5FD7-620D-4BC4-8B44-B42A7DC43ADE}\2456C6B696E6F5E4B2F5632353337303 : DhcpNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{644D5FD7-620D-4BC4-8B44-B42A7DC43ADE}\24F6F6B6D41627B6F575962756C6563737 : DhcpNameServer = 192.168.2.1 10.1.10.1 TCP: Interfaces\{644D5FD7-620D-4BC4-8B44-B42A7DC43ADE}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1 64.59.144.92 64.59.144.93 64.59.150.135 TCP: Interfaces\{644D5FD7-620D-4BC4-8B44-B42A7DC43ADE}\84F6573756F4666416964786 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{644D5FD7-620D-4BC4-8B44-B42A7DC43ADE}\B41647869656D286F6573756 : DhcpNameServer = 64.59.144.92 64.59.144.93 64.59.150.135 TCP: Interfaces\{B5FCDE45-2DAA-446F-B51D-A84E2C3B244A} : DhcpNameServer = 68.87.69.150 68.87.85.102 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Hosts: 62.212.84.38 tracker.empornium.us Hosts: 62.212.84.38 download.empornium.us Hosts: 62.212.84.235 www.empornium.usforums.empornium.usempornium.us . ================= FIREFOX =================== . FF - ProfilePath - c:\users\baby\appdata\roaming\mozilla\firefox\profiles\ok4we97h.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18826 FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home?AF=18826 FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - component: c:\users\baby\appdata\roaming\mozilla\firefox\profiles\ok4we97h.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll FF - component: c:\users\baby\appdata\roaming\mozilla\firefox\profiles\ok4we97h.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - component: c:\users\baby\appdata\roaming\mozilla\firefox\profiles\ok4we97h.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll FF - plugin: c:\users\baby\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} . ============= SERVICES / DRIVERS =============== . R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-8-6 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-8-6 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-8-6 66616] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-6 366640] R2 OpenVPNTechOVPN_Instantiator;OpenVPNTech Instantiator Service AS;c:\program files\openvpntech\bin\instant-xmlserv.exe [2009-12-3 1012386] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-6 22712] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-8-28 3664384] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-11-4 27632] R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2009-11-19 25984] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SQLAgent$DEV2008;SQL Server Agent (DEV2008);c:\dev2008\mssql10.dev2008\mssql\binn\SQLAGENT.EXE [2009-3-30 366936] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-5-2 14216] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-5-2 8456] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-11-4 13224] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-6 41272] S3 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2009-5-27 202584] S3 MSSQL$DEV2005;SQL Server (DEV2005);c:\dev2008\mssql.1\mssql\binn\sqlservr.exe -sdev2005 --> c:\dev2008\mssql.1\mssql\binn\sqlservr.exe -sDEV2005 [?] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\PFC027.SYS [2006-12-5 507136] S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-10-23 38976] S3 ReportServer$SSRS2005;SQL Server Reporting Services (SSRS2005);c:\dev2005\mssql.8\reporting services\reportserver\bin\ReportingServicesService.exe [2009-5-27 13672] S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-26 288768] S3 SYBBCK_BABYPC_BS;Sybase BCKServer _ BABYPC_BS;c:\sybase\ase-15_0\bin\bcksrvr.exe -sbabypc_bs -r --> c:\sybase\ase-15_0\bin\bcksrvr.exe -SBABYPC_BS -R [?] S3 SYBBCK_SYBASE_BS;Sybase BCKServer _ SYBASE_BS;c:\sybase\ase-15_0\bin\bcksrvr.exe -ssybase_bs -r --> c:\sybase\ase-15_0\bin\bcksrvr.exe -SSYBASE_BS -R [?] S3 SYBMON_BABYPC_MS;Sybase MONServer _ BABYPC_MS;c:\sybase\ase-15_0\bin\monsrvr.exe -mbabypc_ms -c --> c:\sybase\ase-15_0\bin\monsrvr.exe -MBABYPC_MS -C [?] S3 SYBMON_SYBASE_MS;Sybase MONServer _ SYBASE_MS;c:\sybase\ase-15_0\bin\monsrvr.exe -msybase_ms -c --> c:\sybase\ase-15_0\bin\monsrvr.exe -MSYBASE_MS -C [?] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-24 1343400] S4 KMService;KMService;c:\windows\system32\srvany.exe [2010-5-28 8192] S4 LogWatch;Event Log Watch;c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [2008-5-20 75016] S4 msftesql$DEV2005;SQL Server FullText Search (DEV2005);c:\dev2008\mssql.1\mssql\binn\msftesql.exe -s:mssql.1 -f:dev2005 --> c:\dev2008\mssql.1\mssql\binn\msftesql.exe -s:MSSQL.1 -f:DEV2005 [?] S4 MSOLAP$DEV2008;SQL Server Analysis Services (DEV2008);c:\dev2008\msas10.dev2008\olap\bin\msmdsrv.exe [2009-3-30 21953896] S4 MSSQL$DEV2008;SQL Server (DEV2008);c:\dev2008\mssql10.dev2008\mssql\binn\sqlservr.exe [2009-3-30 43010392] S4 MSSQLFDLauncher$DEV2008;SQL Full-text Filter Daemon Launcher (DEV2008);c:\dev2008\mssql10.dev2008\mssql\binn\fdlauncher.exe [2008-7-10 31256] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2007-2-22 2808664] S4 ReportServer$DEV2008;SQL Server Reporting Services (DEV2008);c:\dev2008\msrs10.dev2008\reporting services\reportserver\bin\ReportingServicesService.exe [2009-3-30 1113448] S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336] S4 SQLAgent$DEV2005;SQL Server Agent (DEV2005);c:\dev2008\mssql.1\mssql\binn\sqlagent90.exe -i dev2005 --> c:\dev2008\mssql.1\mssql\binn\SQLAGENT90.EXE -i DEV2005 [?] . =============== Created Last 30 ================ . 2011-08-07 05:35:10 -------- d-----w- c:\users\baby\appdata\roaming\Avira 2011-08-07 05:32:26 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-08-07 05:32:24 -------- d-----w- c:\programdata\Avira 2011-08-07 05:32:24 -------- d-----w- c:\program files\Avira 2011-08-07 05:03:46 -------- d-----w- c:\users\baby\appdata\roaming\Malwarebytes 2011-08-07 05:02:46 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-07 05:02:45 -------- d-----w- c:\programdata\Malwarebytes 2011-08-07 05:02:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-07 05:02:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-05 05:34:51 388096 ----a-r- c:\users\baby\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-07-27 05:29:43 -------- d-----r- c:\program files\Skype 2011-07-25 03:48:04 -------- d-----w- C:\ppsvodcache . ==================== Find3M ==================== . 2011-07-07 06:33:36 48 ----a-w- c:\windows\system32\msawt.dll 2011-05-10 15:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-05-10 15:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys . ============= FINISH: 22:50:16.04 ===============

attach.zip

Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7398 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 8/6/2011 10:25:11 PM mbam-log-2011-08-06 (22-25-11).txt Scan type: Quick scan Objects scanned: 216350 Time elapsed: 16 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\baby\AppData\Local\Temp\12A7.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\baby\AppData\Local\Temp\3D7.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.7600.16385 Run by baby at 22:47:15 on 2011-08-06 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1197 [GMT -7:00] . AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k apphost C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Windows\System32\msdtc.exe c:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe C:\Program Files\OpenVPNTech\bin\instant-xmlserv.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k iissvcs C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/home?AF=18826 uInternet Settings,ProxyOverride = 127.0.0.1;*.local uURLSearchHooks: H - No File BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - &Yahoo! Toolbar Helper BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers\YontooIEClient.dll uRun: [AdobeBridge] uRun: [Google Update] "c:\users\baby\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 Trusted Zone: pps.tv Trusted Zone: ppstream.com Trusted Zone: webscache.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.254 199.185.220.254 TCP: Interfaces\{644D5FD7-620D-4BC4-8B44-B42A7DC43ADE} : DhcpNameServer = 192.168.1.254 199.185.220.254 TCP: Interfaces\{644D5FD7-620D-4BC4-8B44-B42A7DC43ADE}\2456C6B696E6F5E4B2F5632353337303 : DhcpNameServer = 192.168.2.1 192.168.2.1 TCP: Interfaces\{644D5FD7-620D-4BC4-8B44-B42A7DC43ADE}\24F6F6B6D41627B6F575962756C6563737 : DhcpNameServer = 192.168.2.1 10.1.10.1 TCP: Interfaces\{644D5FD7-620D-4BC4-8B44-B42A7DC43ADE}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1 64.59.144.92 64.59.144.93 64.59.150.135 TCP: Interfaces\{644D5FD7-620D-4BC4-8B44-B42A7DC43ADE}\84F6573756F4666416964786 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{644D5FD7-620D-4BC4-8B44-B42A7DC43ADE}\B41647869656D286F6573756 : DhcpNameServer = 64.59.144.92 64.59.144.93 64.59.150.135 TCP: Interfaces\{B5FCDE45-2DAA-446F-B51D-A84E2C3B244A} : DhcpNameServer = 68.87.69.150 68.87.85.102 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Hosts: 62.212.84.38 tracker.empornium.us Hosts: 62.212.84.38 download.empornium.us Hosts: 62.212.84.235 www.empornium.usforums.empornium.usempornium.us . ================= FIREFOX =================== . FF - ProfilePath - c:\users\baby\appdata\roaming\mozilla\firefox\profiles\ok4we97h.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18826 FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home?AF=18826 FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - component: c:\users\baby\appdata\roaming\mozilla\firefox\profiles\ok4we97h.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll FF - component: c:\users\baby\appdata\roaming\mozilla\firefox\profiles\ok4we97h.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - component: c:\users\baby\appdata\roaming\mozilla\firefox\profiles\ok4we97h.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll FF - plugin: c:\users\baby\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} . ============= SERVICES / DRIVERS =============== . R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-8-6 136360] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-8-6 269480] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-8-6 66616] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-6 366640] R2 OpenVPNTechOVPN_Instantiator;OpenVPNTech Instantiator Service AS;c:\program files\openvpntech\bin\instant-xmlserv.exe [2009-12-3 1012386] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-6 22712] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-8-28 3664384] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-11-4 27632] R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2009-11-19 25984] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SQLAgent$DEV2008;SQL Server Agent (DEV2008);c:\dev2008\mssql10.dev2008\mssql\binn\SQLAGENT.EXE [2009-3-30 366936] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-5-2 14216] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-5-2 8456] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-11-4 13224] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-6 41272] S3 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2009-5-27 202584] S3 MSSQL$DEV2005;SQL Server (DEV2005);c:\dev2008\mssql.1\mssql\binn\sqlservr.exe -sdev2005 --> c:\dev2008\mssql.1\mssql\binn\sqlservr.exe -sDEV2005 [?] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\PFC027.SYS [2006-12-5 507136] S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-10-23 38976] S3 ReportServer$SSRS2005;SQL Server Reporting Services (SSRS2005);c:\dev2005\mssql.8\reporting services\reportserver\bin\ReportingServicesService.exe [2009-5-27 13672] S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2007-12-26 288768] S3 SYBBCK_BABYPC_BS;Sybase BCKServer _ BABYPC_BS;c:\sybase\ase-15_0\bin\bcksrvr.exe -sbabypc_bs -r --> c:\sybase\ase-15_0\bin\bcksrvr.exe -SBABYPC_BS -R [?] S3 SYBBCK_SYBASE_BS;Sybase BCKServer _ SYBASE_BS;c:\sybase\ase-15_0\bin\bcksrvr.exe -ssybase_bs -r --> c:\sybase\ase-15_0\bin\bcksrvr.exe -SSYBASE_BS -R [?] S3 SYBMON_BABYPC_MS;Sybase MONServer _ BABYPC_MS;c:\sybase\ase-15_0\bin\monsrvr.exe -mbabypc_ms -c --> c:\sybase\ase-15_0\bin\monsrvr.exe -MBABYPC_MS -C [?] S3 SYBMON_SYBASE_MS;Sybase MONServer _ SYBASE_MS;c:\sybase\ase-15_0\bin\monsrvr.exe -msybase_ms -c --> c:\sybase\ase-15_0\bin\monsrvr.exe -MSYBASE_MS -C [?] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-24 1343400] S4 KMService;KMService;c:\windows\system32\srvany.exe [2010-5-28 8192] S4 LogWatch;Event Log Watch;c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [2008-5-20 75016] S4 msftesql$DEV2005;SQL Server FullText Search (DEV2005);c:\dev2008\mssql.1\mssql\binn\msftesql.exe -s:mssql.1 -f:dev2005 --> c:\dev2008\mssql.1\mssql\binn\msftesql.exe -s:MSSQL.1 -f:DEV2005 [?] S4 MSOLAP$DEV2008;SQL Server Analysis Services (DEV2008);c:\dev2008\msas10.dev2008\olap\bin\msmdsrv.exe [2009-3-30 21953896] S4 MSSQL$DEV2008;SQL Server (DEV2008);c:\dev2008\mssql10.dev2008\mssql\binn\sqlservr.exe [2009-3-30 43010392] S4 MSSQLFDLauncher$DEV2008;SQL Full-text Filter Daemon Launcher (DEV2008);c:\dev2008\mssql10.dev2008\mssql\binn\fdlauncher.exe [2008-7-10 31256] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2007-2-22 2808664] S4 ReportServer$DEV2008;SQL Server Reporting Services (DEV2008);c:\dev2008\msrs10.dev2008\reporting services\reportserver\bin\ReportingServicesService.exe [2009-3-30 1113448] S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336] S4 SQLAgent$DEV2005;SQL Server Agent (DEV2005);c:\dev2008\mssql.1\mssql\binn\sqlagent90.exe -i dev2005 --> c:\dev2008\mssql.1\mssql\binn\SQLAGENT90.EXE -i DEV2005 [?] . =============== Created Last 30 ================ . 2011-08-07 05:35:10 -------- d-----w- c:\users\baby\appdata\roaming\Avira 2011-08-07 05:32:26 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-08-07 05:32:24 -------- d-----w- c:\programdata\Avira 2011-08-07 05:32:24 -------- d-----w- c:\program files\Avira 2011-08-07 05:03:46 -------- d-----w- c:\users\baby\appdata\roaming\Malwarebytes 2011-08-07 05:02:46 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-07 05:02:45 -------- d-----w- c:\programdata\Malwarebytes 2011-08-07 05:02:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-07 05:02:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-05 05:34:51 388096 ----a-r- c:\users\baby\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-07-27 05:29:43 -------- d-----r- c:\program files\Skype 2011-07-25 03:48:04 -------- d-----w- C:\ppsvodcache . ==================== Find3M ==================== . 2011-07-07 06:33:36 48 ----a-w- c:\windows\system32\msawt.dll 2011-05-10 15:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-05-10 15:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys . ============= FINISH: 22:50:16.04 ===============

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:35:46 PM, on 8/4/2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=18826 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) O1 - Hosts: 62.212.84.38 tracker.empornium.us O1 - Hosts: 62.212.84.38 download.empornium.us O1 - Hosts: 62.212.84.235 www.empornium.usforums.empornium.usempornium.us O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll (file missing) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O15 - Trusted Zone: http://*.pps.tv O15 - Trusted Zone: http://*.ppstream.com O15 - Trusted Zone: http://*.webscache.com O15 - ESC Trusted Zone: http://*.pps.tv O15 - ESC Trusted Zone: http://*.ppstream.com O15 - ESC Trusted Zone: http://*.webscache.com O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = local O17 - HKLM\Software\..\Telephony: DomainName = local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = local O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: OpenVPNTech Instantiator Service AS (OpenVPNTechOVPN_Instantiator) - Unknown owner - C:\Program Files\OpenVPNTech\bin\instant-xmlserv.exe O23 - Service: Sybase BCKServer _ BABYPC_BS (SYBBCK_BABYPC_BS) - Unknown owner - C:\sybase\ASE-15_0\bin\bcksrvr.exe (file missing) O23 - Service: Sybase BCKServer _ SYBASE_BS (SYBBCK_SYBASE_BS) - Unknown owner - C:\sybase\ASE-15_0\bin\bcksrvr.exe (file missing) O23 - Service: Sybase MONServer _ BABYPC_MS (SYBMON_BABYPC_MS) - Unknown owner - C:\sybase\ASE-15_0\bin\monsrvr.exe (file missing) O23 - Service: Sybase MONServer _ SYBASE_MS (SYBMON_SYBASE_MS) - Unknown owner - C:\sybase\ASE-15_0\bin\monsrvr.exe (file missing) -- End of file - 4488 bytes hijackthis.log

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:35:46 PM, on 8/4/2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\baby\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=18826 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) O1 - Hosts: 62.212.84.38 tracker.empornium.us O1 - Hosts: 62.212.84.38 download.empornium.us O1 - Hosts: 62.212.84.235 www.empornium.usforums.empornium.usempornium.us O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll (file missing) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O15 - Trusted Zone: http://*.pps.tv O15 - Trusted Zone: http://*.ppstream.com O15 - Trusted Zone: http://*.webscache.com O15 - ESC Trusted Zone: http://*.pps.tv O15 - ESC Trusted Zone: http://*.ppstream.com O15 - ESC Trusted Zone: http://*.webscache.com O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = local O17 - HKLM\Software\..\Telephony: DomainName = local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = local O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: OpenVPNTech Instantiator Service AS (OpenVPNTechOVPN_Instantiator) - Unknown owner - C:\Program Files\OpenVPNTech\bin\instant-xmlserv.exe O23 - Service: Sybase BCKServer _ BABYPC_BS (SYBBCK_BABYPC_BS) - Unknown owner - C:\sybase\ASE-15_0\bin\bcksrvr.exe (file missing) O23 - Service: Sybase BCKServer _ SYBASE_BS (SYBBCK_SYBASE_BS) - Unknown owner - C:\sybase\ASE-15_0\bin\bcksrvr.exe (file missing) O23 - Service: Sybase MONServer _ BABYPC_MS (SYBMON_BABYPC_MS) - Unknown owner - C:\sybase\ASE-15_0\bin\monsrvr.exe (file missing) O23 - Service: Sybase MONServer _ SYBASE_MS (SYBMON_SYBASE_MS) - Unknown owner - C:\sybase\ASE-15_0\bin\monsrvr.exe (file missing) -- End of file - 4488 bytes