Click.livesearch -redirect infection- -undetectable- -removed twice- -keeps returning-

[seisler20148]

• I have removed this infection twice I think with combofix, but I must be wrong because it keeps reappearing.
  

• It does nothing to my desktop, and Spybot notifies me each time I start the computer up that it's trying to delete my CMD, taskMGR, drivers, and a few other components. I simply click deny and remember that decision.
  

• It is a redirect infection. I have conquered it and been without redirection for the rest of the day, but every time I restart the computer it seems to reinfect my machine.
  

• I have scanned multiple times with TDSSkiller, Malewarebytes, and Rougekiller, as well as Combofix only to come up empty handed.
  

• There is some pretty important data (pictures etc..) and I don't want to factory reset or have the computer enter a state of nonoperational meltdown during my attempted fixings so I am asking for help.
  

---------------------------------------------------------------Here is my Hijackthis log and hope someone will be available on the forums to assist me. Thank you.---------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:14:06 AM, on 1/12/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Users\computer\AppData\Local\Akamai\netsession_win.exe

C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\computer\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\computer\AppData\Local\Akamai\netsession_win.exe"

O4 - HKCU\..\Run: [ADA2A0E7261CB6A8553FA5425D18AE06C32E1021._service_run] "C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - (no file)

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10201 bytes</local>

I will be back around 11 to continue this forum* Thank you for the help and patience.

[Maniac]

Hello seisler20148! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  

Please do not run ComboFix without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please follow the instructions here and post the log files in your next reply:

http://forums.malwarebytes.org/index.php?showtopic=9573

[seisler20148]

Thank you.

-------------------------------DDS Log-------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2

Run by computer at 13:30:05 on 2013-01-12

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1388 [GMT -5:00]

.

AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Users\computer\AppData\Local\Akamai\netsession_win.exe

C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\computer\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\taskeng.exe

C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uProxyOverride = 127.0.0.1:9421;*.local;<local>

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [Akamai NetSession Interface] "C:\Users\computer\AppData\Local\Akamai\netsession_win.exe"

uRun: [ADA2A0E7261CB6A8553FA5425D18AE06C32E1021._service_run] "C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{3A0237BB-C646-40F1-BE80-BF7770A283DE} : DHCPNameServer = 75.75.75.75 75.75.76.76

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\computer\AppData\Roaming\Mozilla\Firefox\Profiles\fy6h84lk.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=937811&fr=spigot-yhp-ff

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF - ExtSQL: !HIDDEN! 2011-07-05 11:57; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-12-18 279616]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-14 203264]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-18 366640]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-12-14 635416]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-2-10 104960]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2011-2-10 19968]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-11-27 25912]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-14 346144]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-12-14 38456]

S2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2011-2-4 921952]

S2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2011-2-4 308136]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-8-21 115272]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-23 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-5 1255736]

.

=============== Created Last 30 ================

.

2013-01-12 18:23:33 -------- d-sh--w- C:\$RECYCLE.BIN

2013-01-12 13:04:13 388096 ----a-r- C:\Users\computer\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-01-12 13:04:12 -------- d-----w- C:\Program Files (x86)\Trend Micro

2013-01-10 16:10:38 98816 ----a-w- C:\Windows\sed.exe

2013-01-10 16:10:38 256000 ----a-w- C:\Windows\PEV.exe

2013-01-10 16:10:38 208896 ----a-w- C:\Windows\MBR.exe

2013-01-10 15:51:42 -------- d-----w- C:\TDSSKiller_Quarantine

2013-01-09 18:40:35 118784 --sha-r- C:\Windows\SysWow64\atimpc32C.dll

2013-01-09 09:54:10 750592 ----a-w- C:\Windows\System32\win32spl.dll

2013-01-09 09:54:10 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-01-09 09:46:32 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{66D6AC6E-2CF1-46DF-ACF2-0E112748ADC2}\mpengine.dll

2012-12-31 18:24:37 -------- d-----w- C:\ProgramData\Arcade Lab

2012-12-31 18:24:34 -------- d-----w- C:\Users\computer\AppData\Roaming\Zylom

2012-12-31 18:24:18 -------- d-----w- C:\Users\computer\AppData\Local\Zylom Games

2012-12-27 17:43:48 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-12-27 17:43:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-27 17:43:18 -------- d-----w- C:\Program Files\iTunes

2012-12-27 17:43:18 -------- d-----w- C:\Program Files\iPod

2012-12-27 17:43:18 -------- d-----w- C:\Program Files (x86)\iTunes

2012-12-21 09:00:36 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-21 09:00:36 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-21 09:00:36 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-21 09:00:35 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-18 17:51:46 959976 ----a-w- C:\Windows\System32\deployJava1.dll

2012-12-18 17:51:46 1081320 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-12-18 17:51:26 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2012-12-18 16:58:48 -------- d-----w- C:\Users\computer\AppData\Roaming\Hoyle FaceCreator

2012-12-18 16:58:36 -------- d-----w- C:\Users\computer\AppData\Roaming\Hoyle

2012-12-18 16:58:11 3786760 ----a-w- C:\Windows\SysWow64\D3DX9_37.dll

.

==================== Find3M ====================

.

2013-01-11 23:16:49 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-11 23:16:49 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe

2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll

2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll

2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll

2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

.

============= FINISH: 13:31:21.42 ===============

---------------------------------Attach log----------------------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 2/4/2011 4:29:29 AM

System Uptime: 1/12/2013 1:22:49 PM (0 hours ago)

.

Motherboard: FOXCONN | | 2AB7

Processor: AMD Athlon II X2 250 Processor | CPU 1 | 3000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 584 GiB total, 481.433 GiB free.

D: is FIXED (NTFS) - 12 GiB total, 1.443 GiB free.

E: is CDROM ()

G: is Removable

H: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP363: 1/10/2013 11:10:41 AM - ComboFix created restore point

RP364: 1/11/2013 11:47:28 AM - Restore Operation

RP365: 1/12/2013 8:03:15 AM - Installed HiJackThis

.

==== Installed Programs ======================

.

64 Bit HP CIO Components Installer

7-Zip 9.20

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Community Help

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe Media Player

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Reader X (10.1.4)

Adobe Setup

Adobe Shockwave Player 11.6

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

AIO_Scan

Akamai NetSession Interface

Akamai NetSession Interface Service

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft Magic-i Visual Effects 2

ArcSoft WebCam Companion 3

ATI Catalyst Install Manager

Axife Mouse Recorder DEMO 5.01

BitTorrent

Bonjour

BufferChm

CamStudio OSS Desktop Recorder

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Copy

DAEMON Tools Lite

Defraggler (remove only)

Destinations

DeviceDiscovery

DJ_AIO_ProductContext

DJ_AIO_Software

DJ_AIO_Software_min

F4100

F4100_Help

Facebook Video Calling 1.2.0.287

GEAR driver installer for AMD64 and Intel EM64T

Google Chrome

Google Earth

Google Update Helper

GPBaseService2

HiJackThis

HP Customer Experience Enhancements

HP Customer Participation Program 13.0

HP Deskjet 1050 J410 series Basic Device Software

HP Deskjet 1050 J410 series Help

HP Deskjet 1050 J410 series Product Improvement Study

HP Deskjet All-In-One Driver Software 13.0 Rel. 1

HP Imaging Device Functions 13.0

HP MediaSmart SmartMenu

HP MediaSmart/TouchSmart Netflix

HP Odometer

HP Photosmart Essential 3.5

HP Product Detection

HP Setup

HP Smart Web Printing 4.51

HP Solution Center 13.0

HP Support Information

HP Update

HP Vision Hardware Diagnostics

HP Webcam User's Guide

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

iTunes

Java 7 Update 10 (64-bit)

Java 7 Update 7

Java Auto Updater

Java 6 Update 24

Java 6 Update 31

Junk Mail filter update

KODAK Share Button App

Lernout & Hauspie TruVoice American English TTS Engine

LibUSB-Win32-0.1.10.1

Malwarebytes' Anti-Malware version 1.51.1.1800

MarketResearch

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft PowerPoint Viewer

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

MixMeister BPM Analyzer 1.0

MixMeister Studio Demo 7.4.4

Mozilla Firefox 7.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML4 Parser

NVIDIA PhysX

PDF Complete Special Edition

PDF Settings

PeerBlock 1.1 (r518)

PlayReady PC Runtime amd64

PressReader

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Recovery Manager

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Skype Toolbars

Skype™ 6.0

SmartSound Common Data

SmartSound Premiere Elements 10 x64 Plugin

SmartWebPrinting

SolutionCenter

Speakonia

Spybot - Search & Destroy

Status

swMSM

System Requirements Lab CYRI

Toolbox

TrayApp

TypingMaster Pro

UnloadSupport

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VLC media player 1.0.1

WebReg

Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Player Firefox Plugin

Windows Mobile Device Updater Component

Windows Movie Maker 2.6

WinRAR archiver

WinSCP 4.3.7

YTD Video Downloader 3.9.4

Zune

Zune Language Pack (DEU)

Zune Language Pack (ESP)

Zune Language Pack (FRA)

Zune Language Pack (ITA)

Zune Language Pack (NLD)

Zune Language Pack (PTB)

Zune Language Pack (PTG)

.

==== Event Viewer Messages From Past Week ========

.

1/9/2013 10:25:54 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

1/9/2013 10:25:54 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/9/2013 10:25:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

1/9/2013 10:25:37 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

1/9/2013 10:25:37 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

1/12/2013 11:10:46 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

1/12/2013 11:03:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

1/12/2013 11:02:29 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

1/12/2013 11:02:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

1/12/2013 11:02:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

1/12/2013 11:02:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

1/12/2013 11:02:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

1/12/2013 11:02:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

1/12/2013 11:02:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

1/12/2013 11:02:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/12/2013 11:02:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

1/12/2013 11:02:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl

1/12/2013 11:02:00 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/12/2013 11:02:00 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

1/12/2013 11:02:00 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

1/12/2013 11:02:00 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

1/12/2013 11:02:00 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

1/12/2013 11:02:00 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

1/12/2013 11:02:00 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/12/2013 11:02:00 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/12/2013 11:02:00 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/12/2013 11:02:00 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/12/2013 11:02:00 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

1/12/2013 11:02:00 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

1/12/2013 1:23:15 PM, Error: Service Control Manager [7001] - The AVG E-mail Scanner service depends on the AVG WatchDog service which failed to start because of the following error: The service has returned a service-specific error code.

1/12/2013 1:23:14 PM, Error: Service Control Manager [7024] - The AVG WatchDog service terminated with service-specific error %%-536805315.

1/12/2013 1:23:09 PM, Error: Service Control Manager [7000] - The LibUsb-Win32 - Daemon, Version 0.1.10.1 service failed to start due to the following error: The system cannot find the file specified.

1/12/2013 1:23:00 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

1/11/2013 12:06:51 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

1/11/2013 11:59:07 AM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

1/11/2013 11:59:07 AM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

[Maniac]

Step 1

Please uninstall this application: BitTorrent

Step 2

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 3

Please download Malwarebytes Anti-Rootkit from here.

1. Unzip the contents to a folder in a convenient location.
   
2. Open the folder where the contents were unzipped and run mbar.exe ( right click and select Run as adminsistrator for Vista and Windows 7)
   
3. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
   
4. Click on the Cleanup button to remove any threats and reboot if prompted to do so.
   
5. Wait while the system shuts down and the cleanup process is performed.
   
6. Please post the two logs produced.
   

In your next reply, post the following log files:

• Malwarebytes Anti-Rootkit log
  
• a new fresh DDS log

[seisler20148]

The only Malware it found was REFOG Keylogger within the registry, which I installed and previously uninstalled at least a year ago. that must have remained in there.

--------------------------MBAR LOG------------------------------

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1016

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.992000 GHz

Memory total: 2952040448, free: 1873805312

------------ Kernel report ------------

01/12/2013 18:19:51

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\System32\drivers\SMR311.SYS

\SystemRoot\System32\drivers\FLTMGR.SYS

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\amdsata.sys

\SystemRoot\system32\DRIVERS\storport.sys

\SystemRoot\system32\DRIVERS\amdxata.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\AtiPcie64.sys

\SystemRoot\system32\DRIVERS\dtsoftbus01.sys

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\amdppm.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbfilter.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys

\SystemRoot\system32\drivers\usbaudio.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\usbscan.sys

\SystemRoot\system32\DRIVERS\usbprint.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_amdsata.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\Sftvollh.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\system32\DRIVERS\Sftfslh.sys

\SystemRoot\system32\DRIVERS\Sftplaylh.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\Sftredirlh.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\??\C:\Windows\system32\drivers\mbam.sys

\??\C:\Users\computer\AppData\Local\Temp\pgddrkoc.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8004370060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000079\

Lower Device Object: 0xfffffa80042f5060

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

Initialization returned 0x0

Load Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa800321e060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000050\

Lower Device Object: 0xfffffa8002d46780

Lower Device Driver Name: \Driver\amdsata\

Driver name found: amdsata

Initialization returned 0x0

Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0)

Load Function returned 0x0

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa800321e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800321eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800321e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80031c0b80, DeviceName: Unknown, DriverName: \Driver\amdxata\

DevicePointer: 0xfffffa8002d46780, DeviceName: \Device\00000050\, DriverName: \Driver\amdsata\

------------ End ----------

Upper DeviceData: 0xfffff8a00bced6c0, 0xfffffa800321e060, 0xfffffa8005c5d590

Lower DeviceData: 0xfffff8a0055edbc0, 0xfffffa8002d46780, 0xfffffa8005c52090

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 1BF4EFF6

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 206911 Numsec = 1224755137

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 1224962048 Numsec = 25298944

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xfffffa8004370060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004373b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8004370060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800436c840, DeviceName: Unknown, DriverName: \Driver\usbfilter\

DevicePointer: 0xfffffa80042f5060, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\

------------ End ----------

Done!

Performing system, memory and registry scan...

Infected: HKLM\SOFTWARE\Refog Software --> [Refog.Keylogger]

Done!

Scan finished

Creating System Restore point...

-----------------------New DDS Log-------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2

Run by computer at 18:34:43 on 2013-01-12

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1456 [GMT -5:00]

.

AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Users\computer\AppData\Local\Akamai\netsession_win.exe

C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\computer\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uProxyOverride = 127.0.0.1:9421;*.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [Akamai NetSession Interface] "C:\Users\computer\AppData\Local\Akamai\netsession_win.exe"

uRun: [ADA2A0E7261CB6A8553FA5425D18AE06C32E1021._service_run] "C:\Users\computer\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRunOnce: [Z1] cmd /c "C:\Users\computer\Desktop\mbar\mbar.exe" /cleanup /s

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{3A0237BB-C646-40F1-BE80-BF7770A283DE} : DHCPNameServer = 75.75.75.75 75.75.76.76

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\computer\AppData\Roaming\Mozilla\Firefox\Profiles\fy6h84lk.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=937811&fr=spigot-yhp-ff

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF - ExtSQL: !HIDDEN! 2011-07-05 11:57; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

============= SERVICES / DRIVERS ===============

.

R0 SMR311;Symantec SMR Utility Service 3.1.1;C:\Windows\System32\drivers\SMR311.SYS [2013-1-12 95392]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-12-18 279616]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-14 203264]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-18 366640]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-12-14 635416]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-2-10 104960]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2011-2-10 19968]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-11-27 25912]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-14 346144]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-12-14 38456]

S2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2011-2-4 921952]

S2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2011-2-4 308136]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-8-21 115272]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-23 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-5 1255736]

.

=============== Created Last 30 ================

.

2013-01-12 22:57:16 95392 ----a-w- C:\Windows\System32\drivers\SMR311.SYS

2013-01-12 22:57:11 -------- d-----w- C:\Users\computer\AppData\Local\NPE

2013-01-12 18:23:33 -------- d-sh--w- C:\$RECYCLE.BIN

2013-01-12 13:04:13 388096 ----a-r- C:\Users\computer\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-01-12 13:04:12 -------- d-----w- C:\Program Files (x86)\Trend Micro

2013-01-10 16:10:38 98816 ----a-w- C:\Windows\sed.exe

2013-01-10 16:10:38 256000 ----a-w- C:\Windows\PEV.exe

2013-01-10 16:10:38 208896 ----a-w- C:\Windows\MBR.exe

2013-01-10 15:51:42 -------- d-----w- C:\TDSSKiller_Quarantine

2013-01-09 18:40:35 118784 --sha-r- C:\Windows\SysWow64\atimpc32C.dll

2013-01-09 09:54:10 750592 ----a-w- C:\Windows\System32\win32spl.dll

2013-01-09 09:54:10 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-01-09 09:46:32 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{66D6AC6E-2CF1-46DF-ACF2-0E112748ADC2}\mpengine.dll

2012-12-31 18:24:37 -------- d-----w- C:\ProgramData\Arcade Lab

2012-12-31 18:24:34 -------- d-----w- C:\Users\computer\AppData\Roaming\Zylom

2012-12-31 18:24:18 -------- d-----w- C:\Users\computer\AppData\Local\Zylom Games

2012-12-27 17:43:48 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-12-27 17:43:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-27 17:43:18 -------- d-----w- C:\Program Files\iTunes

2012-12-27 17:43:18 -------- d-----w- C:\Program Files\iPod

2012-12-27 17:43:18 -------- d-----w- C:\Program Files (x86)\iTunes

2012-12-21 09:00:36 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-21 09:00:36 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-21 09:00:36 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-21 09:00:35 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-18 17:51:46 959976 ----a-w- C:\Windows\System32\deployJava1.dll

2012-12-18 17:51:46 1081320 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-12-18 17:51:26 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2012-12-18 16:58:48 -------- d-----w- C:\Users\computer\AppData\Roaming\Hoyle FaceCreator

2012-12-18 16:58:36 -------- d-----w- C:\Users\computer\AppData\Roaming\Hoyle

2012-12-18 16:58:11 3786760 ----a-w- C:\Windows\SysWow64\D3DX9_37.dll

.

==================== Find3M ====================

.

2013-01-11 23:16:49 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-11 23:16:49 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe

2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll

2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll

2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll

2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

.

============= FINISH: 18:35:26.91 ===============

[Maniac]

One log file from Malwarebytes Anti-Rootkit is missing.

[seisler20148]

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1016

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.992000 GHz

Memory total: 2952040448, free: 1873805312

------------ Kernel report ------------

01/12/2013 18:19:51

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\System32\drivers\SMR311.SYS

\SystemRoot\System32\drivers\FLTMGR.SYS

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\amdsata.sys

\SystemRoot\system32\DRIVERS\storport.sys

\SystemRoot\system32\DRIVERS\amdxata.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\AtiPcie64.sys

\SystemRoot\system32\DRIVERS\dtsoftbus01.sys

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\amdppm.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbfilter.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys

\SystemRoot\system32\drivers\usbaudio.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\usbscan.sys

\SystemRoot\system32\DRIVERS\usbprint.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_amdsata.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\Sftvollh.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\system32\DRIVERS\Sftfslh.sys

\SystemRoot\system32\DRIVERS\Sftplaylh.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\Sftredirlh.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\??\C:\Windows\system32\drivers\mbam.sys

\??\C:\Users\computer\AppData\Local\Temp\pgddrkoc.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8004370060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000079\

Lower Device Object: 0xfffffa80042f5060

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

Initialization returned 0x0

Load Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa800321e060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000050\

Lower Device Object: 0xfffffa8002d46780

Lower Device Driver Name: \Driver\amdsata\

Driver name found: amdsata

Initialization returned 0x0

Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0)

Load Function returned 0x0

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa800321e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800321eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800321e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80031c0b80, DeviceName: Unknown, DriverName: \Driver\amdxata\

DevicePointer: 0xfffffa8002d46780, DeviceName: \Device\00000050\, DriverName: \Driver\amdsata\

------------ End ----------

Upper DeviceData: 0xfffff8a00bced6c0, 0xfffffa800321e060, 0xfffffa8005c5d590

Lower DeviceData: 0xfffff8a0055edbc0, 0xfffffa8002d46780, 0xfffffa8005c52090

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 1BF4EFF6

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 206911 Numsec = 1224755137

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 1224962048 Numsec = 25298944

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xfffffa8004370060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004373b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8004370060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800436c840, DeviceName: Unknown, DriverName: \Driver\usbfilter\

DevicePointer: 0xfffffa80042f5060, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\

------------ End ----------

Done!

Performing system, memory and registry scan...

Infected: HKLM\SOFTWARE\Refog Software --> [Refog.Keylogger]

Done!

Scan finished

Creating System Restore point...

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1016

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_31

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.992000 GHz

Memory total: 2952040448, free: 1751617536

------------ Kernel report ------------

01/13/2013 07:48:50

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\amdsata.sys

\SystemRoot\system32\DRIVERS\storport.sys

\SystemRoot\system32\DRIVERS\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\AtiPcie64.sys

\SystemRoot\system32\DRIVERS\dtsoftbus01.sys

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\amdppm.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbfilter.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\usbscan.sys

\SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys

\SystemRoot\system32\DRIVERS\usbprint.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_amdsata.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\Sftvollh.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\system32\DRIVERS\Sftfslh.sys

\SystemRoot\system32\DRIVERS\Sftplaylh.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\Sftredirlh.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\??\C:\Windows\system32\drivers\mbam.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa80037de790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000070\

Lower Device Object: 0xfffffa800428fb60

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

Initialization returned 0x0

Load Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80031dc700

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000004e\

Lower Device Object: 0xfffffa8002d04580

Lower Device Driver Name: \Driver\amdsata\

Driver name found: amdsata

Initialization returned 0x0

Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0)

Load Function returned 0x0

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80031dc700, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80031dc150, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80031dc700, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800317eaf0, DeviceName: Unknown, DriverName: \Driver\amdxata\

DevicePointer: 0xfffffa8002d04580, DeviceName: \Device\0000004e\, DriverName: \Driver\amdsata\

------------ End ----------

Upper DeviceData: 0xfffff8a0116c5840, 0xfffffa80031dc700, 0xfffffa80050fa090

Lower DeviceData: 0xfffff8a01061a070, 0xfffffa8002d04580, 0xfffffa80051664b0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 1BF4EFF6

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 206911 Numsec = 1224755137

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 1224962048 Numsec = 25298944

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1250243728-1250263728)...

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xfffffa80037de790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800427e740, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80037de790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800427ebf0, DeviceName: Unknown, DriverName: \Driver\usbfilter\

DevicePointer: 0xfffffa800428fb60, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\

------------ End ----------

Done!

Performing system, memory and registry scan...

Infected: HKLM\SOFTWARE\Refog Software --> [Refog.Keylogger]

Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit --> [Refog.Keylogger]

Done!

Scan finished

Scheduling clean up...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Removal successful. No system shutdown is required.

=======================================

[seisler20148]

• I think this to. The first was system log, and this log is titled with the date of the scan on it.
  

Malwarebytes Anti-Rootkit BETA 1.01.0.1016

v2013.01.09.01

Windows 7 Service Pack 1 x64 NTFS

9.0.8112.16421

computer :: COMPUTER-HP

1/13/2013 7:58:24 AM

mbar-log-2013-01-13 (07-58-24).txt

31007

8 , 40

0

0

1

HKLM\SOFTWARE\Refog Software (Refog.Keylogger) ->

0

1

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit (Refog.Keylogger) -> (c:\windows\system32\userinit.exe,C:\Windows\SysWOW64\MPK\mpk.exe) (Userinit.exe) ->

0

0

[Maniac]

This log file is not orderly, it seems somewhat displaced. Could you please post it on the right way or attach it for sure?

[seisler20148]

How do I do that? I see no attachment options.

[Maniac]

Click on More Reply Options.

[seisler20148]

Here are the two logs that I discovered after the scan. No DDS log though as you didn't require a new one.

mbar-log-2013-01-13 (07-58-24).txt

system-log.txt

[Maniac]

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[seisler20148]

ComboFix 13-01-13.01 - computer 01/13/2013 14:56:39.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1931 [GMT -5:00]

Running from: c:\users\computer\Downloads\ComboFix.exe

AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Public\AlexaNSISPlugin.4216.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-12-13 to 2013-01-13 )))))))))))))))))))))))))))))))

.

.

2013-01-13 20:01 . 2013-01-13 20:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-10 15:51 . 2013-01-10 15:51 -------- d-----w- C:\TDSSKiller_Quarantine

2013-01-09 18:40 . 2013-01-09 18:40 118784 --sha-r- c:\windows\SysWow64\atimpc32C.dll

2013-01-09 09:54 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll

2013-01-09 09:54 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-01-09 09:46 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66D6AC6E-2CF1-46DF-ACF2-0E112748ADC2}\mpengine.dll

2012-12-31 18:24 . 2012-12-31 18:24 -------- d-----w- c:\programdata\Arcade Lab

2012-12-31 18:24 . 2012-12-31 18:24 -------- d-----w- c:\users\computer\AppData\Roaming\Zylom

2012-12-31 18:24 . 2012-12-31 18:26 -------- d-----w- c:\users\computer\AppData\Local\Zylom Games

2012-12-27 17:43 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-12-27 17:43 . 2012-12-27 17:43 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-27 17:43 . 2012-12-27 17:43 -------- d-----w- c:\program files\iTunes

2012-12-27 17:43 . 2012-12-27 17:43 -------- d-----w- c:\program files (x86)\iTunes

2012-12-27 17:43 . 2012-12-27 17:43 -------- d-----w- c:\program files\iPod

2012-12-21 09:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 09:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 09:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-21 09:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-18 17:51 . 2012-12-18 17:50 959976 ----a-w- c:\windows\system32\deployJava1.dll

2012-12-18 17:51 . 2012-12-18 17:50 308200 ----a-w- c:\windows\system32\javaws.exe

2012-12-18 17:51 . 2012-12-18 17:50 1081320 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-12-18 17:51 . 2012-12-18 17:50 188392 ----a-w- c:\windows\system32\javaw.exe

2012-12-18 17:51 . 2012-12-18 17:50 188392 ----a-w- c:\windows\system32\java.exe

2012-12-18 17:51 . 2012-12-18 17:50 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2012-12-18 17:50 . 2012-12-18 17:50 -------- d-----w- c:\program files\Java

2012-12-18 16:58 . 2012-12-18 17:03 -------- d-----w- c:\users\computer\AppData\Roaming\Hoyle FaceCreator

2012-12-18 16:58 . 2012-12-18 17:24 -------- d-----w- c:\users\computer\AppData\Roaming\Hoyle

2012-12-18 16:58 . 2008-03-05 21:56 3786760 ----a-w- c:\windows\SysWow64\D3DX9_37.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-09 20:17 . 2012-10-07 19:22 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-01-09 20:17 . 2011-06-29 16:51 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-09 10:05 . 2011-02-20 03:04 67599240 ----a-w- c:\windows\system32\MRT.exe

2012-11-30 04:45 . 2013-01-09 09:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-11-14 07:06 . 2012-12-13 09:00 17811968 ----a-w- c:\windows\system32\mshtml.dll

2012-11-14 06:32 . 2012-12-13 09:00 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-11-14 06:11 . 2012-12-13 09:00 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-11-14 06:04 . 2012-12-13 09:00 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-11-14 06:04 . 2012-12-13 09:00 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-11-14 06:02 . 2012-12-13 09:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-14 06:02 . 2012-12-13 09:00 237056 ----a-w- c:\windows\system32\url.dll

2012-11-14 05:59 . 2012-12-13 09:00 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-11-14 05:58 . 2012-12-13 09:00 816640 ----a-w- c:\windows\system32\jscript.dll

2012-11-14 05:57 . 2012-12-13 09:00 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-11-14 05:57 . 2012-12-13 09:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-11-14 05:55 . 2012-12-13 09:00 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-11-14 05:55 . 2012-12-13 09:00 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-11-14 05:53 . 2012-12-13 09:00 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-11-14 05:52 . 2012-12-13 09:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-11-14 05:46 . 2012-12-13 09:00 248320 ----a-w- c:\windows\system32\ieui.dll

2012-11-14 02:09 . 2012-12-13 09:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-11-14 01:58 . 2012-12-13 09:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-11-14 01:57 . 2012-12-13 09:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-11-14 01:49 . 2012-12-13 09:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-11-14 01:48 . 2012-12-13 09:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-11-14 01:44 . 2012-12-13 09:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-11-09 05:45 . 2012-12-12 12:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-11-09 04:42 . 2012-12-12 12:45 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-11-02 05:59 . 2012-12-12 12:45 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-11-02 05:11 . 2012-12-12 12:45 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

2012-10-16 08:38 . 2012-11-28 12:36 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 12:36 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 12:36 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\computer\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]

"ADA2A0E7261CB6A8553FA5425D18AE06C32E1021._service_run"="c:\users\computer\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-12-05 1242728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

R2 avg9emc;AVG E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe [2011-02-04 921952]

R2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2011-02-04 308136]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 dump_wmimmc;dump_wmimmc;c:\aeriagames\WolfTeam\GameGuard\dump_wmimmc.sys [x]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-10 115272]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-04 1255736]

R3 X6va003;X6va003;c:\users\computer\AppData\Local\Temp\003BB84.tmp [x]

R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-18 279616]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 25912]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 20:17]

.

2013-01-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1140067203-3630092783-3749488201-1000Core.job

- c:\users\computer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 20:47]

.

2013-01-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1140067203-3630092783-3749488201-1000UA.job

- c:\users\computer\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 20:47]

.

2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-30 20:39]

.

2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-30 20:39]

.

2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1140067203-3630092783-3749488201-1000Core.job

- c:\users\computer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-04 09:38]

.

2013-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1140067203-3630092783-3749488201-1000UA.job

- c:\users\computer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-04 09:38]

.

2013-01-10 c:\windows\Tasks\HPCeeScheduleForcomputer.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]

.

2013-01-13 c:\windows\Tasks\vymosa.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

.

--------- X64 Entries -----------

.

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\users\computer\AppData\Roaming\Mozilla\Firefox\Profiles\fy6h84lk.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=937811&fr=spigot-yhp-ff

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF - ExtSQL: !HIDDEN! 2011-07-05 11:57; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9} - c:\programdata\{13A9B825-42CB-4973-913D-2194B5A4CF94}\Massive Setup PC.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]

"ImagePath"="\??\c:\users\computer\AppData\Local\Temp\003BB84.tmp"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-13 15:03:31

ComboFix-quarantined-files.txt 2013-01-13 20:03

ComboFix2.txt 2013-01-12 16:12

ComboFix3.txt 2013-01-11 17:09

ComboFix4.txt 2013-01-10 16:21

.

Pre-Run: 515,689,906,176 bytes free

Post-Run: 515,290,697,728 bytes free

.

- - End Of File - - A94CB41909FB0D6F8AF1C86D82B909A8

[Maniac]

Thanks!

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[seisler20148]

Thank you for staying with me through this. I've never come across such an annoying infection. I am currently running the ESET scanner and will report the log when it's finished running.

[seisler20148]

No threats were detected and no log was created. This is all that is inside log.txt

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

[Maniac]

How are things there now?

[seisler20148]

I have not had any re directions since this afternoon. I'd like to keep this thread open for another day or so though because in the past the infection seemed to be good at returning.

[seisler20148]

Restarted my computer. Did a Google search. Still infected.

[seisler20148]

MY windows security service center can not also be started. Registry updates such as disablecmd , disabletskmanager , no drives , load, run and changes to my homepages popped up on spybot. I had denied the changes though because they did not sound like healthy changes to my registry. And last time I accepted the changes none of my USB ports were working and I had to system restore to a few days earlier.

[Maniac]

Step 1

Please download Rkill to your desktop. There are two main different versions. If one of them won't run then download and try to run the other one. You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

• RKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
  
• iExplore.exe: http://www.bleepingcomputer.com/download/rkill/dl/11/

1. Double-click on the Rkill desktop icon to run the tool.
   
2. If using Vista or Windows 7 right-click on it and choose Run As Administrator.
   
3. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
   
4. If not, delete the file, then download and use the second RKill version. Do not reboot until instructed. If the tool does not run from any of the links provided, please let me know.
   
5. When the scan is done Notepad will open with rKill log. Post it in your next reply.

NOTE: rKill.txt log will also be present on your desktop.

Step 2

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

• Flush DNS
  
• Report IE Proxy Settings
  
• Reset IE Proxy Settings
  
• Report FF Proxy Settings
  
• Reset FF Proxy Settings
  
• List content of Hosts
  
• List IP configuration
  
• List Winsock Entries
  
• List last 10 Event Viewer log
  
• List Installed Programs
  
• List Devices
  
• List Users, Partitions and Memory size.
  
• List Minidump Files
  

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Step 3

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
    
  • Windows Firewall
    
  • System Restore
    
  • Security Center
    
  • Windows Update

  [*]Press "Scan".

  [*]It will create a log (FSS.txt) in the same directory the tool is run.

  [*]Please copy and paste the log to your reply.

In your next reply, post the following log files:

• RKill log
  
• MiniToolBox log
  
• Farbar Service Scanner log

[seisler20148]

-------------------------------Rkill----------------------------------

Rkill 2.4.5 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/13/2013 06:40:58 PM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.

Startup Type set to: Disabled

* Security Center (wscsvc) is not Running.

Startup Type set to: Disabled

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/13/2013 06:41:06 PM

Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)

---------------------------------Minitoolbox---------------------------

MiniToolBox by Farbar Version:10-01-2013

Ran by computer (administrator) on 13-01-2013 at 18:42:44

Running from "C:\Users\computer\Downloads\steps 3"

Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Local Area Connection (Connected)

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

reset

set global

popd

# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : computer-HP

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.vt.comcast.net.

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hsd1.vt.comcast.net.

Description . . . . . . . . . . . : Realtek PCIe FE Family Controller

Physical Address. . . . . . . . . : D4-85-64-17-55-0F

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::504:a156:b13:442a%11(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Sunday, January 13, 2013 5:46:05 PM

Lease Expires . . . . . . . . . . : Monday, January 14, 2013 5:46:05 PM

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DHCPv6 IAID . . . . . . . . . . . : 265586020

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-99-41-AC-D4-85-64-17-55-0F

DNS Servers . . . . . . . . . . . : 75.75.75.75

75.75.76.76

NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.hsd1.vt.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . : hsd1.vt.comcast.net.

Description . . . . . . . . . . . : Microsoft ISATAP Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1067:14ce:3f57:fe9a(Preferred)

Link-local IPv6 Address . . . . . : fe80::1067:14ce:3f57:fe9a%10(Preferred)

Default Gateway . . . . . . . . . : ::

NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft 6to4 Adapter

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Server: cdns01.comcast.net

Address: 75.75.75.75

Name: google.com

Addresses: 2607:f8b0:4006:800::1003

173.194.43.3

173.194.43.4

173.194.43.0

173.194.43.2

173.194.43.14

173.194.43.7

173.194.43.5

173.194.43.9

173.194.43.8

173.194.43.6

173.194.43.1

Pinging google.com [173.194.43.6] with 32 bytes of data:

Reply from 173.194.43.6: bytes=32 time=28ms TTL=55

Reply from 173.194.43.6: bytes=32 time=26ms TTL=55

Ping statistics for 173.194.43.6:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 26ms, Maximum = 28ms, Average = 27ms

Server: cdns01.comcast.net

Address: 75.75.75.75

Name: yahoo.com

Addresses: 72.30.38.140

98.139.183.24

98.138.253.109

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

Reply from 98.138.253.109: bytes=32 time=147ms TTL=51

Reply from 98.138.253.109: bytes=32 time=60ms TTL=51

Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 60ms, Maximum = 147ms, Average = 103ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

11...d4 85 64 17 55 0f ......Realtek PCIe FE Family Controller

1...........................Software Loopback Interface 1

12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

10...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter

13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 20

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

192.168.1.0 255.255.255.0 On-link 192.168.1.101 276

192.168.1.101 255.255.255.255 On-link 192.168.1.101 276

192.168.1.255 255.255.255.255 On-link 192.168.1.101 276

224.0.0.0 240.0.0.0 On-link 127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 192.168.1.101 276

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 192.168.1.101 276

===========================================================================

Persistent Routes:

None

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

10 58 ::/0 On-link

1 306 ::1/128 On-link

10 58 2001::/32 On-link

10 306 2001:0:4137:9e76:1067:14ce:3f57:fe9a/128

On-link

11 276 fe80::/64 On-link

10 306 fe80::/64 On-link

11 276 fe80::504:a156:b13:442a/128

On-link

10 306 fe80::1067:14ce:3f57:fe9a/128

On-link

1 306 ff00::/8 On-link

10 306 ff00::/8 On-link

11 276 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)

Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)

x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:

==================

Error: (01/13/2013 04:33:28 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/13/2013 00:32:17 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (01/12/2013 06:34:29 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/12/2013 11:03:53 AM) (Source: System Restore) (User: )

Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (01/12/2013 11:03:53 AM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode

.

Operation:

Instantiating VSS server

Error: (01/12/2013 11:03:53 AM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.

The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode

]

Operation:

Instantiating VSS server

Error: (01/12/2013 11:02:30 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/12/2013 09:48:35 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (01/11/2013 01:29:08 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.

The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (01/11/2013 00:02:21 PM) (Source: CVHSVC) (User: )

Description: Information only.

(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

System errors:

=============

Error: (01/13/2013 06:06:44 PM) (Source: Disk) (User: )

Description: The driver detected a controller error on \Device\Harddisk1\DR4.

Error: (01/13/2013 05:46:13 PM) (Source: Service Control Manager) (User: )

Description: The AVG WatchDog service terminated with service-specific error %%-536805315.

Error: (01/13/2013 05:46:13 PM) (Source: Service Control Manager) (User: )

Description: The AVG E-mail Scanner service depends on the AVG WatchDog service which failed to start because of the following error:

%%1066

Error: (01/13/2013 05:46:08 PM) (Source: Service Control Manager) (User: )

Description: The LibUsb-Win32 - Daemon, Version 0.1.10.1 service failed to start due to the following error:

%%2

Error: (01/13/2013 05:46:00 PM) (Source: Application Popup) (User: )

Description: \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/13/2013 05:46:00 PM) (Source: Application Popup) (User: )

Description: \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (01/13/2013 05:40:47 PM) (Source: Service Control Manager) (User: )

Description: The AVG E-mail Scanner service depends on the AVG WatchDog service which failed to start because of the following error:

%%1066

Error: (01/13/2013 05:40:45 PM) (Source: Service Control Manager) (User: )

Description: The AVG WatchDog service terminated with service-specific error %%-536805315.

Error: (01/13/2013 05:40:38 PM) (Source: Service Control Manager) (User: )

Description: The LibUsb-Win32 - Daemon, Version 0.1.10.1 service failed to start due to the following error:

%%2

Error: (01/13/2013 05:40:30 PM) (Source: Application Popup) (User: )

Description: \SystemRoot\SysWow64\drivers\libusb0.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Microsoft Office Sessions:

=========================

Error: (01/13/2013 04:33:28 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (01/13/2013 00:32:17 AM) (Source: SideBySide)(User: )

Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (01/12/2013 06:34:29 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\computer\Downloads\esetsmartinstaller_enu.exe

Error: (01/12/2013 11:03:53 AM) (Source: System Restore)(User: )

Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (01/12/2013 11:03:53 AM) (Source: VSS)(User: )

Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode

Operation:

Instantiating VSS server

Error: (01/12/2013 11:03:53 AM) (Source: VSS)(User: )

Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode

Operation:

Instantiating VSS server

Error: (01/12/2013 11:02:30 AM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\computer\Downloads\esetsmartinstaller_enu.exe

Error: (01/12/2013 09:48:35 AM) (Source: SideBySide)(User: )

Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (01/11/2013 01:29:08 PM) (Source: SideBySide)(User: )

Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (01/11/2013 00:02:21 PM) (Source: CVHSVC)(User: )

Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

CodeIntegrity Errors:

===================================

Date: 2013-01-13 15:01:10.939

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-13 15:01:10.798

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-11 12:06:51.786

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-11 12:06:51.647

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-10 11:18:10.095

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-01-10 11:18:09.955

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-12-18 11:54:33.149

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-12-18 11:54:33.102

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-12-18 11:54:33.039

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-12-18 11:54:32.993

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 7.2.8)

7-Zip 9.20

Adobe AIR (Version: 2.6.0.19140)

Adobe Anchor Service CS3 (Version: 1.0)

Adobe Asset Services CS3 (Version: 3)

Adobe Bridge CS3 (Version: 2)

Adobe Bridge Start Meeting (Version: 1.0)

Adobe Camera Raw 4.0 (Version: 4.0)

Adobe CMaps (Version: 1.0)

Adobe Color - Photoshop Specific (Version: 1.0)

Adobe Color Common Settings (Version: 1.0)

Adobe Color EU Extra Settings (Version: 1.0)

Adobe Color JA Extra Settings (Version: 1.0)

Adobe Color NA Recommended Settings (Version: 1.0)

Adobe Community Help (Version: 3.5.23)

Adobe Default Language CS3 (Version: 1.0)

Adobe Device Central CS3 (Version: 1.0)

Adobe ExtendScript Toolkit 2 (Version: 2.0)

Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)

Adobe Flash Player 11 Plugin (Version: 11.5.502.146)

Adobe Fonts All (Version: 1.0)

Adobe Help Viewer CS3 (Version: 1)

Adobe Linguistics CS3 (Version: 3.0.0)

Adobe Media Player (Version: 1.8)

Adobe PDF Library Files (Version: 8.0)

Adobe Photoshop CS3 (Version: 10)

Adobe Photoshop CS3 (Version: 10.0)

Adobe Reader X (10.1.4) (Version: 10.1.4)

Adobe Setup (Version: 1.0)

Adobe Shockwave Player 11.6 (Version: 11.6.3.633)

Adobe Stock Photos CS3 (Version: 1.5)

Adobe Type Support (Version: 1.0)

Adobe Update Manager CS3 (Version: 5.1.0)

Adobe Version Cue CS3 Client (Version: 3)

Adobe WinSoft Linguistics Plugin (Version: 1.0)

Adobe XMP Panels CS3 (Version: 1.0)

AIO_Scan (Version: 130.0.365.000)

Akamai NetSession Interface

Akamai NetSession Interface Service

Apple Application Support (Version: 2.3.2)

Apple Mobile Device Support (Version: 6.0.1.3)

Apple Software Update (Version: 2.1.3.127)

ArcSoft Magic-i Visual Effects 2 (Version: 2.0.11.80)

ArcSoft WebCam Companion 3 (Version: 3.0.8.186)

ATI Catalyst Install Manager (Version: 3.0.774.0)

Axife Mouse Recorder DEMO 5.01

Bonjour (Version: 3.0.0.10)

BufferChm (Version: 130.0.331.000)

CamStudio OSS Desktop Recorder (Version: 2.6 Beta r294)

Catalyst Control Center - Branding (Version: 1.00.0000)

Catalyst Control Center Core Implementation (Version: 2010.0511.2153.37435)

Catalyst Control Center Graphics Full Existing (Version: 2010.0511.2153.37435)

Catalyst Control Center Graphics Full New (Version: 2010.0511.2153.37435)

Catalyst Control Center Graphics Light (Version: 2010.0511.2153.37435)

Catalyst Control Center Graphics Previews Vista (Version: 2010.0511.2153.37435)

Catalyst Control Center InstallProxy (Version: 2010.0511.2153.37435)

Catalyst Control Center Localization All (Version: 2010.0511.2153.37435)

ccc-core-static (Version: 2010.0511.2153.37435)

ccc-utility64 (Version: 2010.0511.2153.37435)

CCC Help Chinese Standard (Version: 2010.0511.2152.37435)

CCC Help Chinese Traditional (Version: 2010.0511.2152.37435)

CCC Help Czech (Version: 2010.0511.2152.37435)

CCC Help Danish (Version: 2010.0511.2152.37435)

CCC Help Dutch (Version: 2010.0511.2152.37435)

CCC Help English (Version: 2010.0511.2152.37435)

CCC Help Finnish (Version: 2010.0511.2152.37435)

CCC Help French (Version: 2010.0511.2152.37435)

CCC Help German (Version: 2010.0511.2152.37435)

CCC Help Greek (Version: 2010.0511.2152.37435)

CCC Help Hungarian (Version: 2010.0511.2152.37435)

CCC Help Italian (Version: 2010.0511.2152.37435)

CCC Help Japanese (Version: 2010.0511.2152.37435)

CCC Help Korean (Version: 2010.0511.2152.37435)

CCC Help Norwegian (Version: 2010.0511.2152.37435)

CCC Help Polish (Version: 2010.0511.2152.37435)

CCC Help Portuguese (Version: 2010.0511.2152.37435)

CCC Help Russian (Version: 2010.0511.2152.37435)

CCC Help Spanish (Version: 2010.0511.2152.37435)

CCC Help Swedish (Version: 2010.0511.2152.37435)

CCC Help Thai (Version: 2010.0511.2152.37435)

CCC Help Turkish (Version: 2010.0511.2152.37435)

CCleaner (Version: 3.25)

Copy (Version: 130.0.428.000)

DAEMON Tools Lite (Version: 4.45.1.0236)

Defraggler (remove only)

Destinations (Version: 130.0.0.0)

DeviceDiscovery (Version: 130.0.465.000)

DJ_AIO_ProductContext (Version: 130.0.365.000)

DJ_AIO_Software (Version: 130.0.365.000)

DJ_AIO_Software_min (Version: 130.0.365.000)

ESET Online Scanner v3

F4100 (Version: 130.0.365.000)

F4100_Help (Version: 90.0.222.000)

Facebook Video Calling 1.2.0.287 (Version: 1.2.287)

GEAR driver installer for AMD64 and Intel EM64T (Version: 2.003.1)

Google Chrome (Version: 23.0.1271.97)

Google Earth (Version: 6.1.0.5001)

Google Update Helper (Version: 1.3.21.123)

GPBaseService2 (Version: 130.0.371.000)

HP Customer Experience Enhancements (Version: 6.0.1.7)

HP Customer Participation Program 13.0 (Version: 13.0)

HP Deskjet 1050 J410 series Basic Device Software (Version: 22.50.231.0)

HP Deskjet 1050 J410 series Help (Version: 140.0.66.66)

HP Deskjet 1050 J410 series Product Improvement Study (Version: 22.50.231.0)

HP Deskjet All-In-One Driver Software 13.0 Rel. 1 (Version: 13.0)

HP Imaging Device Functions 13.0 (Version: 13.0)

HP MediaSmart SmartMenu (Version: 3.1.1.12)

HP MediaSmart/TouchSmart Netflix (Version: 1.0.3.0)

HP Odometer (Version: 2.10.0000)

HP Photosmart Essential 3.5 (Version: 3.5)

HP Product Detection (Version: 11.14.0001)

HP Setup (Version: 8.1.4186.3400)

HP Smart Web Printing 4.51 (Version: 4.51)

HP Solution Center 13.0 (Version: 13.0)

HP Support Information (Version: 10.1.0002)

HP Update (Version: 5.002.006.003)

HP Vision Hardware Diagnostics (Version: 2.1.2.27173)

HP Webcam User's Guide

HPPhotoGadget (Version: 130.0.282.000)

HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)

HPPhotosmartEssential (Version: 2.04.0000)

HPProductAssistant (Version: 130.0.371.000)

iTunes (Version: 11.0.1.12)

Java 7 Update 10 (64-bit) (Version: 7.0.100)

Java 7 Update 7 (Version: 7.0.70)

Java Auto Updater (Version: 2.1.9.0)

Java 6 Update 24 (Version: 6.0.240)

Java 6 Update 31 (Version: 6.0.310)

Junk Mail filter update (Version: 14.0.8089.726)

KODAK Share Button App (Version: 4.03.0000.0000)

Lernout & Hauspie TruVoice American English TTS Engine

LibUSB-Win32-0.1.10.1 (Version: 0.1.10.1)

MarketResearch (Version: 130.0.374.000)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Choice Guard (Version: 2.0.48.0)

Microsoft Office 2010 (Version: 14.0.4763.1000)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)

Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)

Microsoft PowerPoint Viewer (Version: 14.0.6029.1000)

Microsoft Silverlight (Version: 5.1.10411.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)

Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)

Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)

Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)

Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)

Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)

Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)

Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)

Microsoft_VC90_ATL_x86 (Version: 1.00.0000)

Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)

Microsoft_VC90_CRT_x86 (Version: 1.00.0000)

Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)

Microsoft_VC90_MFC_x86 (Version: 1.00.0000)

Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)

MixMeister BPM Analyzer 1.0

MixMeister Studio Demo 7.4.4

Mozilla Firefox 7.0.1 (x86 en-US) (Version: 7.0.1)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

MSXML4 Parser (Version: 1.0.0)

NVIDIA PhysX (Version: 9.11.1107)

PDF Complete Special Edition (Version: 3.5.111)

PDF Settings (Version: 1.0)

PeerBlock 1.1 (r518) (Version: 1.1.0.518)

PlayReady PC Runtime amd64 (Version: 1.3.0)

PressReader (Version: 5.10.621.0)

QuickTime (Version: 7.69.80.9)

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)

RealPlayer (Version: 15.0.4)

Realtek High Definition Audio Driver (Version: 6.0.1.6196)

RealUpgrade 1.1 (Version: 1.1.0)

Recovery Manager (Version: 5.5.2926)

Scan (Version: 13.0.0.0)

Skype Toolbars (Version: 5.0.4137)

Skype™ 6.0 (Version: 6.0.126)

SmartSound Common Data (Version: 1.1.0)

SmartSound Premiere Elements 10 x64 Plugin (Version: 5.70.0001)

SmartWebPrinting (Version: 130.0.457.000)

SolutionCenter (Version: 130.0.373.000)

Speakonia (Version: 1.0.3.5)

Spybot - Search & Destroy (Version: 1.6.2)

Status (Version: 130.0.469.000)

swMSM (Version: 12.0.0.1)

System Requirements Lab CYRI (Version: 4.5.1.0)

Toolbox (Version: 130.0.648.000)

TrayApp (Version: 130.0.422.000)

TypingMaster Pro (Version: 7.00)

UnloadSupport (Version: 11.0.0)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

VLC media player 1.0.1 (Version: 1.0.1)

WebReg (Version: 130.0.132.017)

Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (Version: 01/29/2010 1.4.1.0)

Windows Live Communications Platform (Version: 14.0.8064.206)

Windows Live Essentials (Version: 14.0.8089.0726)

Windows Live Essentials (Version: 14.0.8089.726)

Windows Live Mail (Version: 14.0.8089.0726)

Windows Live Messenger (Version: 14.0.8089.0726)

Windows Live Photo Gallery (Version: 14.0.8081.709)

Windows Live Sync (Version: 14.0.8089.726)

Windows Live Upload Tool (Version: 14.0.8014.1029)

Windows Live Writer (Version: 14.0.8089.0726)

Windows Media Player Firefox Plugin (Version: 1.0.0.8)

Windows Mobile Device Updater Component (Version: 04.07.1407.00)

Windows Movie Maker 2.6 (Version: 2.6.4037.0)

WinRAR archiver

WinSCP 4.3.7 (Version: 4.3.7)

YTD Video Downloader 3.9.4

Zune (Version: 04.07.1404.01)

Zune Language Pack (DEU) (Version: 04.07.1404.01)

Zune Language Pack (ESP) (Version: 04.07.1404.01)

Zune Language Pack (FRA) (Version: 04.07.1404.01)

Zune Language Pack (ITA) (Version: 04.07.1404.01)

Zune Language Pack (NLD) (Version: 04.07.1404.01)

Zune Language Pack (PTB) (Version: 04.07.1404.01)

Zune Language Pack (PTG) (Version: 04.07.1404.01)

========================= Devices: ================================

Name: Microsoft ISATAP Adapter

Description: Microsoft ISATAP Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Name: USB Mass Storage Device

Description: USB Mass Storage Device

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: Compatible USB storage device

Service: USBSTOR

Name: Link-Layer Topology Discovery Mapper I/O Driver

Description: Link-Layer Topology Discovery Mapper I/O Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: lltdio

Name: System board

Description: System board

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Name: TCP/IP Registry Compatibility

Description: TCP/IP Registry Compatibility

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: tcpipreg

Name: WAN Miniport (IPv6)

Description: WAN Miniport (IPv6)

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: NdisWan

Name: USB Root Hub

Description: USB Root Hub

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbhub

Name: PEAUTH

Description: PEAUTH

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: PEAUTH

Name: Microsoft Teredo Tunneling Adapter

Description: Microsoft Teredo Tunneling Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service:

Name: Motherboard resources

Description: Motherboard resources

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Name: ACPI x64-based PC

Description: ACPI x64-based PC

Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard computers)

Service: \Driver\ACPI_HAL

Name: Standard OpenHCD USB Host Controller

Description: Standard OpenHCD USB Host Controller

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbohci

Name: Common Log (CLFS)

Description: Common Log (CLFS)

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: CLFS

Name: PCI standard host CPU bridge

Description: PCI standard host CPU bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Name: NetIO Legacy TDI Support Driver

Description: NetIO Legacy TDI Support Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: tdx

Name: Motherboard resources

Description: Motherboard resources

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Name: WAN Miniport (PPPOE)

Description: WAN Miniport (PPPOE)

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: RasPppoe

Name: USB Root Hub

Description: USB Root Hub

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbhub

Name: HP Deskjet 1050 J410 series

Description: HP Deskjet 1050 J410 series

Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service:

Name: File as Volume Driver

Description: File as Volume Driver

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: blbdrive

Name: Motherboard resources

Description: Motherboard resources

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Name: CNG

Description: CNG

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: CNG

Name: Generic volume

Description: Generic volume

Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}

Manufacturer: Microsoft

Service: volsnap

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service:

Name: USB Root Hub

Description: USB Root Hub

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbhub

Name: WAN Miniport (PPTP)

Description: WAN Miniport (PPTP)

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: PptpMiniport

Name: QoS Packet Scheduler

Description: QoS Packet Scheduler

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: Psched

Name: Motherboard resources

Description: Motherboard resources

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Name: Composite Bus Enumerator

Description: Composite Bus Enumerator

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: CompositeBus

Name: Mount Point Manager

Description: Mount Point Manager

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: mountmgr

Name: Motherboard resources

Description: Motherboard resources

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Name: USB Root Hub

Description: USB Root Hub

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbhub

Name: WAN Miniport (SSTP)

Description: WAN Miniport (SSTP)

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: RasSstp

Name: Standard OpenHCD USB Host Controller

Description: Standard OpenHCD USB Host Controller

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbohci

Name: PCI standard host CPU bridge

Description: PCI standard host CPU bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Name: System Attribute Cache

Description: System Attribute Cache

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: discache

Name: Generic volume

Description: Generic volume

Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}

Manufacturer: Microsoft

Service: volsnap

Name: Windows Firewall Authorization Driver

Description: Windows Firewall Authorization Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: mpsdrv

Name: Numeric data processor

Description: Numeric data processor

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Name: VgaSave

Description: VgaSave

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: VgaSave

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service:

Name: Generic- Multi-Card USB Device

Description: Disk drive

Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard disk drives)

Service: disk

Name: RDPCDD

Description: RDPCDD

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: RDPCDD

Name: AMD Athlon II X2 250 Processor

Description: AMD Processor

Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}

Manufacturer: Advanced Micro Devices

Service: AmdPPM

Name: HID Keyboard Device

Description: HID Keyboard Device

Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard keyboards)

Service: kbdhid

Name: Terminal Server Keyboard Driver

Description: Terminal Server Keyboard Driver

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: TermDD

Name: USB Root Hub

Description: USB Root Hub

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbhub

Name: LDDM Graphics Subsystem

Description: LDDM Graphics Subsystem

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: DXGKrnl

Name: ACPI Power Button

Description: ACPI Power Button

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Name: G:\

Description: Multi-Card

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: Generic-

Service: WUDFRd

Name: Dynamic Volume Manager

Description: Dynamic Volume Manager

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: volmgrx

Name: Terminal Server Mouse Driver

Description: Terminal Server Mouse Driver

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: TermDD

Name: RDP Encoder Mirror Driver

Description: RDP Encoder Mirror Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: RDPENCDD

Name: USB Input Device

Description: USB Input Device

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: (Standard system devices)

Service: HidUsb

Name: Microsoft Windows Management Interface for ACPI

Description: Microsoft Windows Management Interface for ACPI

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: WmiAcpi

Name: High Definition Audio Controller

Description: High Definition Audio Controller

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: HDAudBus

Name: Standard OpenHCD USB Host Controller

Description: Standard OpenHCD USB Host Controller

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbohci

Name: PCI standard host CPU bridge

Description: PCI standard host CPU bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Name: Plug and Play Software Device Enumerator

Description: Plug and Play Software Device Enumerator

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: swenum

Name: Storage volumes

Description: Storage volumes

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: volsnap

Name: HID-compliant device

Description: HID-compliant device

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: (Standard system devices)

Service:

Name: Microsoft ACPI-Compliant System

Description: Microsoft ACPI-Compliant System

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: ACPI

Name: Reflector Display Driver used to gain access to graphics data

Description: Reflector Display Driver used to gain access to graphics data

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: RDPREFMP

Name: DAEMON Tools Virtual Bus

Description: DAEMON Tools Virtual Bus

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: DT Soft Ltd

Service: dtsoftbus01

Name: Ancillary Function Driver for Winsock

Description: Ancillary Function Driver for Winsock

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: AFD

Name: Remote Access IPv6 ARP Driver

Description: Remote Access IPv6 ARP Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: Wanarpv6

Name: Generic PnP Monitor

Description: Generic PnP Monitor

Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard monitor types)

Service: monitor

Name: USB Composite Device

Description: USB Composite Device

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbccgp

Name: Link-Layer Topology Discovery Responder

Description: Link-Layer Topology Discovery Responder

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: rspndr

Name: UMBus Root Bus Enumerator

Description: UMBus Root Bus Enumerator

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: umbus

Name: AMD Athlon II X2 250 Processor

Description: AMD Processor

Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}

Manufacturer: Advanced Micro Devices

Service: AmdPPM

Name: Generic volume

Description: Generic volume

Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}

Manufacturer: Microsoft

Service: volsnap

Name: amdkmdag

Description: amdkmdag

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: amdkmdag

Name: Microsoft Virtual Drive Enumerator Driver

Description: Microsoft Virtual Drive Enumerator Driver

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: vdrvroot

Name: Kernel Mode Driver Frameworks service

Description: Kernel Mode Driver Frameworks service

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: Wdf01000

Name: ATI I/O Communications Processor PCI Bus Controller

Description: ATI I/O Communications Processor PCI Bus Controller

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: ATI

Service: pci

Name: HID-compliant consumer control device

Description: HID-compliant consumer control device

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: Microsoft

Service:

Name: Standard OpenHCD USB Host Controller

Description: Standard OpenHCD USB Host Controller

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbohci

Name: PCI standard host CPU bridge

Description: PCI standard host CPU bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Name: Sftfs

Description: Sftfs

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: Sftfs

Name: HP Deskjet 1050 J410 series (USB)

Description: HP Deskjet 1050 J410 series (USB)

Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Manufacturer: Hewlett-Packard

Service: usbscan

Name: amdsata

Description: amdsata

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: amdsata

Name: msisadrv

Description: msisadrv

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: msisadrv

Name: Volume Manager

Description: Volume Manager

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: volmgr

Name: WFP Lightweight Filter

Description: WFP Lightweight Filter

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: WfpLwf

Name: Sftplay

Description: Sftplay

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: Sftplay

Name: hp DVD A DH16ABLH SATA CdRom Device

Description: CD-ROM Drive

Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard CD-ROM drives)

Service: cdrom

Name: SanDisk Gigaware USB Device

Description: Disk drive

Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard disk drives)

Service: disk

Name: AMD PCI Express (3GIO) Filter

Description: AMD PCI Express (3GIO) Filter

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: AtiPcie

Name: Winsock IFS Driver

Description: Winsock IFS Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: ws2ifsl

Name: USB Printing Support

Description: USB Printing Support

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: Microsoft

Service: usbprint

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service:

Name: ATI I/O Communications Processor SMBus Controller

Description: ATI I/O Communications Processor SMBus Controller

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: ATI

Service:

Name: PCI standard ISA bridge

Description: PCI standard ISA bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: msisadrv

Name: PCI standard PCI-to-PCI bridge

Description: PCI standard PCI-to-PCI bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: pci

Name: NDIS System Driver

Description: NDIS System Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: NDIS

Name: ACPI Fixed Feature Button

Description: ACPI Fixed Feature Button

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Name: User Mode Driver Frameworks Platform Driver

Description: User Mode Driver Frameworks Platform Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: WudfPf

Name: Sftvol

Description: Sftvol

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: Sftvol

Name: NDProxy

Description: NDProxy

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: NDProxy

Name: USB Mass Storage Device

Description: USB Mass Storage Device

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: Compatible USB storage device

Service: USBSTOR

Name: Generic volume shadow copy

Description: Generic volume shadow copy

Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}

Manufacturer: Microsoft

Service:

Name: Programmable interrupt controller

Description: Programmable interrupt controller

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Name: Hitachi HDS721064CLA332 SATA Disk Device

Description: Disk drive

Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard disk drives)

Service: disk

Name: X6va003

Description: X6va003

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: X6va003

Name: Security Processor Loader Driver

Description: Security Processor Loader Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: spldr

Name: AMD SATA Controller

Description: AMD SATA Controller

Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}

Manufacturer: AMD

Service: amdsata

Name: ATI Radeon 3000 Graphics

Description: ATI Radeon 3000 Graphics

Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}

Manufacturer: ATI Technologies Inc.

Service: amdkmdap

Name: System timer

Description: System timer

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Name: PCI standard PCI-to-PCI bridge

Description: PCI standard PCI-to-PCI bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: pci

Name: X6va008

Description: X6va008

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: X6va008

Name: USB Composite Device

Description: USB Composite Device

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbccgp

Name: Generic volume

Description: Generic volume

Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}

Manufacturer: Microsoft

Service: volsnap

Name: NETBT

Description: NETBT

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: NetBT

Name: Bitlocker Drive Encryption Filter Driver

Description: Bitlocker Drive Encryption Filter Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: fvevol

Name: High precision event timer

Description: High precision event timer

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Name: F:\

Description: Gigaware

Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Manufacturer: SanDisk

Service: WUDFRd

Name: Microsoft System Management BIOS Driver

Description: Microsoft System Management BIOS Driver

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service: mssmbios

Name: HTTP

Description: HTTP

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: HTTP

Name: USB Input Device

Description: USB Input Device

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: (Standard system devices)

Service: HidUsb

Name: WAN Miniport (IKEv2)

Description: WAN Miniport (IKEv2)

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: RasAgileVpn

Name: Direct memory access controller

Description: Direct memory access controller

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Name: UMBus Enumerator

Description: UMBus Enumerator

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: umbus

Name: Standard Enhanced PCI to USB Host Controller

Description: Standard Enhanced PCI to USB Host Controller

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbehci

Name: PCI standard host CPU bridge

Description: PCI standard host CPU bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Name: Realtek PCIe FE Family Controller

Description: Realtek PCIe FE Family Controller

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Realtek

Service: RTL8167

Name: NSI proxy service driver.

Description: NSI proxy service driver.

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: nsiproxy

Name: Hardware Policy Driver

Description: Hardware Policy Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: hwpolicy

Name: HID-compliant mouse

Description: HID-compliant mouse

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: mouhid

Name: System speaker

Description: System speaker

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Name: WAN Miniport (L2TP)

Description: WAN Miniport (L2TP)

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: Rasl2tp

Name: DTSOFT Virtual CdRom Device

Description: CD-ROM Drive

Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard CD-ROM drives)

Service: cdrom

Name: KSecDD

Description: KSecDD

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: KSecDD

Name: USB Input Device

Description: USB Input Device

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: (Standard system devices)

Service: HidUsb

Name: UMBus Enumerator

Description: UMBus Enumerator

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: umbus

Name: AMD PCI Express (3GIO) Filter Driver

Description: AMD PCI Express (3GIO) Filter Driver

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Advanced Micro Devices Inc

Service: pci

Name: WAN Miniport (Network Monitor)

Description: WAN Miniport (Network Monitor)

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: NdisWan

Name: Beep

Description: Beep

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: Beep

Name: Null

Description: Null

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: Null

Name: KSecPkg

Description: KSecPkg

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: KSecPkg

Name: Standard Enhanced PCI to USB Host Controller

Description: Standard Enhanced PCI to USB Host Controller

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbehci

Name: PCI standard host CPU bridge

Description: PCI standard host CPU bridge

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Name: Microsoft 6to4 Adapter

Description: Microsoft 6to4 Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Name: System CMOS/real time clock

Description: System CMOS/real time clock

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: (Standard system devices)

Service:

Name: TCP/IP Protocol Driver

Description: TCP/IP Protocol Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: Tcpip

Name: Realtek High Definition Audio

Description: Realtek High Definition Audio

Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}

Manufacturer: Realtek

Service: IntcAzAudAddService

Name: USB Root Hub

Description: USB Root Hub

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standard USB Host Controller)

Service: usbhub

Name: WAN Miniport (IP)

Description: WAN Miniport (IP)

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: NdisWan

Name: Generic volume

Description: Generic volume

Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}

Manufacturer: Microsoft

Service: volsnap

Name: Performance Counters for Windows Driver

Description: Performance Counters for Windows Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: pcw

========================= Memory info: ===================================

Percentage of memory in use: 41%

Total physical RAM: 2815.29 MB

Available physical RAM: 1659.9 MB

Total Pagefile: 5628.76 MB

Available Pagefile: 3901.43 MB

Total Virtual: 4095.88 MB

Available Virtual: 3957.73 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:584.01 GB) (Free:478.73 GB) NTFS

2 Drive d: (HP_RECOVERY) (Fixed) (Total:12.06 GB) (Free:1.44 GB) NTFS

4 Drive f: () (Removable) (Total:7.47 GB) (Free:1.02 GB) FAT32

========================= Users: ========================================

User accounts for \\COMPUTER-HP

Administrator computer Guest

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

---------------------------------Farbar Service Scanner-------------------------------

Farbar Service Scanner Version: 05-01-2013

Ran by computer (administrator) on 13-01-2013 at 18:44:06

Running from "C:\Users\computer\Downloads\steps 3"

Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is offline

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is set to Disabled. The default start type is Auto.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

[Maniac]

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, then click Remove JRE.
  
• Run the built-in uninstallers for all copies of java listed
  
• Click the Next button
  
• Click the Next button again
  
• Click the Java Manual Download link
  
• A browser window will open with the Java download page
  
• Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
  
• Run the installer
  
• Close JavaRa

[seisler20148]

that is done.